MOD: updated docs

MOD: documentation updates
MOD: docs update
2018-10-04 12:20:45 -07:00 · 2018-09-17 21:40:34 -07:00 · 2018-09-17 10:38:56 -07:00 · 2018-09-14 09:29:17 -07:00 · 2018-09-10 20:13:47 -07:00 · 2018-09-10 19:09:48 -07:00
342 changed files with 6958 additions and 9065 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,12 +1,9 @@
-#
-pki-lifecycle_*
-
 # Project specific files
 sftp-config.json
 .DS_Store
 **/var/
 **/cert_gen/acme.xyz_fl/
-
+pki-lifecycle_*

 # Byte-compiled / optimized / DLL files
 __pycache__/
--- a/10
+++ b/10
@ -31,13 +31,17 @@ There are two main applications contained in this project.
  VERSIONS
 ---------------------

-Ver 3.2 - MOB Hub PKI Lifecycle
+ver 3.3 - MOB Hub CA-I Package
+  * updated applications to be more modular
+  * each CA-I package has 
+  
+ver 3.2 - MOB Hub PKI Lifecycle
  * PKI Lifecycle
    - generate certificates during the CA's lifecycle
-Ver 3.1 - MOB Hub PKI Bootstrap
+ver 3.1 - MOB Hub PKI Bootstrap
  * PKI Bootstrap
    - generate an entire chain-of-trust
-Ver 3.0 - CA Intermediate Support
+ver 3.0 - CA Intermediate Support
  * requires openssl  (does not require ipsec)
  * CA Intermediate support
    -root CA can be generated with 5-10yr expiration, put into cold-storage
--- a/docs/ccc_ss
+++ b/docs/ccc_ss
@ -0,0 +1,52 @@
+[[[ StrongSwan Code Command & Control ]]]
+
+
+
+[[ Networking ]]
+# VPN UDP service (StrongSwan ipsec)
+$ nc -zuv  192.168.123.129 500
+$ nc -zuv  192.168.123.129 4500
+
+# view all network services
+$ netstat -pntul
+
+
+# openconnect VPN client (only works for https, cisco style VPN (not IKEv2) )
+$ openconnect -v -c clients/porkypig\@acme.xyz_2018-04-23.21_48_11/porkypig\@acme.xyz.p12  192.168.123.129:500
+
+
+[[ Service ]]
+
+$ sudo ipsec statusall | start | stop
+
+
+[[ Android ]]
+
+# install certificates
+Settings -> Security -> Credential Storage -> Install from SD
+  "ca.crt.pem", "client_s.p12"
+
+# alias the multi-connections
+alias adb1='adb -s 192.168.123.131'
+alias adb2='adb -s 192.168.123.132'
+
+# connect to android IP
+$ adb connect 192.168.123.131
+$ adb connect 192.168.123.132
+
+# execute commands to the connected android
+$ adb -s 192.168.123.132 push client_s.p12  /data/media/0/Download/
+$ adb -s 192.168.123.131 shell
+
+# restarting adb as root
+$ adb -s 192.168.123.132 root
+$ adb -s 192.168.123.132 shell
+
+# push the .p12 file to the Downloads folder of the user storage
+$ adb push client_s.p12  /data/media/0/Download/
+$ adb push ca_i.crt.pem  /data/media/0/Download/
+
+# using the alias, push the apk, then install
+$ adb2 push strongSwan-1.9.6.apk  /data/local/tmp/ss.apk
+$ adb2 shell pm install "/data/local/tmp/ss.apk"
+
--- a/docs/elphdt
+++ b/docs/elphdt
@ -0,0 +1,23 @@
+
+
+
+[[ modify elphdt ]]
+
+From what I am seeing it appears as though the directory “/certs” is mounted from the NAS. I will need to add the new certificates to the NAS and they will be accessed from the “/certs” directory.
+
+I will generate a new certificate chain with the PKI Bootstrap applicaiton. I will copy the new “CA Intermediate package” to this location:
+/certs/cai/09-2018/
+It will contain the CA Intermediates and the server certificates.
+
+
+Looking at elphdt, there is a file .gitlab-ci.yml: this file contains the “CI/CD configuration”. In the file the there are two global variables that are significant:
+
+GITLAB_CI_CERTIFICATE_DIRECTORY_CA_PREFIX: ‘/certs/acme.xyz/CA/ACME_06-2018_ca'
+GITLAB_CI_CERTIFICATE_DIRECTORY_SERVER: ‘/certs/acme.xyz/servers/192.168.2.1_2018-06-13.10_11_38'
+
+I will modify these variables to point to the new locations (this can be done for each build type):
+GITLAB_CI_CERTIFICATE_DIRECTORY_CA_PREFIX: ‘/certs/acme.xyz/CA/ACME_06-2018_ca'
+GITLAB_CI_CERTIFICATE_DIRECTORY_SERVER: ‘/certs/acme.xyz/servers/192.168.2.1_2018-06-13.10_11_38'
+
+This solution will work fine for now. And in the future we can worry about generating a new server certificate for each MOB Hub.
+
--- a/docs/ipsec_conf
+++ b/docs/ipsec_conf
@ -0,0 +1,63 @@
+# ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+  # uniqueids=never
+  charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2,  mgr 2"
+
+ca acme
+  cacert=ca.crt.pem
+  auto=add
+
+# this is the default rekey time
+# rekeytime = lifetime - (margintime + random(0, margintime * rekeyfuzz))  authby=pubkey
+# https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey#ipseconf-Formula
+conn %default
+  # crypto settings
+  keyexchange=ikev2
+  authby=pubkey
+  ike=aes128-sha256-modp2048,aes256-sha256-modp4096,aes256-sha256-modp2048!
+  esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes128-sha256-modp1024,aes256-sha256-modp1536!
+  # tunnel processing info
+  type=tunnel
+  fragmentation=yes
+  forceencaps=yes     # force to encrypt UDP also
+  dpdaction=clear     # dead-peer detection to clear any "dangling" connections
+  dpddelay=300s
+  rekey=no            #TODO check this out
+  # ikelifetime=60m
+  # keylife=20m
+  # rekeymargin=3m
+  # keyingtries=1
+  # 
+  # tunneling config
+  # If left|rightcert is configured the identity has to be confirmed by the
+  #  certificate, that is, it has to match the full subject DN or one of the 
+  #  subjectAltName extensions contained in the certificate
+  left=192.168.123.129   # attempting to bind to this specific IP
+  leftid=@s.acme.xyz     # the client needs to be configured for the "server id" of this string
+  leftsubnet=0.0.0.0/0   # required or the right IP's aren't routing to each other...
+
+
+# standard user connection
+conn mob-standard
+  # tunneling config
+  leftcert=server_s.acme.xyz_s.crt.pem
+  right=%any
+  rightca="C=OO, O=ACME, OU=ACME Standard, CN=s.i.acme.xyz"
+  # virstual IP address pool
+  rightsourceip=10.10.10.0/24
+  rightdns=192.168.123.129
+  auto=add
+
+
+# maintenance role connection that will have elevated priveledges
+# this configuration can be used with a "maintenance tablet" to update a MOB Hub
+conn mob-maintenance
+  # tunneling config
+  leftcert=server_s.acme.xyz_m.crt.pem
+  right=%any
+  rightca="C=OO, O=ACME, OU=ACME Maintenance, CN=m.i.acme.xyz"
+  # virstual IP address pool
+  rightsourceip=10.10.11.0/24
+  rightdns=192.168.123.129
+  auto=add
--- a/docs/pki_agile
+++ b/docs/pki_agile
@ -3,40 +3,84 @@

 [[ WORKING ]]

-* PKI Bootstrap:  cp lifecycle functions
+* .p12 file using on strongswan  (works, kind of)

+* PKI Bootstrap slide deck
+  -request a meeting to go over the PKI and show the slide deck
+  
+* research gitlab CI
+  -install gitlab in docker
+  -configure CI
+    -try to have it run pki bootstrap??



 [[ BACKLOG ]]

 [ current ]
-* auto-increment SERIAL
-* create certificate installation guide
+* create a ("CA-I package") zip file for distribution  (folder: ca_i_4321.skunkworks.acme.xyz.zip)
+* add CA password??
+* create Andriod certificate installation guide
  -copy file to sd, select .p12 file, password="password"
+* remove client .p12 password  (have no password)
+
+[ misc ]
 * can I install certificates from an android application??
  -can I used knox to install certificates??
 * create GUI for cert gen process  (electron+crypto-interface)
 * add tool for .p12 file extractor for MH provisioning
+* add havegd (make sure there is adequite entropy)


-[ ver 1.4 ]
-* create new "certificate bootstrap" with .cfg parameters for CA ".mil" strings
-* create new CA generation script that also reads .cfg
+[ ver 3.5  :  xdev bootstrap chain-of-trust ]
+* select bootstrap generation computer (beaglebone, raspi)
+  -create PKI Lifecycle package for "navy.mil"
+  -sneakernet two CA-I
+* create a "navy-prod" branch
+  -change strings from "acme.xyz" to ".mil"
+  -make any other sensitive specific changes
+  * create a "navy-dev" branch
+  * create a "navy-int" branch (integration branch, similar to a beta branch)
+* integrate into the build
+  -modify CI global variables (for each build)
+  -certs are generated BEFORE pulled into image (not part of build process)
+  -modify cert gen on NAS (looks for files in mount dir)
+
+
+[ ver 3.6 ]
+
+
+
+
+[[ COMPLETED ]]
+
+[ ver 3.4 ]
+* testing multiple CA-I compatibility
+  -"103.cai.skunkworks.acme.xyz"  -worked
+  -"104.cai.skunkworks.acme.xyz"  -worked
+  * test "104.cai.skunkworks.acme.xyz"
+    -load client certificate onto different tablet  -worked
+
+
+[ ver 3.3 ]
+* SERIOUS refactoring to focus on local execution with default configs and SERIAL # incrementation
+* configuration defaults generated so that the CA-I package is all automated
+* gen_client.sh modified run with config defaults
+* gen_server.sh modified to run with config defaults
+* gen_client.sh will generate # of certs
+* gen_server.sh will generate # of certs
+* auto-increment SERIAL
+* CA FQDN saved to config file
+* CA-I FQDN saved to config file
+* added certificate generation count to PKI Bootstrap application
+* added certificate generation count to cai_gen application
+
+
+[ ver 3.2 ]
 * create new CA-I generation script that uses a CA
  -also packages .p12 for distrobution  (use random high quality password)
-
-
-[ bootstrap cert chain-of-trust ]
-* select bootstrap generation cpu (beaglebone, raspi)
-* change strings from "acme.xyz" to ".mil"
-* generate bootstrap
-  -sneakernet two CA-I
-
-
-[ ver 1.5 ]
-
-
+* added resources directory
+* added files to be copied during CA-I package creation



@ -53,7 +97,6 @@ PKI Lifecycle Package



-[[ COMPLETED ]]



--- a/docs/ss_cfg
+++ b/docs/ss_cfg
@ -0,0 +1,28 @@
+j3g@ubuntu-16:~$ sudo ipsec statusall
+[sudo] password for j3g: 
+Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-116-generic, x86_64):
+  uptime: 9 hours, since Sep 11 14:12:51 2018
+  malloc: sbrk 1486848, mmap 0, used 370000, free 1116848
+  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
+  loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
+Virtual IP pools (size/online/offline):
+  10.10.10.0/30: 2/0/0
+  10.10.11.0/30: 2/0/0
+Listening IP addresses:
+  192.168.123.129
+Connections:
+    standard:  192.168.123.129...%any  IKEv2, dpddelay=300s
+    standard:   local:  [s.acme.xyz] uses public key authentication
+    standard:    cert:  "C=OO, O=ACME, OU=ACME Standard, CN=s.acme.xyz"
+    standard:   remote: uses public key authentication
+    standard:    ca:    "C=OO, O=ACME, OU=ACME Standard, CN=s.i.acme.xyz"
+    standard:   child:  0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
+ maintenance:  192.168.123.129...%any  IKEv2, dpddelay=300s
+ maintenance:   local:  [s.acme.xyz] uses public key authentication
+ maintenance:    cert:  "C=OO, O=ACME, OU=ACME Maintenance, CN=s.acme.xyz"
+ maintenance:   remote: uses public key authentication
+ maintenance:    ca:    "C=OO, O=ACME, OU=ACME Maintenance, CN=m.i.acme.xyz"
+ maintenance:   child:  0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
+Security Associations (0 up, 0 connecting):
+  none
+
--- a/src/pki_bootstrap/README
+++ b/src/pki_bootstrap/README
@ -1,24 +1,180 @@
-      ===============================================
-        Certificate Authority (CA) Generation
-        CA Intermediate Generation and Distribution
-          Version 3.x
-      ===============================================
+
+        ===============================================
+          Certificate Authority (CA) Generation
+          CA Intermediate Generation and Distribution
+            Version 3.x
+        ===============================================


 -------------
  INTRO
 -------------
+The PKI Bootstrap application will generate a new "PKI Lifecycle" package. The PKI Lifecycle 
+package holds a new Certificate Authority (CA) and a complete certificate chain-of-trust. The
+PKI Lifecycle package has a life of 5-10 years. Each package has embedded programs to generate new
+certificate authority intermediate (CA I), client, and server certificates.



 -------------
  USAGE
 -------------
+This application will generate all the files necessary to build a certificate chain of trust
+using a CA, CA Intermediate, Server, and Client certificates. All the files are put into a
+PKI Lifecycle package
+  -put the .cnf config files into the ./cnf directory
+
+Usage: pki_bootstrap  <.cnf file (minus the .cnf)>
+
+Example: pki_bootstrap  org.acme.xyz
+
+
+[ .cnf files ]
+.cnf file is required for the domain name. The .cnf file is found in the  ./res/cnf  directory
+
+└── res
+    ├── cnf
+    │   ├── 192.168.1.3.cnf
+    │   ├── ca.cnf
+    │   ├── skunkworks.acme.xyz.cnf
+    │   └── vpn.backchannel.es.cnf



-------------
-  FEATURES
-------------
+-----------------------
+  APPLICATION DESIGN
+-----------------------
+The ./res directory contains all the resources for the application. The resources include: 
+readme files, configuration files, and application files.
+
+The PKI Bootstrap application directory structure is the following:
+├── README
+├── pki_bootstrap.sh
+
+└── res
+    ├── cfg
+    │   └── SERIAL
+    ├── cnf
+    │   ├── 192.168.1.3.cnf
+    │   ├── ca.cnf
+    │   ├── skunkworks.acme.xyz.cnf
+    │   └── vpn.backchannel.es.cnf
+    ├── docs
+    │   ├── README_C
+    │   ├── README_CAI
+    │   ├── README_LC
+    │   ├── README_S
+    │   ├── SERIAL
+    │   └── SERIAL_LC
+    └── libs
+        ├── gen_ca-i.sh
+        ├── gen_client.sh
+        ├── gen_server.sh
+        └── pki_funcs.sh
+
+
+
+-------------------------
+  PKI Lifecycle Package
+-------------------------
+The PKI Lifecycle packagee is a complete certificate chain of trust with a root self-signed 
+certificate. The package contains all the configuration and data inforomation to generate
+Certificate Authority Intermediate packages.
+
+The PKI Lifecycle packge is NOT to be removed from the generation system. It should be 
+protected as it contains the root CA. The package contains the root CA, configuration files, 
+and the a copy of the resources directory. 
+
+
+The PKI Lifecycle package structure is the following:
+├── README
+├── ca
+│   ├── 101.ca.skunkworks.acme.xyz.crt.pem
+│   ├── 101.ca.skunkworks.acme.xyz.keys.pem
+│   └── 101.ca.skunkworks.acme.xyz_cert.info.txt
+├── cfg
+│   ├── SERIAL
+│   ├── UNIQ_ID_CA
+│   ├── UNIQ_ID_CA-I
+│   ├── ca.cnf
+│   ├── ca.crt.pem
+│   ├── ca.keys.pem
+│   ├── pki_funcs.sh
+│   └── skunkworks.acme.xyz.cnf
+├── distribution
+│   └── 101.cai.skunkworks.acme.xyz
+├── gen_ca-i.sh
+└── res
+    ├── cfg
+    ├── cnf
+    ├── docs
+    └── libs
+
+
+
+----------------
+  CA-I Package
+----------------
+The CA-I package contains a complete certifate chain of trust using a certificate authority 
+intermediate. The CA intermediate has permission to sign certificates. Included in the packages 
+is a client and server certificate generation applications that run on Bash linux. The CA intermediate 
+can be used with 3rd party applications to generate certificates.
+
+The CA-I package structure is the following:
+├── distribution
+│   └── 101.cai.skunkworks.acme.xyz
+│       ├── README
+│       ├── ca-i
+│       │   ├── data
+│       │   │   ├── 101.ca.skunkworks.acme.xyz.crt.pem
+│       │   │   ├── 101.cai.skunkworks.acme.xyz.crt.pem
+│       │   │   ├── 101.cai.skunkworks.acme.xyz.csr.pem
+│       │   │   └── 101.cai.skunkworks.acme.xyz.keys.pem
+│       │   ├── distro
+│       │   │   ├── 101.cai.skunkworks.acme.xyz.p12
+│       │   │   └── ca_cert-chain_101.cai.skunkworks.acme.xyz.crts.pem
+│       │   └── docs
+│       │       ├── 101.ca.skunkworks.acme.xyz_cert.info.txt
+│       │       └── 101.cai.skunkworks.acme.xyz.crt.info.txt
+│       ├── clients
+│       │   ├── README
+│       │   ├── cfg
+│       │   │   ├── SERIAL
+│       │   │   ├── UNIQ_ID_CA
+│       │   │   ├── UNIQ_ID_CA-I
+│       │   │   ├── ca-i.crt.pem
+│       │   │   ├── ca-i.keys.pem
+│       │   │   ├── ca_cert-chain.crts.pem
+│       │   │   ├── cert.cnf
+│       │   │   └── pki_funcs.sh
+│       │   ├── data
+│       │   │   ├── 1001.client.101.cai.skunkworks.acme.xyz.crt.pem
+│       │   │   ├── 1001.client.101.cai.skunkworks.acme.xyz.csr.pem
+│       │   │   ├── 1001.client.101.cai.skunkworks.acme.xyz.keys.pem
+│       │   ├── distro
+│       │   │   ├── 1001.client.101.cai.skunkworks.acme.xyz.p12
+│       │   ├── docs
+│       │   │   ├── 1001.client.101.cai.skunkworks.acme.xyz.info.txt
+│       │   └── gen_client.sh
+│       └── servers
+│           ├── README
+│           ├── cfg
+│           │   ├── SERIAL
+│           │   ├── UNIQ_ID_CA
+│           │   ├── UNIQ_ID_CA-I
+│           │   ├── ca-i.crt.pem
+│           │   ├── ca-i.keys.pem
+│           │   ├── ca_cert-chain.crts.pem
+│           │   ├── cert.cnf
+│           │   └── pki_funcs.sh
+│           ├── data
+│           │   ├── 5001.server.101.cai.skunkworks.acme.xyz.crt.pem
+│           │   ├── 5001.server.101.cai.skunkworks.acme.xyz.csr.pem
+│           │   ├── 5001.server.101.cai.skunkworks.acme.xyz.keys.pem
+│           ├── distro
+│           │   ├── 5001.server.101.cai.skunkworks.acme.xyz.p12
+│           ├── docs
+│           │   ├── 5001.server.101.cai.skunkworks.acme.xyz.crt.info.txt
+│           └── gen_server.sh


--- a/src/pki_bootstrap/pki_bootstrap.sh
+++ b/src/pki_bootstrap/pki_bootstrap.sh
@ -11,17 +11,20 @@
 . res/libs/pki_funcs.sh

 PARAM1=$1
+PARAM2=$2

 usage() {
  echo
  echo "This application will generate all the files necessary to build a certificate chain of trust"
-  echo "using a CA, CA Intermediate, Server, and Client certificates. All the files are put into"
-  echo "pki lifecyle package"
-  echo "  -put the .cnf config files into the ./cnf directory"
+  echo "using a CA, CA Intermediate, Server, and Client certificates. All the files are put into a"
+  echo "PKI Lifecycle package. A .cnf file is required for the domain. The domain url should match"
+  echo "the .cnf file name. Put the .cnf config file into the .res/cnf/ directory"
  echo 
-  echo "Usage: pki_bootstrap  <.cnf file (minus the .cnf)>"
+  echo "Usage: pki_bootstrap  <.cnf file (minus the .cnf)>  [# of CA-I to generate]"
  echo
  echo "Example: pki_bootstrap  org.acme.xyz"
+  echo "         pki_bootstrap  org.acme.xyz  5"
+  echo
  exit 1
 }

@ -29,18 +32,18 @@ usage() {
 # Grab the latest serial # from the file, auto-increment
 # 
 get_serial_ca() {
-  SERIAL=`head "res/cfg/SERIAL"`
+  SERIAL=`head res/cfg/SERIAL`
  if [[ -z $SERIAL ]]; then
    SERIAL=11111
    echo_block "WARN: no file 'SERIAL' found, using default 11111 as the serial # for CA"
+  else
+    PLUS1=$((SERIAL+1))
+    echo $PLUS1 > res/cfg/SERIAL
  fi
 }

 #
 # CA generation requires .cnf files
-# create CA directory
-# create bash variables to CA
-# restore script back to original path
 #
 app_init() {
  if [[ -n $PARAM1 ]]; then
@ -51,11 +54,9 @@ app_init() {
    if [[ ${PARAM1: -4} == .cnf ]]; then
      ORG_URL=${PARAM1%.*}
      S_CNF=${PARAM1}
-      echo "ASDF: ${ORG_URL},  ${S_CNF}"
    else
      ORG_URL=$PARAM1
      S_CNF="${PARAM1}.cnf"
-      echo "ZXCV: ${ORG_URL},  ${S_CNF}"
    fi

    FQ_S_CNF="${CD_ROOT}/res/cnf/${S_CNF}"
@ -73,64 +74,95 @@ app_init() {
 # 
 # IN: UNIQ_ID_CA, SERIAL
 #
-gen_lifecycle() {
+mk_lifecycle_pkg() {
  get_serial_ca
-  echo_block "SERIAL == ${SERIAL}"
+
  # Organize
  # 
  # create a unique path for the server certificate
  UNIQ_DIR_LC=`date +%Y-%m-%d.%H_%M_%S`
  UNIQ_DIR_LC="pki-lifecycle_${UNIQ_DIR_LC}"
-  mkdir -p "${UNIQ_DIR_LC}"
-  cd "${UNIQ_DIR_LC}"
  FQ_DIR_LC=`pwd`
+  FQ_DIR_LC="${FQ_DIR_LC}/${UNIQ_DIR_LC}"

  # create CA unique dir
-  UNIQ_ID_CA="${SERIAL}.${ORG_URL}"
-  CA_DIR="ca_${UNIQ_ID_CA}"
-  mkdir $CA_DIR
-  cd $CA_DIR
-  FQ_CA_DIR=`pwd`
-  FQ_CA_CERT="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.crt.pem"
-  FQ_CA_KEYS="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.keys.pem"
+  UNIQ_ID_CA="${SERIAL}.ca.${ORG_URL}"
+  mkdir -p "${UNIQ_DIR_LC}/ca"
+  cd "${UNIQ_DIR_LC}"

-  # initialize the functions lib
-  pki_func_init $FQ_CA_CERT $FQ_CA_KEYS "${CD_ROOT}/res/cnf"
  # generate a new CA
  gen_ca $UNIQ_ID_CA $SERIAL

  # go back to original dir
  cd ..
-  cd ..
 }

 #
 #
 #
 cp_lifecycle_docs() {
+  # resource files to be copied to the PKI Lifecycle Package
  RES="${CD_ROOT}/res"
-
  mkdir -p "${UNIQ_DIR_LC}/cfg"
-  cp -r $CD_ROOT/res        $CD_ROOT/$UNIQ_DIR_LC/
-  cp $RES/libs/gen_ca-i.sh  $CD_ROOT/$UNIQ_DIR_LC/
-  cp $RES/docs/README_LC    $CD_ROOT/$UNIQ_DIR_LC/README
-  cp $RES/docs/SERIAL_LC    $CD_ROOT/$UNIQ_DIR_LC/cfg/SERIAL
-  cp $RES/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/cfg/
-  cp "${RES}/cnf/${ORG_URL}.cnf"  $CD_ROOT/$UNIQ_DIR_LC/cfg/
-  cp "${RES}/cnf/ca.cnf"          $CD_ROOT/$UNIQ_DIR_LC/cfg/
-  cp $CD_ROOT/$UNIQ_DIR_LC/"ca_${UNIQ_ID_CA}"/ca_*.crt.pem    $CD_ROOT/$UNIQ_DIR_LC/cfg/ca.crt.pem
-  cp $CD_ROOT/$UNIQ_DIR_LC/"ca_${UNIQ_ID_CA}"/ca_*.keys.pem   $CD_ROOT/$UNIQ_DIR_LC/cfg/ca.keys.pem
+  echo $UNIQ_ID_CA >         $CD_ROOT/$UNIQ_DIR_LC/cfg/UNIQ_ID_CA
+  cp -r $CD_ROOT/res         $CD_ROOT/$UNIQ_DIR_LC/
+  cp $RES/libs/gen_ca-i.sh   $CD_ROOT/$UNIQ_DIR_LC/
+  cp $RES/docs/README_LC     $CD_ROOT/$UNIQ_DIR_LC/README
+  cp $RES/docs/SERIAL_LC     $CD_ROOT/$UNIQ_DIR_LC/cfg/SERIAL
+  cp $RES/libs/pki_funcs.sh  $CD_ROOT/$UNIQ_DIR_LC/cfg/
+  cp $RES/cnf/$ORG_URL.cnf   $CD_ROOT/$UNIQ_DIR_LC/cfg/
+  cp $RES/cnf/ca.cnf         $CD_ROOT/$UNIQ_DIR_LC/cfg/
+
+  # CA certs
+  cp $CD_ROOT/$UNIQ_DIR_LC/ca/*.crt.pem   $CD_ROOT/$UNIQ_DIR_LC/cfg/ca.crt.pem
+  cp $CD_ROOT/$UNIQ_DIR_LC/ca/*.keys.pem  $CD_ROOT/$UNIQ_DIR_LC/cfg/ca.keys.pem
 }

 #
 # Generate Lifecycle CA Intermediates
 #
-gen_lc_ca_i() {
+gen_lc_cai() {
  cd $FQ_DIR_LC
-  # generate new CA-I
-  ca-i_gen_pki $ORG_URL 1001 2
-  # ca-i_gen_pki $ORG_URL 2001 5
-  # ca-i_gen_pki $ORG_URL 3001 8
+
+  if [[ -n $PARAM2 ]]; then
+    COUNT=$(($PARAM2-1))
+  else
+    COUNT=1
+  fi
+
+  for NUM in $(seq 0 $COUNT)
+  do
+    ca-i_gen_pki $ORG_URL 5
+  done
+}
+
+# ***** ***** ***** ***** *****
+# 
+# CERTIFICATE AUTHORITY (CA)
+# 
+# ***** ***** ***** ***** *****
+# This function will generate a CA Intermediate
+# IN: UNIQ_ID_CA, SERIAL
+#
+gen_ca() {
+  UNIQ_ID_CA=$1
+  SERIAL=$2
+
+  echo_block "Create CA (${UNIQ_ID_CA})"
+
+  # encrypt the key
+  #openssl genrsa -aes256 -password "pass:password" -out ca.keys.pem 4096 
+
+  # key un-protected
+  openssl genrsa -out "ca/${UNIQ_ID_CA}.keys.pem" 4096
+  # 
+  # Create Certificate   (valid for 10 years, after the entire chain of trust expires)
+  openssl req -config $CD_ROOT/res/cnf/ca.cnf -new -x509 -sha256 -days 3650 -extensions v3_ca \
+              -subj "/C=OO/O=ACME/CN=${UNIQ_ID_CA}" -set_serial ${SERIAL} \
+              -key ca/${UNIQ_ID_CA}.keys.pem -out ca/${UNIQ_ID_CA}.crt.pem
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in ca/${UNIQ_ID_CA}.crt.pem > ca/${UNIQ_ID_CA}_cert.info.txt
 }


@ -140,11 +172,11 @@ main() {
  # generate new CA
  # create new PKI Lifecycle Package
  app_init
-  gen_lifecycle
+  mk_lifecycle_pkg
  cp_lifecycle_docs

  # gen some CAs
-  gen_lc_ca_i  
+  gen_lc_cai  
  
  # make sure we return to root execution path
  cd "${CD_ROOT}"
--- a/src/pki_bootstrap/res/docs/README_C
+++ b/src/pki_bootstrap/res/docs/README_C
@ -8,15 +8,49 @@
 -------------
  INTRO
 -------------
+This application will generate new client certificates. The certificate chain is also included 
+(CA certificate & CA-I certificate).

-This application will generate new client certificates. The certificates can be used with any
-VPN client service. The certificate chain is also included (CA certificate & CA-I certificate).


 -------------
  USAGE
 -------------
+Generate a new client certificate

-./ gen_client.sh  
+  usage:   gen_client.sh  <# to generate>
+
+  example: gen_client.sh  2


+
+-----------------------
+  APPLICATION DESIGN
+-----------------------
+The ./clients directory contains the files needed to generate client certificates. The directory
+is portable and will operate properly if moved to another linux system. The ./client/cfg contains
+configuration files that are used by the client generation application. The configuation files
+do not need to be edited and they provide information congruent with the CA and server. The
+./clients/data directory contains the raw data (in .pem) of the certificates generated. The
+./clients/distro contains the files to be distributed and installed on clients. The ./clients/docs
+directory contains certificate information in plain text format.
+
+├── README
+├── cfg
+│   ├── SERIAL
+│   ├── UNIQ_ID_CA
+│   ├── UNIQ_ID_CA-I
+│   ├── ca-i.crt.pem
+│   ├── ca-i.keys.pem
+│   ├── ca_cert-chain.crts.pem
+│   ├── cert.cnf
+│   └── pki_funcs.sh
+├── data
+│   ├── 1001.client.101.cai.skunkworks.acme.xyz.crt.pem
+│   ├── 1001.client.101.cai.skunkworks.acme.xyz.csr.pem
+│   ├── 1001.client.101.cai.skunkworks.acme.xyz.keys.pem
+├── distro
+│   ├── 1001.client.101.cai.skunkworks.acme.xyz.p12
+├── docs
+│   ├── 1001.client.101.cai.skunkworks.acme.xyz.info.txt
+└── gen_client.sh
--- a/src/pki_bootstrap/res/docs/README_CAI
+++ b/src/pki_bootstrap/res/docs/README_CAI
@ -1,21 +1,123 @@

-      ============================
-        CA Intermediate README
+      ===================
+        CA Intermediate 
          Version 3.1
-      ============================
+      ===================


 -------------
  INTRO
 -------------

-This application will generate new client certificates. The certificates can be used with any
-VPN client service. The certificate chain is also included (CA certificate & CA-I certificate).
+This application will generate new Certificate Authority Intermediate packages to be distributed
+to organizations for external usage.
+
+The CA-I package contains a complete certifate chain of trust using a certificate authority 
+intermediate. The CA intermediate has permission to sign certificates. Included in the package 
+is client and server certificate generation applications that run on Bash linux. The CA intermediate 
+can be used with 3rd party applications to generate certificates.
+


 -------------
  USAGE
 -------------
+Generate a new CA Intermediate certificate
+
+This program will generate a new certificate authority (CA) intermediate
+It requires a CA certificate to sign a CA Intermediate
+Requires the file "ca.pem" that is used to sign the certificates
+
+  usage:   gen_ca-i.sh  <Org URL>   [# of client/server certs]
+
+  example: gen_ca-i.sh  skunkworks.acme.xyz \
+                        10  (optional) \



+-----------------------
+  APPLICATION DESIGN
+-----------------------
+The CA-I package contains all the files needed to generate certificates. The ./ca-i directory
+contains the certificate authority files. The ./ca-i/data directory contains all the raw ca
+files. The ./ca-i/distro directory contains the files to be distributed and installed on clients.
+The .p12 files contins the CA certificate, and client certificates. The ./ca-i/docs directory 
+contains certificate information in plain text format.
+
+The ./clients directory contains the files needed to generate client certificates. The directory
+is portable and will operate properly if moved to another linux system. The ./client/cfg contains
+configuration files that are used by the client generation application. The configuation files
+do not need to be edited and they provide information congruent with the CA and server. The
+./clients/data directory contains the raw data (in .pem) of the certificates generated. The
+./clients/distro contains the files to be distributed and installed on clients. The ./clients/docs
+directory contains certificate information in plain text format.
+
+The ./servers directory contains the files needed to generate server certificates. The directory
+is portable and will operate properly if moved to another linux system. The ./server/cfg contains
+configuration files that are used by the server generation application. The configuation files
+do not need to be edited and they provide information congruent with the CA and server. The
+./servers/data directory contains the raw data (in .pem) of the certificates generated. The
+./servers/distro contains the files to be distributed and installed on servers. The ./servers/docs
+directory contains certificate information in plain text format.
+
+
+----------------
+  CA-I Package
+----------------
+
+The CA-I package structure is the following:
+├── distribution
+│   └── 101.cai.skunkworks.acme.xyz
+│       ├── README
+│       ├── ca-i
+│       │   ├── data
+│       │   │   ├── 101.ca.skunkworks.acme.xyz.crt.pem
+│       │   │   ├── 101.cai.skunkworks.acme.xyz.crt.pem
+│       │   │   ├── 101.cai.skunkworks.acme.xyz.csr.pem
+│       │   │   └── 101.cai.skunkworks.acme.xyz.keys.pem
+│       │   ├── distro
+│       │   │   ├── 101.cai.skunkworks.acme.xyz.p12
+│       │   │   └── ca_cert-chain_101.cai.skunkworks.acme.xyz.crts.pem
+│       │   └── docs
+│       │       ├── 101.ca.skunkworks.acme.xyz_cert.info.txt
+│       │       └── 101.cai.skunkworks.acme.xyz.crt.info.txt
+│       ├── clients
+│       │   ├── README
+│       │   ├── cfg
+│       │   │   ├── SERIAL
+│       │   │   ├── UNIQ_ID_CA
+│       │   │   ├── UNIQ_ID_CA-I
+│       │   │   ├── ca-i.crt.pem
+│       │   │   ├── ca-i.keys.pem
+│       │   │   ├── ca_cert-chain.crts.pem
+│       │   │   ├── cert.cnf
+│       │   │   └── pki_funcs.sh
+│       │   ├── data
+│       │   │   ├── 1001.client.101.cai.skunkworks.acme.xyz.crt.pem
+│       │   │   ├── 1001.client.101.cai.skunkworks.acme.xyz.csr.pem
+│       │   │   ├── 1001.client.101.cai.skunkworks.acme.xyz.keys.pem
+│       │   ├── distro
+│       │   │   ├── 1001.client.101.cai.skunkworks.acme.xyz.p12
+│       │   ├── docs
+│       │   │   ├── 1001.client.101.cai.skunkworks.acme.xyz.info.txt
+│       │   └── gen_client.sh
+│       └── servers
+│           ├── README
+│           ├── cfg
+│           │   ├── SERIAL
+│           │   ├── UNIQ_ID_CA
+│           │   ├── UNIQ_ID_CA-I
+│           │   ├── ca-i.crt.pem
+│           │   ├── ca-i.keys.pem
+│           │   ├── ca_cert-chain.crts.pem
+│           │   ├── cert.cnf
+│           │   └── pki_funcs.sh
+│           ├── data
+│           │   ├── 5001.server.101.cai.skunkworks.acme.xyz.crt.pem
+│           │   ├── 5001.server.101.cai.skunkworks.acme.xyz.csr.pem
+│           │   ├── 5001.server.101.cai.skunkworks.acme.xyz.keys.pem
+│           ├── distro
+│           │   ├── 5001.server.101.cai.skunkworks.acme.xyz.p12
+│           ├── docs
+│           │   ├── 5001.server.101.cai.skunkworks.acme.xyz.crt.info.txt
+│           └── gen_server.sh
--- a/src/pki_bootstrap/res/docs/README_S
+++ b/src/pki_bootstrap/res/docs/README_S
@ -8,14 +8,49 @@
 -------------
  INTRO
 -------------
+This application will generate new server certificates. The certificate chain is also included 
+(CA certificate & CA-I certificate).

-This application will generate new server certificates to be used with a VPN service.


 -------------
  USAGE
 -------------
+Generate a new server certificate

-./ gen_server.sh  
+  usage:   gen_server.sh  <# to generate>
+
+  example: gen_server.sh  2


+
+-----------------------
+  APPLICATION DESIGN
+-----------------------
+The ./servers directory contains the files needed to generate server certificates. The directory
+is portable and will operate properly if moved to another linux system. The ./server/cfg contains
+configuration files that are used by the server generation application. The configuation files
+do not need to be edited and they provide information congruent with the CA and server. The
+./servers/data directory contains the raw data (in .pem) of the certificates generated. The
+./servers/distro contains the files to be distributed and installed on servers. The ./servers/docs
+directory contains certificate information in plain text format.
+
+├── README
+├── cfg
+│   ├── SERIAL
+│   ├── UNIQ_ID_CA
+│   ├── UNIQ_ID_CA-I
+│   ├── ca-i.crt.pem
+│   ├── ca-i.keys.pem
+│   ├── ca_cert-chain.crts.pem
+│   ├── cert.cnf
+│   └── pki_funcs.sh
+├── data
+│   ├── 5001.server.101.cai.skunkworks.acme.xyz.crt.pem
+│   ├── 5001.server.101.cai.skunkworks.acme.xyz.csr.pem
+│   ├── 5001.server.101.cai.skunkworks.acme.xyz.keys.pem
+├── distro
+│   ├── 5001.server.101.cai.skunkworks.acme.xyz.p12
+├── docs
+│   ├── 5001.server.101.cai.skunkworks.acme.xyz.crt.info.txt
+└── gen_server.sh
--- a/src/pki_bootstrap/res/docs/SERIAL_C
+++ b/src/pki_bootstrap/res/docs/SERIAL_C
--- a/src/pki_bootstrap/res/docs/SERIAL_S
+++ b/src/pki_bootstrap/res/docs/SERIAL_S
@ -0,0 +1 @@
+5001
--- a/src/pki_bootstrap/res/libs/gen_ca-i.sh
+++ b/src/pki_bootstrap/res/libs/gen_ca-i.sh
@ -3,17 +3,12 @@
 # Create CA Intermediate
 # 
 # 
-# This function will generate a CA Intermediate
-# IN: UNIQ_ID_CA, SERIAL
-#

 # source this file to include the functions
 . cfg/pki_funcs.sh

 PARAM1=$1
 PARAM2=$2
-PARAM3=$3
-

 usage() {
  echo
@ -23,39 +18,44 @@ usage() {
  echo "It requires a CA certificate used to sign CA Intermediate"
  echo "Requires the file \"ca.pem\" that is used to sign the certificates"
  echo 
-  echo "  usage:   gen_ca-i.sh  <Org URL> <Serial>"
+  echo "  usage:   gen_ca-i.sh  <Org URL>   [# of client/server certs]"
  echo
-  echo "  example: gen_ca-i.sh  skunkworks.acme.xyz"
-  echo "                        10052"
+  echo "  example: gen_ca-i.sh  skunkworks.acme.xyz \\"
+  echo "                        10  (optional)"
  echo
  exit 1
 }

-error_no_ca_file() {
-  echo_block "ERROR: missing ca.crt.pem, ca.keys.pem"
-  usage
-}
-
-
-main() {
-  CDD=`pwd`
-  FQ_CA_KEYS="${CDD}/cfg/ca.keys.pem"
-  FQ_CA_CRT="${CDD}/cfg/ca.crt.pem"
-  if [[ ! -f $FQ_CA_KEYS ]] || [[ ! -f $FQ_CA_CRT ]]; then
-    error_no_ca_file
-  fi
-
-  if [[ -n $PARAM1 ]] && [[ -n $PARAM2 ]]; then
-    pki_func_init $FQ_CA_CRT $FQ_CA_KEYS "${CDD}/cfg"
-
-    if [[ -z $PARAM3 ]]; then
-      PARAM3=5
+check_params() {
+  # the parameter must be the URL (not the filename, .cnf)
+  if [[ -n $PARAM1 ]]; then
+    if [[ ${PARAM1: -4} == .cnf ]]; then
+      if [[ ! -f "cfg/${PARAM1}" ]]; then
+        echo_block "ERROR: file cfg/${PARAM1} is missing"
+        usage
+      else
+        PARAM1=${PARAM1%.*}
+      fi
+    else 
+      if [[ ! -f "cfg/${PARAM1}.cnf" ]]; then
+        echo_block "ERROR: file cfg/${PARAM1}.cnf is missing"
+        usage
+      fi
    fi
-
-    ca-i_gen_pki $PARAM1 $PARAM2 $PARAM3
  else
    usage
  fi
+
+  if [[ -z $PARAM2 ]]; then
+    PARAM2=5
+  fi
+}
+
+main() {
+  # uses global variables: $PARAM1 $PARAM2 $PARAM3
+  check_cai_pkg
+  check_params
+  ca-i_gen_pki $PARAM1 $PARAM2
 }

 main
--- a/src/pki_bootstrap/res/libs/gen_client.sh
+++ b/src/pki_bootstrap/res/libs/gen_client.sh
@ -3,54 +3,34 @@
 # Create Client Certificates
 # 
 # 
-# This function will generate a Client cert
-# IN: UNIQ_ID, SERIAL
-#

 # source this file to include the functions
 . cfg/pki_funcs.sh

 PARAM1=$1
-PARAM2=$2
-PARAM3=$3
-

 usage() {
  echo
-  echo "Generate a new Client certificate"
+  echo "Generate a new client certificate"
  echo
+  echo "  usage:   gen_client.sh  <# to generate>"
  echo
-  echo "Generate a new certificate"
-  echo "  usage:   gen_client.sh  <Org URL> <Serial #>"
-  echo
-  echo "  example: gen_client.sh  skunkworks.acme.xyz \\"
-  echo "                          10052 \\"
+  echo "  example: gen_client.sh  2"
  echo
  exit 1
 }

-
-main() {
-  if [[ ! -f cfg/ca-i.crt.pem ]] || [[ ! -f cfg/ca-i.keys.pem ]]; then
-    echo_block "ERROR: file cfg/ca-i.crt.pem cfg/ca-i.keys.pem is missing"
-    usage
-  fi
-  if [[ ! -f cfg/SERIAL ]]; then
-    echo_block "ERROR: file cfg/SERIAL is missing"
-    usage
-  fi
-
-  if [[ -n $PARAM1 ]] && [[ -n $PARAM2 ]]; then
-    UNIQ_ID="${PARAM2}.${PARAM1}"
-    if [[ -f "distro/client_${UNIQ_ID}.p12" ]]; then
-      echo_block "ERROR: certifate  <<distro/client_${UNIQ_ID}.p12>>  already exists"
-      usage
-    fi
-
-    gen_client $PARAM1 $PARAM2
-  else
+check_params() {
+  if [[ -z $PARAM1 ]]; then
    usage
  fi
 }

+main() {
+  # uses global variables: $PARAM1
+  check_cai_pkg
+  check_params
+  gen_client $PARAM1
+}
+
 main
--- a/src/pki_bootstrap/res/libs/gen_server.sh
+++ b/src/pki_bootstrap/res/libs/gen_server.sh
@ -3,58 +3,34 @@
 # Create Server Certificates
 # 
 # 
-# This function will generate a Server cert
-# IN: UNIQ_ID, SERIAL
-#

 # source this file to include the functions
 . cfg/pki_funcs.sh

 PARAM1=$1
-PARAM2=$2
-PARAM3=$3
-

 usage() {
  echo
-  echo "Generate a new Server certificate"
+  echo "Generate a new server certificate"
  echo
+  echo "  usage:   gen_server.sh  <# to generate>"
  echo
-  echo "Generate a new certificate"
-  echo "  usage:   gen_server.sh  <Org URL> <Serial #>"
-  echo
-  echo "  example: gen_server.sh  skunkworks.acme.xyz \\"
-  echo "                          10052 \\"
+  echo "  example: gen_server.sh  2"
  echo
  exit 1
 }

-
-main() {
-  if [[ ! -f cfg/ca-i.crt.pem ]] || [[ ! -f cfg/ca-i.keys.pem ]]; then
-    echo_block "ERROR: file cfg/ca-i.crt.pem cfg/ca-i.keys.pem is missing"
-    usage
-  fi
-  if [[ ! -f cfg/SERIAL ]]; then
-    echo_block "ERROR: file cfg/SERIAL is missing"
-    usage
-  fi
-
-  if [[ -n $PARAM1 ]] && [[ -n $PARAM2 ]]; then
-    UNIQ_ID="${PARAM2}.${PARAM1}"
-    if [[ -f "distro/server_${UNIQ_ID}.p12" ]]; then
-      echo_block "ERROR: certifate  <<distro/server_${UNIQ_ID}.p12>>  already exists"
-      usage
-    fi
-    if [[ ! -f "cfg/${PARAM1}.cnf" ]]; then
-      echo_block "ERROR: configuration file  <<cfg/${PARAM1}.cnf>>  is missing"
-      usage
-    fi
-
-    gen_server $PARAM1 $PARAM2
-  else
+check_params() {
+  if [[ -z $PARAM1 ]]; then
    usage
  fi
 }

+main() {
+  # uses global variables: $PARAM1
+  check_cai_pkg
+  check_params
+  gen_server $PARAM1
+}
+
 main
--- a/src/pki_bootstrap/res/libs/pki_funcs.sh
+++ b/src/pki_bootstrap/res/libs/pki_funcs.sh
@ -3,20 +3,6 @@
 # all main functions to generate a PKI certificate chain
 # 

-#
-# Set the CA variables
-#
-pki_func_init() {
-  if [[ -n $1 ]] || [[ -n $2 ]] || [[ -n $3 ]]; then
-    FQ_CA_CERT=$1
-    FQ_CA_KEYS=$2
-    CNF_PATH=$3
-    APP_INIT=1
-  else
-    APP_INIT=0
-  fi
-}
-
 #
 # print text wrapped in a block
 #
@ -31,41 +17,30 @@ echo_block() {
 # Grab the latest serial # from the file, auto-increment
 # 
 get_serial() {
-  SERIAL=`head "cfg/SERIAL"`
+  SERIAL=`head cfg/SERIAL`
  if [[ -z $SERIAL ]]; then
    SERIAL=11111
    echo_block "WARN: no file 'SERIAL' found, using default 11111 as the serial # for CA"
+  else
+    PLUS1=$((SERIAL+1))
+    echo $PLUS1 > cfg/SERIAL 
  fi
 }

-# ***** ***** ***** ***** *****
 #
-# CERTIFICATE AUTHORITY (CA)
+# check the integrity of the CA-I package
 # 
-# ***** ***** ***** ***** *****
-# This function will generate a CA Intermediate
-# IN: UNIQ_ID_CA, SERIAL
-#
-gen_ca() {
-  UNIQ_ID_CA=$1
-  SERIAL=$2
-
-  echo_block "Create CA (${UNIQ_ID_CA})"
-
-  # encrypt the key
-  #openssl genrsa -aes256 -out ca.keys.pem 4096
-  #openssl genrsa -aes256 -password "pass:password" -out ca.keys.pem 4096 
-
-  # key un-protected
-  openssl genrsa -out "ca_${UNIQ_ID_CA}.keys.pem" 4096
-  # 
-  # Create Certificate   (valid for 10 years, after the entire chain of trust expires)
-  openssl req -config $CNF_PATH/ca.cnf -new -x509 -sha256 -days 3650 -extensions v3_ca \
-              -subj "/C=OO/O=ACME/CN=root.${UNIQ_ID_CA}" -set_serial ${SERIAL} \
-              -key ca_${UNIQ_ID_CA}.keys.pem -out ca_${UNIQ_ID_CA}.crt.pem
-
-  # verify certificate (output to text file for review)
-  openssl x509 -noout -text -in ca_${UNIQ_ID_CA}.crt.pem > ca_${UNIQ_ID_CA}_cert.info.txt
+check_cai_pkg() {
+  if [[ ! -f cfg/ca.keys.pem ]] || [[ ! -f cfg/ca.crt.pem ]]; then
+    if [[ ! -f cfg/ca-i.keys.pem ]] || [[ ! -f cfg/ca-i.crt.pem ]]; then
+      echo_block "ERROR: missing a config file: cfg/ca.crt.pem, cfg/ca.keys.pem, cfg/ca-i.crt.pem, cfg/ca-i.keys.pem"
+      usage
+    fi
+  fi
+  if [[ ! -f cfg/SERIAL ]]; then
+    echo_block "ERROR: file cfg/SERIAL is missing"
+    usage
+  fi
 }

 #
@ -80,215 +55,227 @@ gen_ca() {
 #   - generate server certificates
 #   - generate client certificates
 #
-# INPUT:  BASE SERIAL #, LOOP NUM
-# 
-# Requires: FQ_CA_CERT, FQ_CA_KEYS
+# INPUT:  ORG URL, SERIAL #, LOOP NUM
 # 
 ca-i_gen_pki() {
  CDD=`pwd`
  ORG_URL=$1
-  SERIAL_O=$2
-  NUM_CERTS=$(($3-1))
+  NUM_CERTS=$2

  # create unique directory
-  UNIQ_ID_CAI="${SERIAL_O}.${ORG_URL}" 
-  mkdir -p "distribution/ca_i_${UNIQ_ID_CAI}"
-  cd "distribution/ca_i_${UNIQ_ID_CAI}"
+  get_serial
+  UNIQ_ID_CAI="${SERIAL}.cai.${ORG_URL}"
+  mkdir -p "distribution/${UNIQ_ID_CAI}"

-  # Create CA Intermediate
-  ca-i_gen_cert $ORG_URL $SERIAL_O
+  # generate CA Intermediate
+  ca-i_gen_cert $UNIQ_ID_CAI

  # create directories, copy files, before generating client/server
-  ca-i_create_shell
+  __ca-i_create_pkg

-  __ca-i_gen_client
+  # the client & server applications need to execute in their perspective directories
+  cd $CDD/distribution/$UNIQ_ID_CAI/clients
+  gen_client $NUM_CERTS

-  __ca-i_gen_server
+  cd $CDD/distribution/$UNIQ_ID_CAI/servers
+  gen_server $NUM_CERTS

  # return to last path
  cd $CDD
 }

-# 
-# Client Certificates
-# 
-__ca-i_gen_client() {
-  # create directories
-  mkdir -p clients/data
-  mkdir -p clients/distro
-  mkdir -p clients/docs
-  cd clients
-  for NUM in $(seq 0 $NUM_CERTS)
-  do
-    gen_client $ORG_URL $((SERIAL_O+NUM))
-  done
-  cd ..
-}
-
-# 
-# Server Certificates
-# 
-__ca-i_gen_server() {
-  # create directories
-  mkdir -p servers/data
-  mkdir -p servers/distro
-  mkdir -p servers/docs
-  cd servers
-  for NUM in $(seq 0 $NUM_CERTS)
-  do
-    gen_server $ORG_URL $((SERIAL_O+NUM))
-  done
-  cd ..
-}
-
-# This function will generate a CA Intermediate
-# 
-# Requires:  CNF file, CA cert, CA key
-# 
-# IN: UNIQ_ID_CA, SERIAL
-#
-ca-i_gen_cert() {
-  ORG_URL=$1 
-  SERIAL=$2
-
-  UNIQ_ID="${SERIAL}.${ORG_URL}"
-
-  echo_block "Create CA Intermediate  (${UNIQ_ID})"
-
-  openssl genrsa -out "ca_i_${UNIQ_ID}.keys.pem" 4096
-
-  # Create Cert Signing Request (CSR)
-  openssl req -config "${CNF_PATH}/ca.cnf" -new -sha256 \
-              -subj "/C=OO/O=ACME/OU=ACME Intermediate/CN=${UNIQ_ID}" \
-              -key "ca_i_${UNIQ_ID}.keys.pem" -out "ca_i_${UNIQ_ID}.csr.pem"
-
-  # Create Certificate   (valid for ~2 years, after the entire chain of trust expires)
-  # CA signs Intermediate
-  openssl x509 -req -days 750 -extfile "${CNF_PATH}/ca.cnf" -extensions v3_ca_i \
-               -CA $FQ_CA_CERT -CAkey $FQ_CA_KEYS -set_serial ${SERIAL} \
-               -in "ca_i_${UNIQ_ID}.csr.pem" -out "ca_i_${UNIQ_ID}.crt.pem"
-
-  # Package the Certificate Authority Certificates for distro  (windoze needs this)
-  openssl pkcs12 -export -password "pass:password" -inkey "ca_i_${UNIQ_ID}.keys.pem" \
-                 -name "CA Intermediate Mobile Provision" -certfile $FQ_CA_CERT \
-                 -in "ca_i_${UNIQ_ID}.crt.pem" -out "ca_i_${UNIQ_ID}.p12"
-
-  # verify certificate (output to text file for review)
-  openssl x509 -noout -text -in "ca_i_${UNIQ_ID}.crt.pem" > "ca_i_${UNIQ_ID}.crt.info.txt"
-
-  # create certifiate chain
-  cat $FQ_CA_CERT "ca_i_${UNIQ_ID}.crt.pem" > "ca_cert-chain_${UNIQ_ID}.crts.pem"
-}
-
 #
 # Copies all applcations to the Lifecycle package
 #   organize the ca-i directory
 #   order matters:  move these files last because they were copied above
 #
-ca-i_create_shell() {
+__ca-i_create_pkg() {
+  DEST_DIR="${CDD}/distribution/${UNIQ_ID}"

-  DEST_DIR="${CDD}/distribution/ca_i_${UNIQ_ID_CAI}"
+  echo $UNIQ_ID > cfg/UNIQ_ID_CA-I

-  # client
-  mkdir -p clients/cfg
+  # 
+  # Client
+  # 
+  # create directories
+  mkdir -p $DEST_DIR/clients/data
+  mkdir -p $DEST_DIR/clients/distro
+  mkdir -p $DEST_DIR/clients/docs
+  mkdir -p $DEST_DIR/clients/cfg
+  # copy resource files
  cp $CDD/res/libs/gen_client.sh  $DEST_DIR/clients/
  cp $CDD/res/libs/pki_funcs.sh   $DEST_DIR/clients/cfg
  cp $CDD/res/docs/README_C       $DEST_DIR/clients/README
-  cp $CDD/res/docs/SERIAL         $DEST_DIR/clients/cfg/
-  cp "${CDD}/cfg/${ORG_URL}.cnf"  $DEST_DIR/clients/cfg/
+  cp $CDD/res/docs/SERIAL_C       $DEST_DIR/clients/cfg/SERIAL
+  cp "${CDD}/cfg/${ORG_URL}.cnf"  $DEST_DIR/clients/cfg/cert.cnf
  # generated files
-  cp $DEST_DIR/ca_i*.crt.pem      $DEST_DIR/clients/cfg/ca-i.crt.pem
-  cp $DEST_DIR/ca_i*.keys.pem     $DEST_DIR/clients/cfg/ca-i.keys.pem
-  cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/clients/cfg/ca_cert-chain.crts.pem
+  cp $UNIQ_ID_CAI.crt.pem     $DEST_DIR/clients/cfg/ca-i.crt.pem
+  cp $UNIQ_ID_CAI.keys.pem    $DEST_DIR/clients/cfg/ca-i.keys.pem
+  cp ca_cert-chain*.pem       $DEST_DIR/clients/cfg/ca_cert-chain.crts.pem
+  cp cfg/UNIQ_ID_CA-I         $DEST_DIR/clients/cfg/
+  cp cfg/UNIQ_ID_CA           $DEST_DIR/clients/cfg/

-  # server
-  mkdir -p servers/cfg
+  # 
+  # Server
+  # 
+  # create directories
+  mkdir -p $DEST_DIR/servers/data
+  mkdir -p $DEST_DIR/servers/distro
+  mkdir -p $DEST_DIR/servers/docs
+  mkdir -p $DEST_DIR/servers/cfg
+  # copy resource files
  cp $CDD/res/libs/gen_server.sh  $DEST_DIR/servers/
  cp $CDD/res/libs/pki_funcs.sh   $DEST_DIR/servers/cfg/
  cp $CDD/res/docs/README_S       $DEST_DIR/servers/README
-  cp $CDD/res/docs/SERIAL         $DEST_DIR/servers/cfg/
-  cp "${CDD}/cfg/${ORG_URL}.cnf"  $DEST_DIR/servers/cfg/
+  cp $CDD/res/docs/SERIAL_S       $DEST_DIR/servers/cfg/SERIAL
+  cp "${CDD}/cfg/${ORG_URL}.cnf"  $DEST_DIR/servers/cfg/cert.cnf
  # generated files
-  cp $DEST_DIR/ca_i*.crt.pem      $DEST_DIR/servers/cfg/ca-i.crt.pem
-  cp $DEST_DIR/ca_i*.keys.pem     $DEST_DIR/servers/cfg/ca-i.keys.pem
-  cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/servers/cfg/ca_cert-chain.crts.pem
+  cp $UNIQ_ID_CAI.crt.pem   $DEST_DIR/servers/cfg/ca-i.crt.pem
+  cp $UNIQ_ID_CAI.keys.pem  $DEST_DIR/servers/cfg/ca-i.keys.pem
+  cp ca_cert-chain*.pem     $DEST_DIR/servers/cfg/ca_cert-chain.crts.pem
+  cp cfg/UNIQ_ID_CA-I       $DEST_DIR/servers/cfg/
+  cp cfg/UNIQ_ID_CA         $DEST_DIR/servers/cfg/

+  # 
  # CA-I
-  mkdir -p ca-i/data
-  mkdir -p ca-i/docs
-  mkdir -p ca-i/distro
-  cp $CDD/res/docs/README_CAI       $DEST_DIR/README
-  cp $CDD/ca_*/ca_*.crt.pem         $DEST_DIR/ca-i/data/
-  cp $CDD/ca_*/ca_*.info.txt        $DEST_DIR/ca-i/docs/
+  #
+  # create directories
+  mkdir -p $DEST_DIR/ca-i/data
+  mkdir -p $DEST_DIR/ca-i/docs
+  mkdir -p $DEST_DIR/ca-i/distro
+  # copy resource files
+  cp $CDD/res/docs/README_CAI   $DEST_DIR/README
+  cp $CDD/ca/*.crt.pem          $DEST_DIR/ca-i/data/
+  cp $CDD/ca/*.info.txt         $DEST_DIR/ca-i/docs/
  # generated files
-  mv $DEST_DIR/ca_i*.pem            $DEST_DIR/ca-i/data/
-  mv $DEST_DIR/ca_i*.info.txt       $DEST_DIR/ca-i/docs/
-  mv $DEST_DIR/ca_i*.p12            $DEST_DIR/ca-i/distro
-  mv $DEST_DIR/ca_cert-chain*.pem   $DEST_DIR/ca-i/distro
+  mv $UNIQ_ID_CAI*.pem          $DEST_DIR/ca-i/data/
+  mv $UNIQ_ID_CAI.crt.info.txt  $DEST_DIR/ca-i/docs/
+  mv $UNIQ_ID_CAI.p12           $DEST_DIR/ca-i/distro
+  mv ca_cert-chain*.pem         $DEST_DIR/ca-i/distro
+}
+
+# This function will generate a CA Intermediate
+# 
+# Requires:  CNF file, CA cert, CA key
+# 
+# IN: UNIQ_ID_CA
+#
+ca-i_gen_cert() {
+  UNIQ_ID=$1
+  DEST_DIR="."
+
+  UNIQ_ID="${SERIAL}.cai.${ORG_URL}"
+
+  echo_block "Create CA Intermediate  (${UNIQ_ID})"
+
+  openssl genrsa -out "${DEST_DIR}/${UNIQ_ID}.keys.pem" 4096
+
+  # Create Cert Signing Request (CSR)
+  openssl req -config "cfg/ca.cnf" -new -sha256 \
+              -subj "/C=OO/O=ACME/OU=ACME Intermediate/CN=${UNIQ_ID}" \
+              -key "${DEST_DIR}/${UNIQ_ID}.keys.pem" -out "${DEST_DIR}/${UNIQ_ID}.csr.pem"
+
+  # Create Certificate   (valid for ~2 years, after the entire chain of trust expires)
+  # CA signs Intermediate
+  openssl x509 -req -days 750 -extfile "cfg/ca.cnf" -extensions v3_ca_i \
+               -CA cfg/ca.crt.pem -CAkey cfg/ca.keys.pem -set_serial ${SERIAL} \
+               -in "${DEST_DIR}/${UNIQ_ID}.csr.pem" -out "${DEST_DIR}/${UNIQ_ID}.crt.pem"
+
+  # Package the Certificate Authority Certificates for distro  (windoze needs this)
+  openssl pkcs12 -export -password "pass:password" -inkey "${DEST_DIR}/${UNIQ_ID}.keys.pem" \
+                 -name "CA Intermediate Mobile Provision" -certfile cfg/ca.crt.pem \
+                 -in "${DEST_DIR}/${UNIQ_ID}.crt.pem" -out "${DEST_DIR}/${UNIQ_ID}.p12"
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in "${DEST_DIR}/${UNIQ_ID}.crt.pem" > "${DEST_DIR}/${UNIQ_ID}.crt.info.txt"
+
+  # create certifiate chain
+  cat cfg/ca.crt.pem "${DEST_DIR}/${UNIQ_ID}.crt.pem" > "${DEST_DIR}/ca_cert-chain_${UNIQ_ID}.crts.pem"
+}
+
+get_uniq_ids() {
+  UNIQ_ID_CA=`head cfg/UNIQ_ID_CA`
+  UNIQ_ID_CAI=`head cfg/UNIQ_ID_CA-I`
+}
+
+gen_client() {
+  COUNT=$(($1-1))
+
+  get_uniq_ids
+  for NUM in $(seq 0 $COUNT)
+  do
+    get_serial
+    UNIQ_ID="${SERIAL}.client.${UNIQ_ID_CAI}"
+    gen_client_cert $UNIQ_ID
+  done
 }

 #
 # Generate a Client Certificate
-# IN: UNIQ_ID, UNIQ_ID_CAI, SERIAL
+# IN: UNIQ_ID, SERIAL
 #
-gen_client() {
-  ORG_URL=$1 
-  SERIAL=$2
-
-  UNIQ_ID="${SERIAL}.${ORG_URL}"
-  CERT_CHAIN="cfg/ca_cert-chain.crts.pem"
+gen_client_cert() {
+  UNIQ_ID=$1

  echo_block "Generate Client Certificates  (${UNIQ_ID})"

-  openssl genrsa -out "data/client_${UNIQ_ID}.keys.pem" 4096
+  openssl genrsa -out "data/${UNIQ_ID}.keys.pem" 4096

-  openssl req -new -key "data/client_${UNIQ_ID}.keys.pem" \
-              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=client_${UNIQ_ID}" \
-              -out "data/client_${UNIQ_ID}.csr.pem"
+  openssl req -new -key "data/${UNIQ_ID}.keys.pem" \
+              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=${UNIQ_ID}" \
+              -out "data/${UNIQ_ID}.csr.pem"
  # CA Intermediate signs Client
  openssl x509 -req -days 365 \
               -CA "cfg/ca-i.crt.pem" -CAkey "cfg/ca-i.keys.pem" -set_serial ${SERIAL} \
-               -in "data/client_${UNIQ_ID}.csr.pem" -out "data/client_${UNIQ_ID}.crt.pem"
+               -in "data/${UNIQ_ID}.csr.pem" -out "data/${UNIQ_ID}.crt.pem"

  # Package the Certificates
-  openssl pkcs12 -export -password "pass:password" -inkey "data/client_${UNIQ_ID}.keys.pem" \
-                 -name "Client ${UNIQ_ID} VPN Certificate" -certfile $CERT_CHAIN -caname "client_${UNIQ_ID}@acme.xyz" \
-                 -in "data/client_${UNIQ_ID}.crt.pem" -out "distro/client_${UNIQ_ID}.p12"
+  openssl pkcs12 -export -password "pass:password" -inkey "data/${UNIQ_ID}.keys.pem" \
+                 -name "Client ${UNIQ_ID} VPN Certificate" -certfile "cfg/ca_cert-chain.crts.pem" -caname "${UNIQ_ID}@acme.xyz" \
+                 -in "data/${UNIQ_ID}.crt.pem" -out "distro/${UNIQ_ID}.p12"

  # verify certificate (output to text file for review)
-  openssl x509 -noout -text -in "data/client_${UNIQ_ID}.crt.pem" > "docs/client_${UNIQ_ID}.info.txt"
+  openssl x509 -noout -text -in "data/${UNIQ_ID}.crt.pem" > "docs/${UNIQ_ID}.info.txt"
+}
+
+gen_server() {
+  COUNT=$(($1-1))
+
+  get_uniq_ids
+  for NUM in $(seq 0 $COUNT)
+  do
+    get_serial
+    UNIQ_ID="${SERIAL}.server.${UNIQ_ID_CAI}"
+    gen_server_cert $UNIQ_ID
+  done
 }

 #
 # Generate a Server Certificate
-# IN: UNIQ_ID, UNIQ_ID_CA, SERIAL
+# IN: UNIQ_ID, SERIAL
 #
-gen_server() {
-  ORG_URL=$1 
-  SERIAL=$2
-
-  UNIQ_ID="${SERIAL}.${ORG_URL}"
-  CERT_CHAIN="cfg/ca_cert-chain.crts.pem"
+gen_server_cert() {
+  UNIQ_ID=$1

  echo_block "Generate Server Certificates  (${UNIQ_ID})"

-  openssl genrsa -out "data/server_${UNIQ_ID}.keys.pem" 4096
+  openssl genrsa -out "data/${UNIQ_ID}.keys.pem" 4096

-  openssl req -new -config "cfg/${ORG_URL}.cnf" -key "data/server_${UNIQ_ID}.keys.pem" \
+  openssl req -new -config "cfg/cert.cnf" -key "data/${UNIQ_ID}.keys.pem" \
              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=${UNIQ_ID}" \
-              -out "data/server_${UNIQ_ID}.csr.pem"
+              -out "data/${UNIQ_ID}.csr.pem"

  # CA Intermediate signs Server
-  openssl x509 -req -days 365 -extfile "cfg/${ORG_URL}.cnf" -extensions v3_server \
+  openssl x509 -req -days 365 -extfile "cfg/cert.cnf" -extensions v3_server \
               -CA "cfg/ca-i.crt.pem" -CAkey "cfg/ca-i.keys.pem" -set_serial ${SERIAL} \
-               -in "data/server_${UNIQ_ID}.csr.pem" -out "data/server_${UNIQ_ID}.crt.pem"
+               -in "data/${UNIQ_ID}.csr.pem" -out "data/${UNIQ_ID}.crt.pem"

  # Package the Certificates
-  openssl pkcs12 -export -password "pass:password" -inkey "data/server_${UNIQ_ID}.keys.pem" \
-                 -name "Server ${UNIQ_ID} VPN Certificate" -certfile $CERT_CHAIN -caname "server_${UNIQ_ID}@acme.xyz" \
-                 -in "data/server_${UNIQ_ID}.crt.pem" -out "distro/server_${UNIQ_ID}.p12"
+  openssl pkcs12 -export -password "pass:password" -inkey "data/${UNIQ_ID}.keys.pem" \
+                 -name "Server ${UNIQ_ID} VPN Certificate" -certfile "cfg/ca_cert-chain.crts.pem" -caname "${UNIQ_ID}@acme.xyz" \
+                 -in "data/${UNIQ_ID}.crt.pem" -out "distro/${UNIQ_ID}.p12"

  # verify certificate (output to text file for review)
-  openssl x509 -noout -text -in "data/server_${UNIQ_ID}.crt.pem" > "docs/server_${UNIQ_ID}.crt.info.txt" 
+  openssl x509 -noout -text -in "data/${UNIQ_ID}.crt.pem" > "docs/${UNIQ_ID}.crt.info.txt" 
 }

--- a/src/sandbox/SERIAL
+++ b/src/sandbox/SERIAL
@ -0,0 +1 @@
+2010
--- a/src/sandbox/p12ext.sh
+++ b/src/sandbox/p12ext.sh
@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# Extract the ca certificate, user certificate, user keys from the p12 package
+#
+#
+# -clcerts    (only output client certificates (not CA certificates))
+# -cacerts    (only output CA certificates (not client certificates))
+# -nocerts    (no certificates at all will be output)
+# -nokeys     (no private keys will be output)
+# 
+# 
+if [[ -n $1 ]]; then
+  echo
+else
+  echo
+  echo "This script will copy the certificates and keys to the strongswan configuration paths"
+  echo 
+  echo "Usage: p12ext  <file>  [password]"
+  echo
+  echo "Example: p12ext  file.p12"
+  echo
+  exit 1
+fi
+
+# create a unique path for the server certificate
+UNIQ_DIR_LC=`date +%Y-%m-%d.%H_%M_%S`
+UNIQ_DIR_LC="p12ext_${UNIQ_DIR_LC}"
+mkdir $UNIQ_DIR_LC
+
+# keys
+openssl pkcs12 -nodes -nocerts -password "pass:password"  -in $1  -out $UNIQ_DIR_LC/user.keys.pem
+
+# certificate
+openssl pkcs12 -nodes -clcerts -nokeys -password "pass:password"  -in $1  -out $UNIQ_DIR_LC/user.crt.pem
+
+# CA
+openssl pkcs12 -nodes -cacerts -nokeys -password "pass:password"  -in $1  -out $UNIQ_DIR_LC/ca-chain.crt.pem  
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/README
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/README
@ -1,8 +1,10 @@
+***
+THIS was Generated by the CA Generation Application
+***

-THIS was Generated by the CA generation application
+Included in this package is a CA Intermediate generation application. Any number of new CA
+Intermediates can be generated. Each CA Intermediate is also packaged to be distributed to
+an organization.

-Included in this package is a CA Intermediate generation application
 Running get_ca-i.sh  will create a new PKI certificate chain to be distributed to organizations.

-
-
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/ca_101.skunkworks.acme.xyz/ca_101.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/ca_101.skunkworks.acme.xyz/ca_101.skunkworks.acme.xyz.crt.pem
@ -1,31 +1,31 @@
 -----BEGIN CERTIFICATE-----
 MIIFZDCCA0ygAwIBAgIBZTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJPTzEN
 MAsGA1UECgwEQUNNRTElMCMGA1UEAwwccm9vdC4xMDEuc2t1bmt3b3Jrcy5hY21l
-Lnh5ejAeFw0xODA4MDYxODUzMTJaFw0yODA4MDMxODUzMTJaMEMxCzAJBgNVBAYT
+Lnh5ejAeFw0xODA4MjUxODA2MTFaFw0yODA4MjIxODA2MTFaMEMxCzAJBgNVBAYT
 Ak9PMQ0wCwYDVQQKDARBQ01FMSUwIwYDVQQDDBxyb290LjEwMS5za3Vua3dvcmtz
-LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRRRuiMf
-+rpDWdJtBwmZVYCZFlAa/BSeC71Ku3bb7Gqi2j4siBi1Hz6DTKbd+ZMwPFTPY6Qk
-yLsgw3ICYWq19CheyHHsqX1utM66yr1OuZcn3ZbcpqzWaH3upbloSnn+gzEWy2hY
-+SG2fONa05MM5l3VCPl/fHMjJnt+fHSnr/KSk4NMaq5AE47v2CV7SnvLviuSUJAT
-ET183PG9xilEOfthlr63zk4RiUEmoG9ttuZmOCS3tlNAaUDXv5k/PrUy1qpdcp4D
-yJkPueTfsuAYFdGUpVuwvcLdIJHw6YrmQa3u/d6bc1cw3nF1TMyFFkNuf3XJAgtz
-z3aihDMH57LLMUE24HbdY+9Vt6HYsGninrWM4SMVAP62JQNS+aJfmBO1ozcyJ1/S
-aZm/Dxg2u8qblsJxBWi0hAkw/YSEP+Gevrdt0tf/xN8KypeC3lCWwm22l6gd3gXU
-KQYfav8eHTVOpw7QARaWJWDkEMqFRN4/KzTJF6/mOUz6KwEKm/NAvgVQeGBo6cMm
-qC8DTsRO/HpDFECoXcTFujj45yuYjlzzWEP7a4wuW8ouQ7E6xEAaWw0FWkEshLC6
-reThXAHA4cYhpQwZMQ+zP+W+5lXUGHDjlZrg1/RCS13nnOwOgUXmfEEth0HD8vCG
-pakCzlASneqvI0CkrrSjURcHKUInQ8kMuOkCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
-AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFGs/8FQvy8NZHw8jMhvx9yxL
-9RfcMB8GA1UdIwQYMBaAFGs/8FQvy8NZHw8jMhvx9yxL9RfcMA0GCSqGSIb3DQEB
-CwUAA4ICAQAwNY1MdhiQQ9iwzZNrhzucxjtpxYnyfm962w6vbHSSpuvr9R/X1e5Q
-SnFdVBhano5NioH1j0RAmBDS4GEsI4GzvgkOI7VT+C5wrGkmNUxk+fhfh23wxiSJ
-mSsE9arpCjo1Cykg/hnpQx+sHYPyujd9+jhDSGVZH3yGGpL3Jj/toLPikocetq0E
-U2oeqHwOShYs8LXWgjeWipjZ3xvLsQxMR1NgbpWGiRKfMB+Yjmieptm+Rzvibpvq
-LoT2FLg5FfkpRAZPwRQ+KkLpS+O4q+ibes7MuIkCacam5slzKtPIXpCbpy5fEHte
-LeVOkr21jaYwQ5GRU0OcbVf1O6oOJo2T7XJ7RMLIAE2OdEkm4wIhhlR5TWKQ5xt7
-1vK4uSzW/2hgXFvkx8OqsI2VJWz2oE6ZqzcQYO12nVbqC8Kh6WiVNs/vP5kvb9H7
-YsI98Ts52YCzx1ztgSSHh/CFOXxDMpI7b6VkdQPYtoA4rdCDhT3xAlOfCNMHHeht
-U95rZ8LadDxamx3+1Lb8SjNJVrzrv9YC6nxOUTLn0N/K8ttx9XiOR19jisZIeF0Z
-34RKQX3PV1+0R+nUC/RpxsHxrl9/5Ne0SK3L72Djzrd8EXODGHEOMHy/wnyEKPtQ
-1aWlWYQjWCNX+r6C02MWRqwXMsusEy473xvdTiVj6lqfoAh27bVU5Q==
+LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvIrPlS24
+lgzjr/cuHJHWUyDMLMI6aV68Olu01SuZi0yGRouTUe/XS3qIjXlkySzHUqCDw/mV
+092h1lKRTlYGRZ0fwcSRrYZlySOV9dc1+TxBSAggoWcAG/tEwJ+TZFstogfUi4T+
+06DTiAmkglJ17Yyauf/IJOEwPU8c9U6joNZvPd/Y4taTgnGwliy9BAaOGKAxptZg
+FWGKlXWJw8Ya6ciBYz07yCwwyVOanAYN0NJn9Pl2c4E7R8hSQ7zj8Jvc5o57ou8f
+I5Zdm217G2AxUnsD9KEuYtyKRKDb+DOvGkcvKlJxpx/BuU3QvhC0tw7RFPWIDBzV
+nXD5ApdZLZCweUvHLi7bgA88fJXN9oYrRduhIzRCIOjtmlB6JnAiMwaNQpWy4/+S
+ZqDlky89dw29hUfj701An0QdYMyxH+uUuqfKPWdQREBkP1ARH8WaHXzzyJpX5orj
+ShIsg93HlZ68ILgrY7NpnFah8BJPbJUnp4QDAzIITZ+SYPQA8TBuUwyI2GNPmaPH
+o7nhcb7lIX0BERhsGqZV8nK6RIcEAxwjcgQgR3jcnxnzI0/bsQRFFkS2NkG/Dm3a
+vCJi8NGTaOppGaGs05r012tK5hiNOCJ2vZdo4oUuQgBlk/TtodpwBIyPNPdtNP+X
+AFeElVeC2lkwwah7Tz2t1LrLm6ksencGs2UCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIjB85Zt9x66faSMH7k25V3J
+svQJMB8GA1UdIwQYMBaAFIjB85Zt9x66faSMH7k25V3JsvQJMA0GCSqGSIb3DQEB
+CwUAA4ICAQCeR/j04yiT+RT/IN5g+5tgQ3iIlKqR3Jc/OCWFAB52MQd/Ar1xK+mK
+LykCaMBVv2GLrwol17CChomjChdoap/NilHTBoL0vQ2BYeYfa6Y+rMz0O4p5hM0R
+4IvyOnvi58qW+4mD4AP0Aot+l38DruuyC5eziglz1LfwBuL+2amIFbSBWEssntEV
+tp6WhqgTFiDEFwBpS70ImeweekU6LTZOagA2haYMq3nKtfgZw9bOcNbdhxMqxAn0
+GnmRoGDjvmh6mExsqJsGylke5gh3xRHLtuku9tWYPrM8xQE6rsE3A9pM1h/Abgqt
+wfgQe4v+42btQ2bvuqXM6fwpDmGoIo5TGPiJf97XbQeYFSLmELka+KGekWX0Ol7h
+755yunWyx2yPMq4wwd9uho8QVDFEwivXwMgZ/3WZUVAMxNHXsulw3ajAx5lyF400
+96/a5AuGM6tPlsCmovQtCkTlra6vE2EBiX2r58msIebTsudjfbYr0JuAoetrTOIm
+L38fFEeD6WMQ16DY4KqtErTfu4n3XAVdROayW6hlJmonD7m2H6qbhDsyV0aThmz7
+LJD0tshhNRMJdnaDiiyaTt+0yiiWqkqHLF0pxbovVaqau86M9bMCnHQGRCOmPCRB
+Rzp4RHdQPa45fGBkxJfg38S2xA273RuRP2xXRQBwsqyy9r7ftV0chA==
 -----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/ca_101.skunkworks.acme.xyz/ca_101.skunkworks.acme.xyz.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/ca_101.skunkworks.acme.xyz/ca_101.skunkworks.acme.xyz.keys.pem
@ -1,51 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIJKwIBAAKCAgEAsRRRuiMf+rpDWdJtBwmZVYCZFlAa/BSeC71Ku3bb7Gqi2j4s
-iBi1Hz6DTKbd+ZMwPFTPY6QkyLsgw3ICYWq19CheyHHsqX1utM66yr1OuZcn3Zbc
-pqzWaH3upbloSnn+gzEWy2hY+SG2fONa05MM5l3VCPl/fHMjJnt+fHSnr/KSk4NM
-aq5AE47v2CV7SnvLviuSUJATET183PG9xilEOfthlr63zk4RiUEmoG9ttuZmOCS3
-tlNAaUDXv5k/PrUy1qpdcp4DyJkPueTfsuAYFdGUpVuwvcLdIJHw6YrmQa3u/d6b
-c1cw3nF1TMyFFkNuf3XJAgtzz3aihDMH57LLMUE24HbdY+9Vt6HYsGninrWM4SMV
-AP62JQNS+aJfmBO1ozcyJ1/SaZm/Dxg2u8qblsJxBWi0hAkw/YSEP+Gevrdt0tf/
-xN8KypeC3lCWwm22l6gd3gXUKQYfav8eHTVOpw7QARaWJWDkEMqFRN4/KzTJF6/m
-OUz6KwEKm/NAvgVQeGBo6cMmqC8DTsRO/HpDFECoXcTFujj45yuYjlzzWEP7a4wu
-W8ouQ7E6xEAaWw0FWkEshLC6reThXAHA4cYhpQwZMQ+zP+W+5lXUGHDjlZrg1/RC
-S13nnOwOgUXmfEEth0HD8vCGpakCzlASneqvI0CkrrSjURcHKUInQ8kMuOkCAwEA
-AQKCAgEAg5glEB3QQySuro6ZJXS1tXvGyHUpSJINzY2TfvLahrvMYEF6GH28BAcR
-ziHnrfP7Eaq5IEQ4bc/ajkQojrqdk1946J75EA+9+LH00HuUiIlTP/I/8cFZ6PdF
-JXU+krJMOLR/SxQ1opayJedTdQ2/tWafzXaUjiiGQ6/clKKghznOQb9+R31M8vvz
-M37PO8/53k5FAoe/E73ND+i6bgv2vtwYbs02jSMpFwYKrYmBUD2yUyC+QclmgZGF
-g8Zf4LsJl8utfGL/TtCohi4XK7grTfOc8rHMC4lHiU/LZ9MoQEEA7TrD7RgrofNR
-B4ypjpz3/dLLWTCnlNKF/ZZq1n3hT3AXqkAxzdiWgIjaHAn0Ad1O+37lKw4IBcSP
-lgK0XBE2NefjK25RhgSZd4YtQoorTNv7AqCHGBcAp58LylSAER9aE/wtnm5HFx3B
-ZnPH4Eynhdqz4ss/JYzfcFDOV5cJCPj3YUW+0WbBm6wqalYQJyHJHrc8UH8cFYM1
-4cnSPTND4pputf28iJy0K+EmU8Rn19wRs5nK08tzLBERaq0ZDFqgZ+qXPgimSAbb
-AMGUyOkgjpcM2xyItMS2NpudAHdn1bN/W51CfEVr2ByyuPODou5wzMbcCCYOFMAu
-4xLjDO5kPzvbR9CjEr3VcKieJjeENC/F/16dqC28MU8b/VX4Kr0CggEBAOvqB7jq
-nvI5MVCu3SVwhmhCsOheLSYx8W6r3ne/fJVPn+LR1MFG2zbzZL51xzyavBWZ/cKL
-URjaPri2eEdhWp3C4lhlpO4P693L6lLIlIoG+2g5CHE3rMmYM4xOZ8wM/7e/DoRF
-KpTNeeFGYTJ8PjnfKArYEUsGwvmD321FzpQe1BSjjk5vFB9wbWCQiBQSiFmHomNQ
-/Jp7zfsIFdxyB1mSfHFJHz65SGMk5IQeqoeOUyd7NRsDft3TNnHkcp4QTenZRNdM
-/D64G2EhwJVjgW1Zj7wbljQVjAl6nzjOPp55E3zoXtA/xC20cemG06mKd33ChY5x
-pNwsZYdghVSiBZMCggEBAMAn7fO8e1BL7QDTw3zLI3GXSMhLtBCYk37XoTZgbYww
-j4Fi0AR5/NpLzzBge1NDtE1lVkwIIh+Nf1Z4LD0x8H1qmu8qNsEiSQqLSZnDytNQ
-OdgiiTXW792SgZk4p6M1rf6gUuCy02s8FK5VAArN3k9bEjbBgnTndJXUU02l1GPt
-KwJhT5hiSXjT+i1IJoRqauIGuFL7qFhef5vBKWAcmMbk3Yh5Rz9LyhLFy6boWU2e
-eQ4JdYHhCdYxPIch4Buqmr089SMYT0+/3w78Cf/Gy5/BbpT8Dr8zFrPUYIfXHuz3
-Nbeb6QGMgSDFD//NGzhDV+LEejWbAteLXKanSaHx1RMCggEBAOak6qHeOEGmqtEv
-9KOq7K04Lo8vq8KA54ME4z595sZvj2iJLxE7PgzuTttqeLyGp0YTRKYT4NiEXvfl
-5Zgb1SUSKIq17VaWGErDFzeSRK7hfp/5yoguH28Er7kH2rEDMGsrjnzAxo2uie82
-CMb78zZPN23KqrWIScz6IdFKg1oK/dujv/hs3uaR202iYHgHWmj1k0y4HA7I5av8
-zqq0jP0Em0eCbtq6+Mt9gTCubpiTDDc4XMYpV7p1ye/1oh1o4VO0iHpaGO8Uvifr
-gMZM/3eyLTWCXwpS2pNV4B8AfPYgd24SHMhK33izxv7CQ2OpLYO1Ty/haYWcnjKJ
-qjEBKqMCggEBAI37sxZbGd7uCzSGRLcsPodLWqstTOLKaonZ+LP+MlPY+eCHy97S
-6GPAilpboCSZLVvW2hoaFGSuH/4bk8yv3tw87jh0P7sbg074Nq0YgAD+EY/DjREs
-PVbCT2KQ+0Vcf7Fac4K2gAOHhFyAUCSrk22dhGrTN3r8HygqmFcShkpDz3jVwIN/
-dHyEXSIiYtuK6mkSwBYI/440XSQQaWssFjM4nvydaGi7rpeKcX1lx77Tru0RTjNm
-veb3wJq1DCxFNktIBHYnG0t5Ie+nihflo0XrHrOVP6xFqqu77IvTB3XfAGEoIdZU
-JIG7OqQvwMIk+IaF2StM25+6yP4XNBAmaeMCggEBAMop3oQGdMYxS4VDCVK4cKsx
-cuMRubqNd9Oz8D0zFJw598xwF/2Go1GytEYxiHOMZQomX29GpxH/Wdzc+FCMajXL
-A/bml0P/rhga6mu4SDAbzDjex7d56dfi8oWL/pcKgGhS6ZQw0Cpu5aVyCHTmJUOc
-KXfDAJGBfAAWHn4YnnUBZQt/nVcWZyVy+rOCXela5lCRKSeagkVz9RAw7p5Hm6Aa
-+X/NunLif/piS2PipWQmubozNmtCMzKo/RgZqwx2mPMj1TbaaC7QrG1NQTbD7aoC
-DIPcWkOKKDeSwSBHqtI/ixdTBjBlK2Jvs+0OfV+zY7/ayFlag5AdKH3ertkh768=
+MIIJKAIBAAKCAgEAvIrPlS24lgzjr/cuHJHWUyDMLMI6aV68Olu01SuZi0yGRouT
+Ue/XS3qIjXlkySzHUqCDw/mV092h1lKRTlYGRZ0fwcSRrYZlySOV9dc1+TxBSAgg
+oWcAG/tEwJ+TZFstogfUi4T+06DTiAmkglJ17Yyauf/IJOEwPU8c9U6joNZvPd/Y
+4taTgnGwliy9BAaOGKAxptZgFWGKlXWJw8Ya6ciBYz07yCwwyVOanAYN0NJn9Pl2
+c4E7R8hSQ7zj8Jvc5o57ou8fI5Zdm217G2AxUnsD9KEuYtyKRKDb+DOvGkcvKlJx
+px/BuU3QvhC0tw7RFPWIDBzVnXD5ApdZLZCweUvHLi7bgA88fJXN9oYrRduhIzRC
+IOjtmlB6JnAiMwaNQpWy4/+SZqDlky89dw29hUfj701An0QdYMyxH+uUuqfKPWdQ
+REBkP1ARH8WaHXzzyJpX5orjShIsg93HlZ68ILgrY7NpnFah8BJPbJUnp4QDAzII
+TZ+SYPQA8TBuUwyI2GNPmaPHo7nhcb7lIX0BERhsGqZV8nK6RIcEAxwjcgQgR3jc
+nxnzI0/bsQRFFkS2NkG/Dm3avCJi8NGTaOppGaGs05r012tK5hiNOCJ2vZdo4oUu
+QgBlk/TtodpwBIyPNPdtNP+XAFeElVeC2lkwwah7Tz2t1LrLm6ksencGs2UCAwEA
+AQKCAgAX8b0JIgRWMg7ccxTNFgxVBE5JxOTsKtbWxnzBscbPNQm8fc9Y0Y/TCx26
+cddF4UTzDmWNhu3rOTNrZ5MCktQ7FQhKcG9bzTyx/a32yb0WCPv1bOrP9KfD5fZG
+TD3Iufeio0Hv8hT2xW730Nmun1BQudGQm5ZMcLjSoHB6CuGm9HSuM/Z0YHHdWBjo
+CYh7sWVsZTPJD2KmdHvIHWRAk7EpTYh5FPa5pjsP5mk1NWOdyIrhRqkvZBMmO5+O
+8Lc2AGVedmvnNl0LBPagXZgL0vyQkAThlXKxpXZ93rvw2od7W9z2j//VDKhqoyJG
+cRKySNRux/veJe9PDmDhXl059y0iEm0AUDSp4dCD3KeL+rChDAV12YZSV2bXM3z1
+djAVtJgJbjSqScWVHWc+VFcEDCsRCnK7wAKIqbejnCJSyzWgOwquQXGy0dBjP1Mo
+A3e2gqT9KVcmzv1yPajpX7MN/O/MhwVv7s3fKv4hb0AGUzpKyF/t6Dh8zs74V7EZ
+QfDHa+AulG8VTzH595iVHv0EP5YwwtqmpogF3VJWnMxlRN12suL4+pSeUX1RGk9m
+HMWN0VCnZDkE8Rg8XjaIot1JLp19yk5AVGAUTPSfyZHUShl6pMLpVdoiJLDpQn4o
+Mt3GG3sbMVH6gR76UVVPMAC1qRu0BBZ5+b/c6t4u+br0Y83TJQKCAQEA7hQsvhqG
+xXZCjAEGF3+WBBgxZzZuKchD4D1KcOLJB5Hrd3eih0E3B2h02HDHbCe+bRObN9yz
+mJYJO2pnoWcQ7XBhcCKjkMoFxu9KxyByHnnFUQYSty55VPaWvwNGxusqDh9EDrvL
+ekv1VXCofv4nYJzAPh9BkLL6PCwoQzqCmoGTD3B2eyEuqDhUSBrKS2mHLKNya2Pf
+4reI/QCBiHDGuP5b+RrIeQpseF3CTfgmh8ZCrO0q0GY3mnO03B4jPR2b2neS5wbk
+EK7vTOQsdhZwTG/9zoYLqSV+00vApggtSYxrIpG+Tq/mFjFaRNg9xafAwqA4sa8p
+3s6a112kFdQDTwKCAQEAyrwOebxjW7mQdqQaiG1hBQK4UIAu9N/twiRI/9iXxiYQ
+B1BPVBaInTMPpkSZoip8Z3pKtdDoIAf+SJjI6dyaDS93IvLPXG0R5bOlXHsGAJZg
+uDFvPlZB/MCVObKhtKqQJyRNCOz+csulnkhPacZGQv82jXk9ifFb/nA1Eiws0p8E
+eHQTfoyF8AZpycWI+PvE0k2rq2hLbHqRfRB0CQxnbiU3FeZpte2WKEczY8llg9Xw
+asLIJQA0+gT8H5lhfD7mFdMVf8goqB8/aNih/ZW0uZ95/XKpmNMzQw26LAJunV8q
+RqBaFTiRP7TXUI4UE8kRowDTjHYMzTDGIrwaHdTBCwKCAQEA0Xa2lttHz9toWT1d
+WrdKCXgvnxtoeSJVdaj3IbKmJB7iCE4dlNpvy/i/NN6k1idxhw5E9jUbXhhDLx9C
+5eKEJiNF1x7iwbS8uHY4WFHXlbCVReAN/1TIM1Rw9MWxM7obWilv+3aGY6cIxo9D
+79c0VfATw5REX0bYmrBPDDciSUXPWTodQ9/B6QcGQBox+X9zCncTaCCLDjFkORSE
+4sI2VPSVfultj/D31j7HgUnevH5Wk0Zm8Mu+CAndCf0KC+9M/D1P5itN5M/EguYN
+qCe9zcKKj3WoNL1khAqWCH4ROjBs4hFQWnKwAL6TKRcH4irhkVreBpaSRBGKcglV
+IE9USQKCAQA6OLmbgluyat8vAz/PcEINk1NlYvqZPnnkaFFCkGw97o5p20l855/C
+LXjQEiFg7fyeJwOvpVgUYtdG+AGzD7R6FuiK89pTO8uJAQd7QKVfo9AQ9blx2InI
+0XHJiSBhZx5Q717kMlN8mjls9G1B/jwNX4fGJ0xiAhuePZEwL9mLfzlkcklq7WZF
+oUHePUlx37QNhVrItgH7HFQN65y3QIWvnyZrtqkjIyEdXh1HCf6KVvVdY6Tg42dT
+af0SAhV5/gJLwDwLX2s1pQury5Lx5X1qVX9OJxDHn9e36QhPPT+RGFRmxgQ41e74
+sbGoI7VmXTcgbctTKk/Q2bH9JbIGYSQzAoIBAH8Rywdz63DeIf0DrfBKY5wlAtCy
+ZEDyPawzQEgUqJKCr4EaKzSTcLJ7lAU8VmEyMmbb/LXCjAzZtc4p0iopfiN9YGnR
+e8Z3osxGd8PpNNBEXWavKvEGDu55NbHSZkGXdEOek0QZwI7RJA1fqXHquMpCwbOl
+wiwRiiQVpsalntZMaiNGQRa4wLO5lv0DfT0dILEImyTb2QpzpjO9E3FJ3XftrNU3
+lHgHwb+QtWT4xF56XU4zjEmZLQ/58PMi7S9cptejjzSz1YCkzcD/Tllp4+9QXTXr
+9L15opwsOQWzvDhJa/hWbVLyIm8clJGObWRfl4fK41wjuQuT+l7z9mtFgJk=
 -----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/ca_101.skunkworks.acme.xyz/ca_101.skunkworks.acme.xyz_cert.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/ca_101.skunkworks.acme.xyz/ca_101.skunkworks.acme.xyz_cert.info.txt
@ -5,48 +5,48 @@ Certificate:
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=OO, O=ACME, CN=root.101.skunkworks.acme.xyz
        Validity
-            Not Before: Aug  6 18:53:12 2018 GMT
-            Not After : Aug  3 18:53:12 2028 GMT
+            Not Before: Aug 25 18:06:11 2018 GMT
+            Not After : Aug 22 18:06:11 2028 GMT
        Subject: C=OO, O=ACME, CN=root.101.skunkworks.acme.xyz
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
-                    00:b1:14:51:ba:23:1f:fa:ba:43:59:d2:6d:07:09:
-                    99:55:80:99:16:50:1a:fc:14:9e:0b:bd:4a:bb:76:
-                    db:ec:6a:a2:da:3e:2c:88:18:b5:1f:3e:83:4c:a6:
-                    dd:f9:93:30:3c:54:cf:63:a4:24:c8:bb:20:c3:72:
-                    02:61:6a:b5:f4:28:5e:c8:71:ec:a9:7d:6e:b4:ce:
-                    ba:ca:bd:4e:b9:97:27:dd:96:dc:a6:ac:d6:68:7d:
-                    ee:a5:b9:68:4a:79:fe:83:31:16:cb:68:58:f9:21:
-                    b6:7c:e3:5a:d3:93:0c:e6:5d:d5:08:f9:7f:7c:73:
-                    23:26:7b:7e:7c:74:a7:af:f2:92:93:83:4c:6a:ae:
-                    40:13:8e:ef:d8:25:7b:4a:7b:cb:be:2b:92:50:90:
-                    13:11:3d:7c:dc:f1:bd:c6:29:44:39:fb:61:96:be:
-                    b7:ce:4e:11:89:41:26:a0:6f:6d:b6:e6:66:38:24:
-                    b7:b6:53:40:69:40:d7:bf:99:3f:3e:b5:32:d6:aa:
-                    5d:72:9e:03:c8:99:0f:b9:e4:df:b2:e0:18:15:d1:
-                    94:a5:5b:b0:bd:c2:dd:20:91:f0:e9:8a:e6:41:ad:
-                    ee:fd:de:9b:73:57:30:de:71:75:4c:cc:85:16:43:
-                    6e:7f:75:c9:02:0b:73:cf:76:a2:84:33:07:e7:b2:
-                    cb:31:41:36:e0:76:dd:63:ef:55:b7:a1:d8:b0:69:
-                    e2:9e:b5:8c:e1:23:15:00:fe:b6:25:03:52:f9:a2:
-                    5f:98:13:b5:a3:37:32:27:5f:d2:69:99:bf:0f:18:
-                    36:bb:ca:9b:96:c2:71:05:68:b4:84:09:30:fd:84:
-                    84:3f:e1:9e:be:b7:6d:d2:d7:ff:c4:df:0a:ca:97:
-                    82:de:50:96:c2:6d:b6:97:a8:1d:de:05:d4:29:06:
-                    1f:6a:ff:1e:1d:35:4e:a7:0e:d0:01:16:96:25:60:
-                    e4:10:ca:85:44:de:3f:2b:34:c9:17:af:e6:39:4c:
-                    fa:2b:01:0a:9b:f3:40:be:05:50:78:60:68:e9:c3:
-                    26:a8:2f:03:4e:c4:4e:fc:7a:43:14:40:a8:5d:c4:
-                    c5:ba:38:f8:e7:2b:98:8e:5c:f3:58:43:fb:6b:8c:
-                    2e:5b:ca:2e:43:b1:3a:c4:40:1a:5b:0d:05:5a:41:
-                    2c:84:b0:ba:ad:e4:e1:5c:01:c0:e1:c6:21:a5:0c:
-                    19:31:0f:b3:3f:e5:be:e6:55:d4:18:70:e3:95:9a:
-                    e0:d7:f4:42:4b:5d:e7:9c:ec:0e:81:45:e6:7c:41:
-                    2d:87:41:c3:f2:f0:86:a5:a9:02:ce:50:12:9d:ea:
-                    af:23:40:a4:ae:b4:a3:51:17:07:29:42:27:43:c9:
-                    0c:b8:e9
+                    00:bc:8a:cf:95:2d:b8:96:0c:e3:af:f7:2e:1c:91:
+                    d6:53:20:cc:2c:c2:3a:69:5e:bc:3a:5b:b4:d5:2b:
+                    99:8b:4c:86:46:8b:93:51:ef:d7:4b:7a:88:8d:79:
+                    64:c9:2c:c7:52:a0:83:c3:f9:95:d3:dd:a1:d6:52:
+                    91:4e:56:06:45:9d:1f:c1:c4:91:ad:86:65:c9:23:
+                    95:f5:d7:35:f9:3c:41:48:08:20:a1:67:00:1b:fb:
+                    44:c0:9f:93:64:5b:2d:a2:07:d4:8b:84:fe:d3:a0:
+                    d3:88:09:a4:82:52:75:ed:8c:9a:b9:ff:c8:24:e1:
+                    30:3d:4f:1c:f5:4e:a3:a0:d6:6f:3d:df:d8:e2:d6:
+                    93:82:71:b0:96:2c:bd:04:06:8e:18:a0:31:a6:d6:
+                    60:15:61:8a:95:75:89:c3:c6:1a:e9:c8:81:63:3d:
+                    3b:c8:2c:30:c9:53:9a:9c:06:0d:d0:d2:67:f4:f9:
+                    76:73:81:3b:47:c8:52:43:bc:e3:f0:9b:dc:e6:8e:
+                    7b:a2:ef:1f:23:96:5d:9b:6d:7b:1b:60:31:52:7b:
+                    03:f4:a1:2e:62:dc:8a:44:a0:db:f8:33:af:1a:47:
+                    2f:2a:52:71:a7:1f:c1:b9:4d:d0:be:10:b4:b7:0e:
+                    d1:14:f5:88:0c:1c:d5:9d:70:f9:02:97:59:2d:90:
+                    b0:79:4b:c7:2e:2e:db:80:0f:3c:7c:95:cd:f6:86:
+                    2b:45:db:a1:23:34:42:20:e8:ed:9a:50:7a:26:70:
+                    22:33:06:8d:42:95:b2:e3:ff:92:66:a0:e5:93:2f:
+                    3d:77:0d:bd:85:47:e3:ef:4d:40:9f:44:1d:60:cc:
+                    b1:1f:eb:94:ba:a7:ca:3d:67:50:44:40:64:3f:50:
+                    11:1f:c5:9a:1d:7c:f3:c8:9a:57:e6:8a:e3:4a:12:
+                    2c:83:dd:c7:95:9e:bc:20:b8:2b:63:b3:69:9c:56:
+                    a1:f0:12:4f:6c:95:27:a7:84:03:03:32:08:4d:9f:
+                    92:60:f4:00:f1:30:6e:53:0c:88:d8:63:4f:99:a3:
+                    c7:a3:b9:e1:71:be:e5:21:7d:01:11:18:6c:1a:a6:
+                    55:f2:72:ba:44:87:04:03:1c:23:72:04:20:47:78:
+                    dc:9f:19:f3:23:4f:db:b1:04:45:16:44:b6:36:41:
+                    bf:0e:6d:da:bc:22:62:f0:d1:93:68:ea:69:19:a1:
+                    ac:d3:9a:f4:d7:6b:4a:e6:18:8d:38:22:76:bd:97:
+                    68:e2:85:2e:42:00:65:93:f4:ed:a1:da:70:04:8c:
+                    8f:34:f7:6d:34:ff:97:00:57:84:95:57:82:da:59:
+                    30:c1:a8:7b:4f:3d:ad:d4:ba:cb:9b:a9:2c:7a:77:
+                    06:b3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
@ -54,37 +54,37 @@ Certificate:
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
-                6B:3F:F0:54:2F:CB:C3:59:1F:0F:23:32:1B:F1:F7:2C:4B:F5:17:DC
+                88:C1:F3:96:6D:F7:1E:BA:7D:A4:8C:1F:B9:36:E5:5D:C9:B2:F4:09
            X509v3 Authority Key Identifier: 
-                keyid:6B:3F:F0:54:2F:CB:C3:59:1F:0F:23:32:1B:F1:F7:2C:4B:F5:17:DC
+                keyid:88:C1:F3:96:6D:F7:1E:BA:7D:A4:8C:1F:B9:36:E5:5D:C9:B2:F4:09

    Signature Algorithm: sha256WithRSAEncryption
-         30:35:8d:4c:76:18:90:43:d8:b0:cd:93:6b:87:3b:9c:c6:3b:
-         69:c5:89:f2:7e:6f:7a:db:0e:af:6c:74:92:a6:eb:eb:f5:1f:
-         d7:d5:ee:50:4a:71:5d:54:18:5a:9e:8e:4d:8a:81:f5:8f:44:
-         40:98:10:d2:e0:61:2c:23:81:b3:be:09:0e:23:b5:53:f8:2e:
-         70:ac:69:26:35:4c:64:f9:f8:5f:87:6d:f0:c6:24:89:99:2b:
-         04:f5:aa:e9:0a:3a:35:0b:29:20:fe:19:e9:43:1f:ac:1d:83:
-         f2:ba:37:7d:fa:38:43:48:65:59:1f:7c:86:1a:92:f7:26:3f:
-         ed:a0:b3:e2:92:87:1e:b6:ad:04:53:6a:1e:a8:7c:0e:4a:16:
-         2c:f0:b5:d6:82:37:96:8a:98:d9:df:1b:cb:b1:0c:4c:47:53:
-         60:6e:95:86:89:12:9f:30:1f:98:8e:68:9e:a6:d9:be:47:3b:
-         e2:6e:9b:ea:2e:84:f6:14:b8:39:15:f9:29:44:06:4f:c1:14:
-         3e:2a:42:e9:4b:e3:b8:ab:e8:9b:7a:ce:cc:b8:89:02:69:c6:
-         a6:e6:c9:73:2a:d3:c8:5e:90:9b:a7:2e:5f:10:7b:5e:2d:e5:
-         4e:92:bd:b5:8d:a6:30:43:91:91:53:43:9c:6d:57:f5:3b:aa:
-         0e:26:8d:93:ed:72:7b:44:c2:c8:00:4d:8e:74:49:26:e3:02:
-         21:86:54:79:4d:62:90:e7:1b:7b:d6:f2:b8:b9:2c:d6:ff:68:
-         60:5c:5b:e4:c7:c3:aa:b0:8d:95:25:6c:f6:a0:4e:99:ab:37:
-         10:60:ed:76:9d:56:ea:0b:c2:a1:e9:68:95:36:cf:ef:3f:99:
-         2f:6f:d1:fb:62:c2:3d:f1:3b:39:d9:80:b3:c7:5c:ed:81:24:
-         87:87:f0:85:39:7c:43:32:92:3b:6f:a5:64:75:03:d8:b6:80:
-         38:ad:d0:83:85:3d:f1:02:53:9f:08:d3:07:1d:e8:6d:53:de:
-         6b:67:c2:da:74:3c:5a:9b:1d:fe:d4:b6:fc:4a:33:49:56:bc:
-         eb:bf:d6:02:ea:7c:4e:51:32:e7:d0:df:ca:f2:db:71:f5:78:
-         8e:47:5f:63:8a:c6:48:78:5d:19:df:84:4a:41:7d:cf:57:5f:
-         b4:47:e9:d4:0b:f4:69:c6:c1:f1:ae:5f:7f:e4:d7:b4:48:ad:
-         cb:ef:60:e3:ce:b7:7c:11:73:83:18:71:0e:30:7c:bf:c2:7c:
-         84:28:fb:50:d5:a5:a5:59:84:23:58:23:57:fa:be:82:d3:63:
-         16:46:ac:17:32:cb:ac:13:2e:3b:df:1b:dd:4e:25:63:ea:5a:
-         9f:a0:08:76:ed:b5:54:e5
+         9e:47:f8:f4:e3:28:93:f9:14:ff:20:de:60:fb:9b:60:43:78:
+         88:94:aa:91:dc:97:3f:38:25:85:00:1e:76:31:07:7f:02:bd:
+         71:2b:e9:8a:2f:29:02:68:c0:55:bf:61:8b:af:0a:25:d7:b0:
+         82:86:89:a3:0a:17:68:6a:9f:cd:8a:51:d3:06:82:f4:bd:0d:
+         81:61:e6:1f:6b:a6:3e:ac:cc:f4:3b:8a:79:84:cd:11:e0:8b:
+         f2:3a:7b:e2:e7:ca:96:fb:89:83:e0:03:f4:02:8b:7e:97:7f:
+         03:ae:eb:b2:0b:97:b3:8a:09:73:d4:b7:f0:06:e2:fe:d9:a9:
+         88:15:b4:81:58:4b:2c:9e:d1:15:b6:9e:96:86:a8:13:16:20:
+         c4:17:00:69:4b:bd:08:99:ec:1e:7a:45:3a:2d:36:4e:6a:00:
+         36:85:a6:0c:ab:79:ca:b5:f8:19:c3:d6:ce:70:d6:dd:87:13:
+         2a:c4:09:f4:1a:79:91:a0:60:e3:be:68:7a:98:4c:6c:a8:9b:
+         06:ca:59:1e:e6:08:77:c5:11:cb:b6:e9:2e:f6:d5:98:3e:b3:
+         3c:c5:01:3a:ae:c1:37:03:da:4c:d6:1f:c0:6e:0a:ad:c1:f8:
+         10:7b:8b:fe:e3:66:ed:43:66:ef:ba:a5:cc:e9:fc:29:0e:61:
+         a8:22:8e:53:18:f8:89:7f:de:d7:6d:07:98:15:22:e6:10:b9:
+         1a:f8:a1:9e:91:65:f4:3a:5e:e1:ef:9e:72:ba:75:b2:c7:6c:
+         8f:32:ae:30:c1:df:6e:86:8f:10:54:31:44:c2:2b:d7:c0:c8:
+         19:ff:75:99:51:50:0c:c4:d1:d7:b2:e9:70:dd:a8:c0:c7:99:
+         72:17:8d:34:f7:af:da:e4:0b:86:33:ab:4f:96:c0:a6:a2:f4:
+         2d:0a:44:e5:ad:ae:af:13:61:01:89:7d:ab:e7:c9:ac:21:e6:
+         d3:b2:e7:63:7d:b6:2b:d0:9b:80:a1:eb:6b:4c:e2:26:2f:7f:
+         1f:14:47:83:e9:63:10:d7:a0:d8:e0:aa:ad:12:b4:df:bb:89:
+         f7:5c:05:5d:44:e6:b2:5b:a8:65:26:6a:27:0f:b9:b6:1f:aa:
+         9b:84:3b:32:57:46:93:86:6c:fb:2c:90:f4:b6:c8:61:35:13:
+         09:76:76:83:8a:2c:9a:4e:df:b4:ca:28:96:aa:4a:87:2c:5d:
+         29:c5:ba:2f:55:aa:9a:bb:ce:8c:f5:b3:02:9c:74:06:44:23:
+         a6:3c:24:41:47:3a:78:44:77:50:3d:ae:39:7c:60:64:c4:97:
+         e0:df:c4:b6:c4:0d:bb:dd:1b:91:3f:6c:57:45:00:70:b2:ac:
+         b2:f6:be:df:b5:5d:1c:84
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/cfg/SERIAL
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/cfg/SERIAL
@ -1 +1 @@
-10028
+101
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/cfg/ca.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/cfg/ca.crt.pem
@ -1,31 +1,31 @@
 -----BEGIN CERTIFICATE-----
 MIIFZDCCA0ygAwIBAgIBZTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJPTzEN
 MAsGA1UECgwEQUNNRTElMCMGA1UEAwwccm9vdC4xMDEuc2t1bmt3b3Jrcy5hY21l
-Lnh5ejAeFw0xODA4MDYxODUzMTJaFw0yODA4MDMxODUzMTJaMEMxCzAJBgNVBAYT
+Lnh5ejAeFw0xODA4MjUxODA2MTFaFw0yODA4MjIxODA2MTFaMEMxCzAJBgNVBAYT
 Ak9PMQ0wCwYDVQQKDARBQ01FMSUwIwYDVQQDDBxyb290LjEwMS5za3Vua3dvcmtz
-LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRRRuiMf
-+rpDWdJtBwmZVYCZFlAa/BSeC71Ku3bb7Gqi2j4siBi1Hz6DTKbd+ZMwPFTPY6Qk
-yLsgw3ICYWq19CheyHHsqX1utM66yr1OuZcn3ZbcpqzWaH3upbloSnn+gzEWy2hY
-+SG2fONa05MM5l3VCPl/fHMjJnt+fHSnr/KSk4NMaq5AE47v2CV7SnvLviuSUJAT
-ET183PG9xilEOfthlr63zk4RiUEmoG9ttuZmOCS3tlNAaUDXv5k/PrUy1qpdcp4D
-yJkPueTfsuAYFdGUpVuwvcLdIJHw6YrmQa3u/d6bc1cw3nF1TMyFFkNuf3XJAgtz
-z3aihDMH57LLMUE24HbdY+9Vt6HYsGninrWM4SMVAP62JQNS+aJfmBO1ozcyJ1/S
-aZm/Dxg2u8qblsJxBWi0hAkw/YSEP+Gevrdt0tf/xN8KypeC3lCWwm22l6gd3gXU
-KQYfav8eHTVOpw7QARaWJWDkEMqFRN4/KzTJF6/mOUz6KwEKm/NAvgVQeGBo6cMm
-qC8DTsRO/HpDFECoXcTFujj45yuYjlzzWEP7a4wuW8ouQ7E6xEAaWw0FWkEshLC6
-reThXAHA4cYhpQwZMQ+zP+W+5lXUGHDjlZrg1/RCS13nnOwOgUXmfEEth0HD8vCG
-pakCzlASneqvI0CkrrSjURcHKUInQ8kMuOkCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
-AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFGs/8FQvy8NZHw8jMhvx9yxL
-9RfcMB8GA1UdIwQYMBaAFGs/8FQvy8NZHw8jMhvx9yxL9RfcMA0GCSqGSIb3DQEB
-CwUAA4ICAQAwNY1MdhiQQ9iwzZNrhzucxjtpxYnyfm962w6vbHSSpuvr9R/X1e5Q
-SnFdVBhano5NioH1j0RAmBDS4GEsI4GzvgkOI7VT+C5wrGkmNUxk+fhfh23wxiSJ
-mSsE9arpCjo1Cykg/hnpQx+sHYPyujd9+jhDSGVZH3yGGpL3Jj/toLPikocetq0E
-U2oeqHwOShYs8LXWgjeWipjZ3xvLsQxMR1NgbpWGiRKfMB+Yjmieptm+Rzvibpvq
-LoT2FLg5FfkpRAZPwRQ+KkLpS+O4q+ibes7MuIkCacam5slzKtPIXpCbpy5fEHte
-LeVOkr21jaYwQ5GRU0OcbVf1O6oOJo2T7XJ7RMLIAE2OdEkm4wIhhlR5TWKQ5xt7
-1vK4uSzW/2hgXFvkx8OqsI2VJWz2oE6ZqzcQYO12nVbqC8Kh6WiVNs/vP5kvb9H7
-YsI98Ts52YCzx1ztgSSHh/CFOXxDMpI7b6VkdQPYtoA4rdCDhT3xAlOfCNMHHeht
-U95rZ8LadDxamx3+1Lb8SjNJVrzrv9YC6nxOUTLn0N/K8ttx9XiOR19jisZIeF0Z
-34RKQX3PV1+0R+nUC/RpxsHxrl9/5Ne0SK3L72Djzrd8EXODGHEOMHy/wnyEKPtQ
-1aWlWYQjWCNX+r6C02MWRqwXMsusEy473xvdTiVj6lqfoAh27bVU5Q==
+LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvIrPlS24
+lgzjr/cuHJHWUyDMLMI6aV68Olu01SuZi0yGRouTUe/XS3qIjXlkySzHUqCDw/mV
+092h1lKRTlYGRZ0fwcSRrYZlySOV9dc1+TxBSAggoWcAG/tEwJ+TZFstogfUi4T+
+06DTiAmkglJ17Yyauf/IJOEwPU8c9U6joNZvPd/Y4taTgnGwliy9BAaOGKAxptZg
+FWGKlXWJw8Ya6ciBYz07yCwwyVOanAYN0NJn9Pl2c4E7R8hSQ7zj8Jvc5o57ou8f
+I5Zdm217G2AxUnsD9KEuYtyKRKDb+DOvGkcvKlJxpx/BuU3QvhC0tw7RFPWIDBzV
+nXD5ApdZLZCweUvHLi7bgA88fJXN9oYrRduhIzRCIOjtmlB6JnAiMwaNQpWy4/+S
+ZqDlky89dw29hUfj701An0QdYMyxH+uUuqfKPWdQREBkP1ARH8WaHXzzyJpX5orj
+ShIsg93HlZ68ILgrY7NpnFah8BJPbJUnp4QDAzIITZ+SYPQA8TBuUwyI2GNPmaPH
+o7nhcb7lIX0BERhsGqZV8nK6RIcEAxwjcgQgR3jcnxnzI0/bsQRFFkS2NkG/Dm3a
+vCJi8NGTaOppGaGs05r012tK5hiNOCJ2vZdo4oUuQgBlk/TtodpwBIyPNPdtNP+X
+AFeElVeC2lkwwah7Tz2t1LrLm6ksencGs2UCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIjB85Zt9x66faSMH7k25V3J
+svQJMB8GA1UdIwQYMBaAFIjB85Zt9x66faSMH7k25V3JsvQJMA0GCSqGSIb3DQEB
+CwUAA4ICAQCeR/j04yiT+RT/IN5g+5tgQ3iIlKqR3Jc/OCWFAB52MQd/Ar1xK+mK
+LykCaMBVv2GLrwol17CChomjChdoap/NilHTBoL0vQ2BYeYfa6Y+rMz0O4p5hM0R
+4IvyOnvi58qW+4mD4AP0Aot+l38DruuyC5eziglz1LfwBuL+2amIFbSBWEssntEV
+tp6WhqgTFiDEFwBpS70ImeweekU6LTZOagA2haYMq3nKtfgZw9bOcNbdhxMqxAn0
+GnmRoGDjvmh6mExsqJsGylke5gh3xRHLtuku9tWYPrM8xQE6rsE3A9pM1h/Abgqt
+wfgQe4v+42btQ2bvuqXM6fwpDmGoIo5TGPiJf97XbQeYFSLmELka+KGekWX0Ol7h
+755yunWyx2yPMq4wwd9uho8QVDFEwivXwMgZ/3WZUVAMxNHXsulw3ajAx5lyF400
+96/a5AuGM6tPlsCmovQtCkTlra6vE2EBiX2r58msIebTsudjfbYr0JuAoetrTOIm
+L38fFEeD6WMQ16DY4KqtErTfu4n3XAVdROayW6hlJmonD7m2H6qbhDsyV0aThmz7
+LJD0tshhNRMJdnaDiiyaTt+0yiiWqkqHLF0pxbovVaqau86M9bMCnHQGRCOmPCRB
+Rzp4RHdQPa45fGBkxJfg38S2xA273RuRP2xXRQBwsqyy9r7ftV0chA==
 -----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/cfg/ca.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/cfg/ca.keys.pem
@ -1,51 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIJKwIBAAKCAgEAsRRRuiMf+rpDWdJtBwmZVYCZFlAa/BSeC71Ku3bb7Gqi2j4s
-iBi1Hz6DTKbd+ZMwPFTPY6QkyLsgw3ICYWq19CheyHHsqX1utM66yr1OuZcn3Zbc
-pqzWaH3upbloSnn+gzEWy2hY+SG2fONa05MM5l3VCPl/fHMjJnt+fHSnr/KSk4NM
-aq5AE47v2CV7SnvLviuSUJATET183PG9xilEOfthlr63zk4RiUEmoG9ttuZmOCS3
-tlNAaUDXv5k/PrUy1qpdcp4DyJkPueTfsuAYFdGUpVuwvcLdIJHw6YrmQa3u/d6b
-c1cw3nF1TMyFFkNuf3XJAgtzz3aihDMH57LLMUE24HbdY+9Vt6HYsGninrWM4SMV
-AP62JQNS+aJfmBO1ozcyJ1/SaZm/Dxg2u8qblsJxBWi0hAkw/YSEP+Gevrdt0tf/
-xN8KypeC3lCWwm22l6gd3gXUKQYfav8eHTVOpw7QARaWJWDkEMqFRN4/KzTJF6/m
-OUz6KwEKm/NAvgVQeGBo6cMmqC8DTsRO/HpDFECoXcTFujj45yuYjlzzWEP7a4wu
-W8ouQ7E6xEAaWw0FWkEshLC6reThXAHA4cYhpQwZMQ+zP+W+5lXUGHDjlZrg1/RC
-S13nnOwOgUXmfEEth0HD8vCGpakCzlASneqvI0CkrrSjURcHKUInQ8kMuOkCAwEA
-AQKCAgEAg5glEB3QQySuro6ZJXS1tXvGyHUpSJINzY2TfvLahrvMYEF6GH28BAcR
-ziHnrfP7Eaq5IEQ4bc/ajkQojrqdk1946J75EA+9+LH00HuUiIlTP/I/8cFZ6PdF
-JXU+krJMOLR/SxQ1opayJedTdQ2/tWafzXaUjiiGQ6/clKKghznOQb9+R31M8vvz
-M37PO8/53k5FAoe/E73ND+i6bgv2vtwYbs02jSMpFwYKrYmBUD2yUyC+QclmgZGF
-g8Zf4LsJl8utfGL/TtCohi4XK7grTfOc8rHMC4lHiU/LZ9MoQEEA7TrD7RgrofNR
-B4ypjpz3/dLLWTCnlNKF/ZZq1n3hT3AXqkAxzdiWgIjaHAn0Ad1O+37lKw4IBcSP
-lgK0XBE2NefjK25RhgSZd4YtQoorTNv7AqCHGBcAp58LylSAER9aE/wtnm5HFx3B
-ZnPH4Eynhdqz4ss/JYzfcFDOV5cJCPj3YUW+0WbBm6wqalYQJyHJHrc8UH8cFYM1
-4cnSPTND4pputf28iJy0K+EmU8Rn19wRs5nK08tzLBERaq0ZDFqgZ+qXPgimSAbb
-AMGUyOkgjpcM2xyItMS2NpudAHdn1bN/W51CfEVr2ByyuPODou5wzMbcCCYOFMAu
-4xLjDO5kPzvbR9CjEr3VcKieJjeENC/F/16dqC28MU8b/VX4Kr0CggEBAOvqB7jq
-nvI5MVCu3SVwhmhCsOheLSYx8W6r3ne/fJVPn+LR1MFG2zbzZL51xzyavBWZ/cKL
-URjaPri2eEdhWp3C4lhlpO4P693L6lLIlIoG+2g5CHE3rMmYM4xOZ8wM/7e/DoRF
-KpTNeeFGYTJ8PjnfKArYEUsGwvmD321FzpQe1BSjjk5vFB9wbWCQiBQSiFmHomNQ
-/Jp7zfsIFdxyB1mSfHFJHz65SGMk5IQeqoeOUyd7NRsDft3TNnHkcp4QTenZRNdM
-/D64G2EhwJVjgW1Zj7wbljQVjAl6nzjOPp55E3zoXtA/xC20cemG06mKd33ChY5x
-pNwsZYdghVSiBZMCggEBAMAn7fO8e1BL7QDTw3zLI3GXSMhLtBCYk37XoTZgbYww
-j4Fi0AR5/NpLzzBge1NDtE1lVkwIIh+Nf1Z4LD0x8H1qmu8qNsEiSQqLSZnDytNQ
-OdgiiTXW792SgZk4p6M1rf6gUuCy02s8FK5VAArN3k9bEjbBgnTndJXUU02l1GPt
-KwJhT5hiSXjT+i1IJoRqauIGuFL7qFhef5vBKWAcmMbk3Yh5Rz9LyhLFy6boWU2e
-eQ4JdYHhCdYxPIch4Buqmr089SMYT0+/3w78Cf/Gy5/BbpT8Dr8zFrPUYIfXHuz3
-Nbeb6QGMgSDFD//NGzhDV+LEejWbAteLXKanSaHx1RMCggEBAOak6qHeOEGmqtEv
-9KOq7K04Lo8vq8KA54ME4z595sZvj2iJLxE7PgzuTttqeLyGp0YTRKYT4NiEXvfl
-5Zgb1SUSKIq17VaWGErDFzeSRK7hfp/5yoguH28Er7kH2rEDMGsrjnzAxo2uie82
-CMb78zZPN23KqrWIScz6IdFKg1oK/dujv/hs3uaR202iYHgHWmj1k0y4HA7I5av8
-zqq0jP0Em0eCbtq6+Mt9gTCubpiTDDc4XMYpV7p1ye/1oh1o4VO0iHpaGO8Uvifr
-gMZM/3eyLTWCXwpS2pNV4B8AfPYgd24SHMhK33izxv7CQ2OpLYO1Ty/haYWcnjKJ
-qjEBKqMCggEBAI37sxZbGd7uCzSGRLcsPodLWqstTOLKaonZ+LP+MlPY+eCHy97S
-6GPAilpboCSZLVvW2hoaFGSuH/4bk8yv3tw87jh0P7sbg074Nq0YgAD+EY/DjREs
-PVbCT2KQ+0Vcf7Fac4K2gAOHhFyAUCSrk22dhGrTN3r8HygqmFcShkpDz3jVwIN/
-dHyEXSIiYtuK6mkSwBYI/440XSQQaWssFjM4nvydaGi7rpeKcX1lx77Tru0RTjNm
-veb3wJq1DCxFNktIBHYnG0t5Ie+nihflo0XrHrOVP6xFqqu77IvTB3XfAGEoIdZU
-JIG7OqQvwMIk+IaF2StM25+6yP4XNBAmaeMCggEBAMop3oQGdMYxS4VDCVK4cKsx
-cuMRubqNd9Oz8D0zFJw598xwF/2Go1GytEYxiHOMZQomX29GpxH/Wdzc+FCMajXL
-A/bml0P/rhga6mu4SDAbzDjex7d56dfi8oWL/pcKgGhS6ZQw0Cpu5aVyCHTmJUOc
-KXfDAJGBfAAWHn4YnnUBZQt/nVcWZyVy+rOCXela5lCRKSeagkVz9RAw7p5Hm6Aa
-+X/NunLif/piS2PipWQmubozNmtCMzKo/RgZqwx2mPMj1TbaaC7QrG1NQTbD7aoC
-DIPcWkOKKDeSwSBHqtI/ixdTBjBlK2Jvs+0OfV+zY7/ayFlag5AdKH3ertkh768=
+MIIJKAIBAAKCAgEAvIrPlS24lgzjr/cuHJHWUyDMLMI6aV68Olu01SuZi0yGRouT
+Ue/XS3qIjXlkySzHUqCDw/mV092h1lKRTlYGRZ0fwcSRrYZlySOV9dc1+TxBSAgg
+oWcAG/tEwJ+TZFstogfUi4T+06DTiAmkglJ17Yyauf/IJOEwPU8c9U6joNZvPd/Y
+4taTgnGwliy9BAaOGKAxptZgFWGKlXWJw8Ya6ciBYz07yCwwyVOanAYN0NJn9Pl2
+c4E7R8hSQ7zj8Jvc5o57ou8fI5Zdm217G2AxUnsD9KEuYtyKRKDb+DOvGkcvKlJx
+px/BuU3QvhC0tw7RFPWIDBzVnXD5ApdZLZCweUvHLi7bgA88fJXN9oYrRduhIzRC
+IOjtmlB6JnAiMwaNQpWy4/+SZqDlky89dw29hUfj701An0QdYMyxH+uUuqfKPWdQ
+REBkP1ARH8WaHXzzyJpX5orjShIsg93HlZ68ILgrY7NpnFah8BJPbJUnp4QDAzII
+TZ+SYPQA8TBuUwyI2GNPmaPHo7nhcb7lIX0BERhsGqZV8nK6RIcEAxwjcgQgR3jc
+nxnzI0/bsQRFFkS2NkG/Dm3avCJi8NGTaOppGaGs05r012tK5hiNOCJ2vZdo4oUu
+QgBlk/TtodpwBIyPNPdtNP+XAFeElVeC2lkwwah7Tz2t1LrLm6ksencGs2UCAwEA
+AQKCAgAX8b0JIgRWMg7ccxTNFgxVBE5JxOTsKtbWxnzBscbPNQm8fc9Y0Y/TCx26
+cddF4UTzDmWNhu3rOTNrZ5MCktQ7FQhKcG9bzTyx/a32yb0WCPv1bOrP9KfD5fZG
+TD3Iufeio0Hv8hT2xW730Nmun1BQudGQm5ZMcLjSoHB6CuGm9HSuM/Z0YHHdWBjo
+CYh7sWVsZTPJD2KmdHvIHWRAk7EpTYh5FPa5pjsP5mk1NWOdyIrhRqkvZBMmO5+O
+8Lc2AGVedmvnNl0LBPagXZgL0vyQkAThlXKxpXZ93rvw2od7W9z2j//VDKhqoyJG
+cRKySNRux/veJe9PDmDhXl059y0iEm0AUDSp4dCD3KeL+rChDAV12YZSV2bXM3z1
+djAVtJgJbjSqScWVHWc+VFcEDCsRCnK7wAKIqbejnCJSyzWgOwquQXGy0dBjP1Mo
+A3e2gqT9KVcmzv1yPajpX7MN/O/MhwVv7s3fKv4hb0AGUzpKyF/t6Dh8zs74V7EZ
+QfDHa+AulG8VTzH595iVHv0EP5YwwtqmpogF3VJWnMxlRN12suL4+pSeUX1RGk9m
+HMWN0VCnZDkE8Rg8XjaIot1JLp19yk5AVGAUTPSfyZHUShl6pMLpVdoiJLDpQn4o
+Mt3GG3sbMVH6gR76UVVPMAC1qRu0BBZ5+b/c6t4u+br0Y83TJQKCAQEA7hQsvhqG
+xXZCjAEGF3+WBBgxZzZuKchD4D1KcOLJB5Hrd3eih0E3B2h02HDHbCe+bRObN9yz
+mJYJO2pnoWcQ7XBhcCKjkMoFxu9KxyByHnnFUQYSty55VPaWvwNGxusqDh9EDrvL
+ekv1VXCofv4nYJzAPh9BkLL6PCwoQzqCmoGTD3B2eyEuqDhUSBrKS2mHLKNya2Pf
+4reI/QCBiHDGuP5b+RrIeQpseF3CTfgmh8ZCrO0q0GY3mnO03B4jPR2b2neS5wbk
+EK7vTOQsdhZwTG/9zoYLqSV+00vApggtSYxrIpG+Tq/mFjFaRNg9xafAwqA4sa8p
+3s6a112kFdQDTwKCAQEAyrwOebxjW7mQdqQaiG1hBQK4UIAu9N/twiRI/9iXxiYQ
+B1BPVBaInTMPpkSZoip8Z3pKtdDoIAf+SJjI6dyaDS93IvLPXG0R5bOlXHsGAJZg
+uDFvPlZB/MCVObKhtKqQJyRNCOz+csulnkhPacZGQv82jXk9ifFb/nA1Eiws0p8E
+eHQTfoyF8AZpycWI+PvE0k2rq2hLbHqRfRB0CQxnbiU3FeZpte2WKEczY8llg9Xw
+asLIJQA0+gT8H5lhfD7mFdMVf8goqB8/aNih/ZW0uZ95/XKpmNMzQw26LAJunV8q
+RqBaFTiRP7TXUI4UE8kRowDTjHYMzTDGIrwaHdTBCwKCAQEA0Xa2lttHz9toWT1d
+WrdKCXgvnxtoeSJVdaj3IbKmJB7iCE4dlNpvy/i/NN6k1idxhw5E9jUbXhhDLx9C
+5eKEJiNF1x7iwbS8uHY4WFHXlbCVReAN/1TIM1Rw9MWxM7obWilv+3aGY6cIxo9D
+79c0VfATw5REX0bYmrBPDDciSUXPWTodQ9/B6QcGQBox+X9zCncTaCCLDjFkORSE
+4sI2VPSVfultj/D31j7HgUnevH5Wk0Zm8Mu+CAndCf0KC+9M/D1P5itN5M/EguYN
+qCe9zcKKj3WoNL1khAqWCH4ROjBs4hFQWnKwAL6TKRcH4irhkVreBpaSRBGKcglV
+IE9USQKCAQA6OLmbgluyat8vAz/PcEINk1NlYvqZPnnkaFFCkGw97o5p20l855/C
+LXjQEiFg7fyeJwOvpVgUYtdG+AGzD7R6FuiK89pTO8uJAQd7QKVfo9AQ9blx2InI
+0XHJiSBhZx5Q717kMlN8mjls9G1B/jwNX4fGJ0xiAhuePZEwL9mLfzlkcklq7WZF
+oUHePUlx37QNhVrItgH7HFQN65y3QIWvnyZrtqkjIyEdXh1HCf6KVvVdY6Tg42dT
+af0SAhV5/gJLwDwLX2s1pQury5Lx5X1qVX9OJxDHn9e36QhPPT+RGFRmxgQ41e74
+sbGoI7VmXTcgbctTKk/Q2bH9JbIGYSQzAoIBAH8Rywdz63DeIf0DrfBKY5wlAtCy
+ZEDyPawzQEgUqJKCr4EaKzSTcLJ7lAU8VmEyMmbb/LXCjAzZtc4p0iopfiN9YGnR
+e8Z3osxGd8PpNNBEXWavKvEGDu55NbHSZkGXdEOek0QZwI7RJA1fqXHquMpCwbOl
+wiwRiiQVpsalntZMaiNGQRa4wLO5lv0DfT0dILEImyTb2QpzpjO9E3FJ3XftrNU3
+lHgHwb+QtWT4xF56XU4zjEmZLQ/58PMi7S9cptejjzSz1YCkzcD/Tllp4+9QXTXr
+9L15opwsOQWzvDhJa/hWbVLyIm8clJGObWRfl4fK41wjuQuT+l7z9mtFgJk=
 -----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/cfg/pki_funcs.sh
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/cfg/pki_funcs.sh
@ -0,0 +1,294 @@
+#!/bin/bash
+#
+# all main functions to generate a PKI certificate chain
+# 
+
+#
+# Set the CA variables
+#
+pki_func_init() {
+  if [[ -n $1 ]] || [[ -n $2 ]] || [[ -n $3 ]]; then
+    FQ_CA_CERT=$1
+    FQ_CA_KEYS=$2
+    CNF_PATH=$3
+    APP_INIT=1
+  else
+    APP_INIT=0
+  fi
+}
+
+#
+# print text wrapped in a block
+#
+echo_block() {
+  echo
+  echo "***** ***** ***** *****"
+  echo $1
+  echo "***** ***** ***** *****"
+}
+
+# 
+# Grab the latest serial # from the file, auto-increment
+# 
+get_serial() {
+  SERIAL=`head "cfg/SERIAL"`
+  if [[ -z $SERIAL ]]; then
+    SERIAL=11111
+    echo_block "WARN: no file 'SERIAL' found, using default 11111 as the serial # for CA"
+  fi
+}
+
+# ***** ***** ***** ***** *****
+# 
+# CERTIFICATE AUTHORITY (CA)
+# 
+# ***** ***** ***** ***** *****
+# This function will generate a CA Intermediate
+# IN: UNIQ_ID_CA, SERIAL
+#
+gen_ca() {
+  UNIQ_ID_CA=$1
+  SERIAL=$2
+
+  echo_block "Create CA (${UNIQ_ID_CA})"
+
+  # encrypt the key
+  #openssl genrsa -aes256 -out ca.keys.pem 4096
+  #openssl genrsa -aes256 -password "pass:password" -out ca.keys.pem 4096 
+
+  # key un-protected
+  openssl genrsa -out "ca_${UNIQ_ID_CA}.keys.pem" 4096
+  # 
+  # Create Certificate   (valid for 10 years, after the entire chain of trust expires)
+  openssl req -config $CNF_PATH/ca.cnf -new -x509 -sha256 -days 3650 -extensions v3_ca \
+              -subj "/C=OO/O=ACME/CN=root.${UNIQ_ID_CA}" -set_serial ${SERIAL} \
+              -key ca_${UNIQ_ID_CA}.keys.pem -out ca_${UNIQ_ID_CA}.crt.pem
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in ca_${UNIQ_ID_CA}.crt.pem > ca_${UNIQ_ID_CA}_cert.info.txt
+}
+
+#
+# Create CA Intermediate PKI
+# 
+# 
+
+#
+# Generate a PKI chain
+#   - the certificate chain is unique based on the serial #
+#   - generate a new CA I
+#   - generate server certificates
+#   - generate client certificates
+#
+# INPUT:  BASE SERIAL #, LOOP NUM
+# 
+# Requires: FQ_CA_CERT, FQ_CA_KEYS
+# 
+ca-i_gen_pki() {
+  CDD=`pwd`
+  ORG_URL=$1
+  SERIAL_O=$2
+  NUM_CERTS=$(($3-1))
+
+  # create unique directory
+  UNIQ_ID_CAI="${SERIAL_O}.${ORG_URL}" 
+  mkdir -p "distribution/ca_i_${UNIQ_ID_CAI}"
+  cd "distribution/ca_i_${UNIQ_ID_CAI}"
+
+  # Create CA Intermediate
+  ca-i_gen_cert $ORG_URL $SERIAL_O
+
+  # create directories, copy files, before generating client/server
+  ca-i_create_shell
+
+  __ca-i_gen_client
+
+  __ca-i_gen_server
+
+  # return to last path
+  cd $CDD
+}
+
+# 
+# Client Certificates
+# 
+__ca-i_gen_client() {
+  # create directories
+  mkdir -p clients/data
+  mkdir -p clients/distro
+  mkdir -p clients/docs
+  cd clients
+  for NUM in $(seq 0 $NUM_CERTS)
+  do
+    gen_client $ORG_URL $((SERIAL_O+NUM))
+  done
+  cd ..
+}
+
+# 
+# Server Certificates
+# 
+__ca-i_gen_server() {
+  # create directories
+  mkdir -p servers/data
+  mkdir -p servers/distro
+  mkdir -p servers/docs
+  cd servers
+  for NUM in $(seq 0 $NUM_CERTS)
+  do
+    gen_server $ORG_URL $((SERIAL_O+NUM))
+  done
+  cd ..
+}
+
+# This function will generate a CA Intermediate
+# 
+# Requires:  CNF file, CA cert, CA key
+# 
+# IN: UNIQ_ID_CA, SERIAL
+#
+ca-i_gen_cert() {
+  ORG_URL=$1 
+  SERIAL=$2
+
+  UNIQ_ID="${SERIAL}.${ORG_URL}"
+
+  echo_block "Create CA Intermediate  (${UNIQ_ID})"
+
+  openssl genrsa -out "ca_i_${UNIQ_ID}.keys.pem" 4096
+
+  # Create Cert Signing Request (CSR)
+  openssl req -config "${CNF_PATH}/ca.cnf" -new -sha256 \
+              -subj "/C=OO/O=ACME/OU=ACME Intermediate/CN=${UNIQ_ID}" \
+              -key "ca_i_${UNIQ_ID}.keys.pem" -out "ca_i_${UNIQ_ID}.csr.pem"
+
+  # Create Certificate   (valid for ~2 years, after the entire chain of trust expires)
+  # CA signs Intermediate
+  openssl x509 -req -days 750 -extfile "${CNF_PATH}/ca.cnf" -extensions v3_ca_i \
+               -CA $FQ_CA_CERT -CAkey $FQ_CA_KEYS -set_serial ${SERIAL} \
+               -in "ca_i_${UNIQ_ID}.csr.pem" -out "ca_i_${UNIQ_ID}.crt.pem"
+
+  # Package the Certificate Authority Certificates for distro  (windoze needs this)
+  openssl pkcs12 -export -password "pass:password" -inkey "ca_i_${UNIQ_ID}.keys.pem" \
+                 -name "CA Intermediate Mobile Provision" -certfile $FQ_CA_CERT \
+                 -in "ca_i_${UNIQ_ID}.crt.pem" -out "ca_i_${UNIQ_ID}.p12"
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in "ca_i_${UNIQ_ID}.crt.pem" > "ca_i_${UNIQ_ID}.crt.info.txt"
+
+  # create certifiate chain
+  cat $FQ_CA_CERT "ca_i_${UNIQ_ID}.crt.pem" > "ca_cert-chain_${UNIQ_ID}.crts.pem"
+}
+
+#
+# Copies all applcations to the Lifecycle package
+#   organize the ca-i directory
+#   order matters:  move these files last because they were copied above
+#
+ca-i_create_shell() {
+
+  DEST_DIR="${CDD}/distribution/ca_i_${UNIQ_ID_CAI}"
+
+  # client
+  mkdir -p clients/cfg
+  cp $CDD/res/libs/gen_client.sh  $DEST_DIR/clients/
+  cp $CDD/res/libs/pki_funcs.sh   $DEST_DIR/clients/cfg
+  cp $CDD/res/docs/README_C       $DEST_DIR/clients/README
+  cp $CDD/res/docs/SERIAL         $DEST_DIR/clients/cfg/
+  cp "${CDD}/cfg/${ORG_URL}.cnf"  $DEST_DIR/clients/cfg/
+  # generated files
+  cp $DEST_DIR/ca_i*.crt.pem      $DEST_DIR/clients/cfg/ca-i.crt.pem
+  cp $DEST_DIR/ca_i*.keys.pem     $DEST_DIR/clients/cfg/ca-i.keys.pem
+  cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/clients/cfg/ca_cert-chain.crts.pem
+
+  # server
+  mkdir -p servers/cfg
+  cp $CDD/res/libs/gen_server.sh  $DEST_DIR/servers/
+  cp $CDD/res/libs/pki_funcs.sh   $DEST_DIR/servers/cfg/
+  cp $CDD/res/docs/README_S       $DEST_DIR/servers/README
+  cp $CDD/res/docs/SERIAL         $DEST_DIR/servers/cfg/
+  cp "${CDD}/cfg/${ORG_URL}.cnf"  $DEST_DIR/servers/cfg/
+  # generated files
+  cp $DEST_DIR/ca_i*.crt.pem      $DEST_DIR/servers/cfg/ca-i.crt.pem
+  cp $DEST_DIR/ca_i*.keys.pem     $DEST_DIR/servers/cfg/ca-i.keys.pem
+  cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/servers/cfg/ca_cert-chain.crts.pem
+
+  # CA-I
+  mkdir -p ca-i/data
+  mkdir -p ca-i/docs
+  mkdir -p ca-i/distro
+  cp $CDD/res/docs/README_CAI       $DEST_DIR/README
+  cp $CDD/ca_*/ca_*.crt.pem         $DEST_DIR/ca-i/data/
+  cp $CDD/ca_*/ca_*.info.txt        $DEST_DIR/ca-i/docs/
+  # generated files
+  mv $DEST_DIR/ca_i*.pem            $DEST_DIR/ca-i/data/
+  mv $DEST_DIR/ca_i*.info.txt       $DEST_DIR/ca-i/docs/
+  mv $DEST_DIR/ca_i*.p12            $DEST_DIR/ca-i/distro
+  mv $DEST_DIR/ca_cert-chain*.pem   $DEST_DIR/ca-i/distro
+}
+
+#
+# Generate a Client Certificate
+# IN: UNIQ_ID, UNIQ_ID_CAI, SERIAL
+#
+gen_client() {
+  ORG_URL=$1 
+  SERIAL=$2
+
+  UNIQ_ID="${SERIAL}.${ORG_URL}"
+  CERT_CHAIN="cfg/ca_cert-chain.crts.pem"
+
+  echo_block "Generate Client Certificates  (${UNIQ_ID})"
+
+  openssl genrsa -out "data/client_${UNIQ_ID}.keys.pem" 4096
+
+  openssl req -new -key "data/client_${UNIQ_ID}.keys.pem" \
+              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=client_${UNIQ_ID}" \
+              -out "data/client_${UNIQ_ID}.csr.pem"
+  # CA Intermediate signs Client
+  openssl x509 -req -days 365 \
+               -CA "cfg/ca-i.crt.pem" -CAkey "cfg/ca-i.keys.pem" -set_serial ${SERIAL} \
+               -in "data/client_${UNIQ_ID}.csr.pem" -out "data/client_${UNIQ_ID}.crt.pem"
+
+  # Package the Certificates
+  openssl pkcs12 -export -password "pass:password" -inkey "data/client_${UNIQ_ID}.keys.pem" \
+                 -name "Client ${UNIQ_ID} VPN Certificate" -certfile $CERT_CHAIN -caname "client_${UNIQ_ID}@acme.xyz" \
+                 -in "data/client_${UNIQ_ID}.crt.pem" -out "distro/client_${UNIQ_ID}.p12"
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in "data/client_${UNIQ_ID}.crt.pem" > "docs/client_${UNIQ_ID}.info.txt"
+}
+
+#
+# Generate a Server Certificate
+# IN: UNIQ_ID, UNIQ_ID_CA, SERIAL
+#
+gen_server() {
+  ORG_URL=$1 
+  SERIAL=$2
+
+  UNIQ_ID="${SERIAL}.${ORG_URL}"
+  CERT_CHAIN="cfg/ca_cert-chain.crts.pem"
+
+  echo_block "Generate Server Certificates  (${UNIQ_ID})"
+
+  openssl genrsa -out "data/server_${UNIQ_ID}.keys.pem" 4096
+
+  openssl req -new -config "cfg/${ORG_URL}.cnf" -key "data/server_${UNIQ_ID}.keys.pem" \
+              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=${UNIQ_ID}" \
+              -out "data/server_${UNIQ_ID}.csr.pem"
+
+  # CA Intermediate signs Server
+  openssl x509 -req -days 365 -extfile "cfg/${ORG_URL}.cnf" -extensions v3_server \
+               -CA "cfg/ca-i.crt.pem" -CAkey "cfg/ca-i.keys.pem" -set_serial ${SERIAL} \
+               -in "data/server_${UNIQ_ID}.csr.pem" -out "data/server_${UNIQ_ID}.crt.pem"
+
+  # Package the Certificates
+  openssl pkcs12 -export -password "pass:password" -inkey "data/server_${UNIQ_ID}.keys.pem" \
+                 -name "Server ${UNIQ_ID} VPN Certificate" -certfile $CERT_CHAIN -caname "server_${UNIQ_ID}@acme.xyz" \
+                 -in "data/server_${UNIQ_ID}.crt.pem" -out "distro/server_${UNIQ_ID}.p12"
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in "data/server_${UNIQ_ID}.crt.pem" > "docs/server_${UNIQ_ID}.crt.info.txt" 
+}
+
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/cfg/skunkworks.acme.xyz.cnf
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/cfg/skunkworks.acme.xyz.cnf
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/ca_cert-chain_10001.skunkworks.acme.xyz.crts.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/ca_cert-chain_10001.skunkworks.acme.xyz.crts.pem
@ -1,63 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIFZDCCA0ygAwIBAgIBZTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJPTzEN
-MAsGA1UECgwEQUNNRTElMCMGA1UEAwwccm9vdC4xMDEuc2t1bmt3b3Jrcy5hY21l
-Lnh5ejAeFw0xODA4MDYxODUzMTJaFw0yODA4MDMxODUzMTJaMEMxCzAJBgNVBAYT
-Ak9PMQ0wCwYDVQQKDARBQ01FMSUwIwYDVQQDDBxyb290LjEwMS5za3Vua3dvcmtz
-LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRRRuiMf
-+rpDWdJtBwmZVYCZFlAa/BSeC71Ku3bb7Gqi2j4siBi1Hz6DTKbd+ZMwPFTPY6Qk
-yLsgw3ICYWq19CheyHHsqX1utM66yr1OuZcn3ZbcpqzWaH3upbloSnn+gzEWy2hY
-+SG2fONa05MM5l3VCPl/fHMjJnt+fHSnr/KSk4NMaq5AE47v2CV7SnvLviuSUJAT
-ET183PG9xilEOfthlr63zk4RiUEmoG9ttuZmOCS3tlNAaUDXv5k/PrUy1qpdcp4D
-yJkPueTfsuAYFdGUpVuwvcLdIJHw6YrmQa3u/d6bc1cw3nF1TMyFFkNuf3XJAgtz
-z3aihDMH57LLMUE24HbdY+9Vt6HYsGninrWM4SMVAP62JQNS+aJfmBO1ozcyJ1/S
-aZm/Dxg2u8qblsJxBWi0hAkw/YSEP+Gevrdt0tf/xN8KypeC3lCWwm22l6gd3gXU
-KQYfav8eHTVOpw7QARaWJWDkEMqFRN4/KzTJF6/mOUz6KwEKm/NAvgVQeGBo6cMm
-qC8DTsRO/HpDFECoXcTFujj45yuYjlzzWEP7a4wuW8ouQ7E6xEAaWw0FWkEshLC6
-reThXAHA4cYhpQwZMQ+zP+W+5lXUGHDjlZrg1/RCS13nnOwOgUXmfEEth0HD8vCG
-pakCzlASneqvI0CkrrSjURcHKUInQ8kMuOkCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
-AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFGs/8FQvy8NZHw8jMhvx9yxL
-9RfcMB8GA1UdIwQYMBaAFGs/8FQvy8NZHw8jMhvx9yxL9RfcMA0GCSqGSIb3DQEB
-CwUAA4ICAQAwNY1MdhiQQ9iwzZNrhzucxjtpxYnyfm962w6vbHSSpuvr9R/X1e5Q
-SnFdVBhano5NioH1j0RAmBDS4GEsI4GzvgkOI7VT+C5wrGkmNUxk+fhfh23wxiSJ
-mSsE9arpCjo1Cykg/hnpQx+sHYPyujd9+jhDSGVZH3yGGpL3Jj/toLPikocetq0E
-U2oeqHwOShYs8LXWgjeWipjZ3xvLsQxMR1NgbpWGiRKfMB+Yjmieptm+Rzvibpvq
-LoT2FLg5FfkpRAZPwRQ+KkLpS+O4q+ibes7MuIkCacam5slzKtPIXpCbpy5fEHte
-LeVOkr21jaYwQ5GRU0OcbVf1O6oOJo2T7XJ7RMLIAE2OdEkm4wIhhlR5TWKQ5xt7
-1vK4uSzW/2hgXFvkx8OqsI2VJWz2oE6ZqzcQYO12nVbqC8Kh6WiVNs/vP5kvb9H7
-YsI98Ts52YCzx1ztgSSHh/CFOXxDMpI7b6VkdQPYtoA4rdCDhT3xAlOfCNMHHeht
-U95rZ8LadDxamx3+1Lb8SjNJVrzrv9YC6nxOUTLn0N/K8ttx9XiOR19jisZIeF0Z
-34RKQX3PV1+0R+nUC/RpxsHxrl9/5Ne0SK3L72Djzrd8EXODGHEOMHy/wnyEKPtQ
-1aWlWYQjWCNX+r6C02MWRqwXMsusEy473xvdTiVj6lqfoAh27bVU5Q==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIFgTCCA2mgAwIBAgICJxEwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCT08x
-DTALBgNVBAoMBEFDTUUxJTAjBgNVBAMMHHJvb3QuMTAxLnNrdW5rd29ya3MuYWNt
-ZS54eXowHhcNMTgwODA2MTg1MzEyWhcNMjAwODI1MTg1MzEyWjBcMQswCQYDVQQG
-EwJPTzENMAsGA1UECgwEQUNNRTEaMBgGA1UECwwRQUNNRSBJbnRlcm1lZGlhdGUx
-IjAgBgNVBAMMGTEwMDAxLnNrdW5rd29ya3MuYWNtZS54eXowggIiMA0GCSqGSIb3
-DQEBAQUAA4ICDwAwggIKAoICAQDx0d5dxw6oMddU63Jd3fIHNxCtvzPmHJzX+kON
-HFMi2jrrGEMmOcl0h6uyt2i/9Iz9G5gl/XbG86E0poId8FaofrQ2+i4s9UNH+PQu
-kmSUcCyhyHvP1+ibx0uHTi3SeFZ1AWmfsAvtwO9J1AQSgfC98r0y7J9AU4RqHvLM
-UaaRuMHsL82WbKRdno0V9i+SfxfS9UM7QVCL+Aq6ybAMUTQ0XvCJIYj8uUCAWmDk
-QNAg/KdEgpwE8Y5xSIbtXDXkgVKt8dFHF4IFcz67bSAMbo0VQ3jcQtDjkZ3h+FSo
-QPnb9z9rtjTexwphpmHWcYXM44tD/TjiMGS/qyaI1FFQqXmjOkQvvEZvmM7OnVuy
-hcsu9l3CWxcSC17GmirBDhtGzOTgVQr0n28eWQiTwOHYSiCl00AdEvRcDZmMxSji
-8PGxVIEZE3dIP1H02MuBZAG7p0xL1ApqpvndGjHwHkNxKR3/ITZIW1gSTuBIBOKQ
-KKMi6VJjbxcx8OmxPLVnP/EYBbHTcGygHzRFluQWj5h+wO8kKhPeA6VRdrNwUofA
-GA3QYh0mcuI+/aj2rdPorVyxdXyU35bsuzuFcjuhcetsQIYgXsuqtKLQHRWpv2XM
-Igs8Cu7zQt6iGgpcWwt4v+YVgMtgaCyoTZYXg2mIktbhvV4W2r/iXDE5W9B4KSgV
-qLO4kQIDAQABo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIB
-hjAdBgNVHQ4EFgQUXsctOOAY1ahMSM3VEFuWM+7kydQwHwYDVR0jBBgwFoAUaz/w
-VC/Lw1kfDyMyG/H3LEv1F9wwDQYJKoZIhvcNAQELBQADggIBAADgNBKWkTZ1gRSY
-orRRHF03aiJCZRfw7f+ioIaMR7FJuWUgxYFtCZyUI3SxpfTcL6IUIF69zLnDcdJI
-crnUAZGljxZLIp0TLlsG+FpAwFFWKLi87fTHS9Il+ch/hgbCPkEby0fyrmTatkxG
-AbaAAxMU6+WnRJr3ZGp/9ArEW0Xm9BJ7/vhVJ146tM6QfYbN0zdo4JoBv6L2G8u2
-O9l9960JaFauNQc0qedOnWlvfNIRuLGTtUJfVo1rG1n1gFVuDtBm94Y1YmvkkXe5
-CKhpwk1CwC2kx4s1Ia6JM+DhnioqI2iUDdjkJWFxnCrtI+8COxezhn3LAokUvqt3
-o7TDCzx7/MxVoMPWVRpJ1n/tiqwHcmoze2j0Vc1j6bX3moPyINIJe5qPxeJs8YJR
-epkLsuG7TyrAi17PbatjFhVOXTEzEBaR+0Fn3oIsyL4cEyYE5LHDyburUMqAWaYD
-kETshzaQcNNO6Hz3obx4Qn95Ep/uaLc7ge4oIr8kbksHOeWb+EhpgM86cblfrZw3
-vwPM5zSGQXTjie1DG5FZKCgVpRcKZqRzgZWPwyOr+bzF6xfZdG7iZDytA7ERLkv9
-xfaLmRySHH+FxF4rW1GPDloGM2QRQzaR2mHTthi3HWHWOlZewF1s7BABIjbuFOEF
-DvUKOMJ4xWZqwjCifoNTscAwkTb4
-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/ca_i_10001.skunkworks.acme.xyz.p12
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/ca_i_10001.skunkworks.acme.xyz.p12
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/data/ca_101.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/data/ca_101.skunkworks.acme.xyz.crt.pem
@ -1,31 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIFZDCCA0ygAwIBAgIBZTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJPTzEN
-MAsGA1UECgwEQUNNRTElMCMGA1UEAwwccm9vdC4xMDEuc2t1bmt3b3Jrcy5hY21l
-Lnh5ejAeFw0xODA4MDYxODUzMTJaFw0yODA4MDMxODUzMTJaMEMxCzAJBgNVBAYT
-Ak9PMQ0wCwYDVQQKDARBQ01FMSUwIwYDVQQDDBxyb290LjEwMS5za3Vua3dvcmtz
-LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRRRuiMf
-+rpDWdJtBwmZVYCZFlAa/BSeC71Ku3bb7Gqi2j4siBi1Hz6DTKbd+ZMwPFTPY6Qk
-yLsgw3ICYWq19CheyHHsqX1utM66yr1OuZcn3ZbcpqzWaH3upbloSnn+gzEWy2hY
-+SG2fONa05MM5l3VCPl/fHMjJnt+fHSnr/KSk4NMaq5AE47v2CV7SnvLviuSUJAT
-ET183PG9xilEOfthlr63zk4RiUEmoG9ttuZmOCS3tlNAaUDXv5k/PrUy1qpdcp4D
-yJkPueTfsuAYFdGUpVuwvcLdIJHw6YrmQa3u/d6bc1cw3nF1TMyFFkNuf3XJAgtz
-z3aihDMH57LLMUE24HbdY+9Vt6HYsGninrWM4SMVAP62JQNS+aJfmBO1ozcyJ1/S
-aZm/Dxg2u8qblsJxBWi0hAkw/YSEP+Gevrdt0tf/xN8KypeC3lCWwm22l6gd3gXU
-KQYfav8eHTVOpw7QARaWJWDkEMqFRN4/KzTJF6/mOUz6KwEKm/NAvgVQeGBo6cMm
-qC8DTsRO/HpDFECoXcTFujj45yuYjlzzWEP7a4wuW8ouQ7E6xEAaWw0FWkEshLC6
-reThXAHA4cYhpQwZMQ+zP+W+5lXUGHDjlZrg1/RCS13nnOwOgUXmfEEth0HD8vCG
-pakCzlASneqvI0CkrrSjURcHKUInQ8kMuOkCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
-AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFGs/8FQvy8NZHw8jMhvx9yxL
-9RfcMB8GA1UdIwQYMBaAFGs/8FQvy8NZHw8jMhvx9yxL9RfcMA0GCSqGSIb3DQEB
-CwUAA4ICAQAwNY1MdhiQQ9iwzZNrhzucxjtpxYnyfm962w6vbHSSpuvr9R/X1e5Q
-SnFdVBhano5NioH1j0RAmBDS4GEsI4GzvgkOI7VT+C5wrGkmNUxk+fhfh23wxiSJ
-mSsE9arpCjo1Cykg/hnpQx+sHYPyujd9+jhDSGVZH3yGGpL3Jj/toLPikocetq0E
-U2oeqHwOShYs8LXWgjeWipjZ3xvLsQxMR1NgbpWGiRKfMB+Yjmieptm+Rzvibpvq
-LoT2FLg5FfkpRAZPwRQ+KkLpS+O4q+ibes7MuIkCacam5slzKtPIXpCbpy5fEHte
-LeVOkr21jaYwQ5GRU0OcbVf1O6oOJo2T7XJ7RMLIAE2OdEkm4wIhhlR5TWKQ5xt7
-1vK4uSzW/2hgXFvkx8OqsI2VJWz2oE6ZqzcQYO12nVbqC8Kh6WiVNs/vP5kvb9H7
-YsI98Ts52YCzx1ztgSSHh/CFOXxDMpI7b6VkdQPYtoA4rdCDhT3xAlOfCNMHHeht
-U95rZ8LadDxamx3+1Lb8SjNJVrzrv9YC6nxOUTLn0N/K8ttx9XiOR19jisZIeF0Z
-34RKQX3PV1+0R+nUC/RpxsHxrl9/5Ne0SK3L72Djzrd8EXODGHEOMHy/wnyEKPtQ
-1aWlWYQjWCNX+r6C02MWRqwXMsusEy473xvdTiVj6lqfoAh27bVU5Q==
-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/data/ca_101.skunkworks.acme.xyz_cert.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/data/ca_101.skunkworks.acme.xyz_cert.info.txt
@ -1,90 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 101 (0x65)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=OO, O=ACME, CN=root.101.skunkworks.acme.xyz
-        Validity
-            Not Before: Aug  6 18:53:12 2018 GMT
-            Not After : Aug  3 18:53:12 2028 GMT
-        Subject: C=OO, O=ACME, CN=root.101.skunkworks.acme.xyz
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (4096 bit)
-                Modulus:
-                    00:b1:14:51:ba:23:1f:fa:ba:43:59:d2:6d:07:09:
-                    99:55:80:99:16:50:1a:fc:14:9e:0b:bd:4a:bb:76:
-                    db:ec:6a:a2:da:3e:2c:88:18:b5:1f:3e:83:4c:a6:
-                    dd:f9:93:30:3c:54:cf:63:a4:24:c8:bb:20:c3:72:
-                    02:61:6a:b5:f4:28:5e:c8:71:ec:a9:7d:6e:b4:ce:
-                    ba:ca:bd:4e:b9:97:27:dd:96:dc:a6:ac:d6:68:7d:
-                    ee:a5:b9:68:4a:79:fe:83:31:16:cb:68:58:f9:21:
-                    b6:7c:e3:5a:d3:93:0c:e6:5d:d5:08:f9:7f:7c:73:
-                    23:26:7b:7e:7c:74:a7:af:f2:92:93:83:4c:6a:ae:
-                    40:13:8e:ef:d8:25:7b:4a:7b:cb:be:2b:92:50:90:
-                    13:11:3d:7c:dc:f1:bd:c6:29:44:39:fb:61:96:be:
-                    b7:ce:4e:11:89:41:26:a0:6f:6d:b6:e6:66:38:24:
-                    b7:b6:53:40:69:40:d7:bf:99:3f:3e:b5:32:d6:aa:
-                    5d:72:9e:03:c8:99:0f:b9:e4:df:b2:e0:18:15:d1:
-                    94:a5:5b:b0:bd:c2:dd:20:91:f0:e9:8a:e6:41:ad:
-                    ee:fd:de:9b:73:57:30:de:71:75:4c:cc:85:16:43:
-                    6e:7f:75:c9:02:0b:73:cf:76:a2:84:33:07:e7:b2:
-                    cb:31:41:36:e0:76:dd:63:ef:55:b7:a1:d8:b0:69:
-                    e2:9e:b5:8c:e1:23:15:00:fe:b6:25:03:52:f9:a2:
-                    5f:98:13:b5:a3:37:32:27:5f:d2:69:99:bf:0f:18:
-                    36:bb:ca:9b:96:c2:71:05:68:b4:84:09:30:fd:84:
-                    84:3f:e1:9e:be:b7:6d:d2:d7:ff:c4:df:0a:ca:97:
-                    82:de:50:96:c2:6d:b6:97:a8:1d:de:05:d4:29:06:
-                    1f:6a:ff:1e:1d:35:4e:a7:0e:d0:01:16:96:25:60:
-                    e4:10:ca:85:44:de:3f:2b:34:c9:17:af:e6:39:4c:
-                    fa:2b:01:0a:9b:f3:40:be:05:50:78:60:68:e9:c3:
-                    26:a8:2f:03:4e:c4:4e:fc:7a:43:14:40:a8:5d:c4:
-                    c5:ba:38:f8:e7:2b:98:8e:5c:f3:58:43:fb:6b:8c:
-                    2e:5b:ca:2e:43:b1:3a:c4:40:1a:5b:0d:05:5a:41:
-                    2c:84:b0:ba:ad:e4:e1:5c:01:c0:e1:c6:21:a5:0c:
-                    19:31:0f:b3:3f:e5:be:e6:55:d4:18:70:e3:95:9a:
-                    e0:d7:f4:42:4b:5d:e7:9c:ec:0e:81:45:e6:7c:41:
-                    2d:87:41:c3:f2:f0:86:a5:a9:02:ce:50:12:9d:ea:
-                    af:23:40:a4:ae:b4:a3:51:17:07:29:42:27:43:c9:
-                    0c:b8:e9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Digital Signature, Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                6B:3F:F0:54:2F:CB:C3:59:1F:0F:23:32:1B:F1:F7:2C:4B:F5:17:DC
-            X509v3 Authority Key Identifier: 
-                keyid:6B:3F:F0:54:2F:CB:C3:59:1F:0F:23:32:1B:F1:F7:2C:4B:F5:17:DC
-
-    Signature Algorithm: sha256WithRSAEncryption
-         30:35:8d:4c:76:18:90:43:d8:b0:cd:93:6b:87:3b:9c:c6:3b:
-         69:c5:89:f2:7e:6f:7a:db:0e:af:6c:74:92:a6:eb:eb:f5:1f:
-         d7:d5:ee:50:4a:71:5d:54:18:5a:9e:8e:4d:8a:81:f5:8f:44:
-         40:98:10:d2:e0:61:2c:23:81:b3:be:09:0e:23:b5:53:f8:2e:
-         70:ac:69:26:35:4c:64:f9:f8:5f:87:6d:f0:c6:24:89:99:2b:
-         04:f5:aa:e9:0a:3a:35:0b:29:20:fe:19:e9:43:1f:ac:1d:83:
-         f2:ba:37:7d:fa:38:43:48:65:59:1f:7c:86:1a:92:f7:26:3f:
-         ed:a0:b3:e2:92:87:1e:b6:ad:04:53:6a:1e:a8:7c:0e:4a:16:
-         2c:f0:b5:d6:82:37:96:8a:98:d9:df:1b:cb:b1:0c:4c:47:53:
-         60:6e:95:86:89:12:9f:30:1f:98:8e:68:9e:a6:d9:be:47:3b:
-         e2:6e:9b:ea:2e:84:f6:14:b8:39:15:f9:29:44:06:4f:c1:14:
-         3e:2a:42:e9:4b:e3:b8:ab:e8:9b:7a:ce:cc:b8:89:02:69:c6:
-         a6:e6:c9:73:2a:d3:c8:5e:90:9b:a7:2e:5f:10:7b:5e:2d:e5:
-         4e:92:bd:b5:8d:a6:30:43:91:91:53:43:9c:6d:57:f5:3b:aa:
-         0e:26:8d:93:ed:72:7b:44:c2:c8:00:4d:8e:74:49:26:e3:02:
-         21:86:54:79:4d:62:90:e7:1b:7b:d6:f2:b8:b9:2c:d6:ff:68:
-         60:5c:5b:e4:c7:c3:aa:b0:8d:95:25:6c:f6:a0:4e:99:ab:37:
-         10:60:ed:76:9d:56:ea:0b:c2:a1:e9:68:95:36:cf:ef:3f:99:
-         2f:6f:d1:fb:62:c2:3d:f1:3b:39:d9:80:b3:c7:5c:ed:81:24:
-         87:87:f0:85:39:7c:43:32:92:3b:6f:a5:64:75:03:d8:b6:80:
-         38:ad:d0:83:85:3d:f1:02:53:9f:08:d3:07:1d:e8:6d:53:de:
-         6b:67:c2:da:74:3c:5a:9b:1d:fe:d4:b6:fc:4a:33:49:56:bc:
-         eb:bf:d6:02:ea:7c:4e:51:32:e7:d0:df:ca:f2:db:71:f5:78:
-         8e:47:5f:63:8a:c6:48:78:5d:19:df:84:4a:41:7d:cf:57:5f:
-         b4:47:e9:d4:0b:f4:69:c6:c1:f1:ae:5f:7f:e4:d7:b4:48:ad:
-         cb:ef:60:e3:ce:b7:7c:11:73:83:18:71:0e:30:7c:bf:c2:7c:
-         84:28:fb:50:d5:a5:a5:59:84:23:58:23:57:fa:be:82:d3:63:
-         16:46:ac:17:32:cb:ac:13:2e:3b:df:1b:dd:4e:25:63:ea:5a:
-         9f:a0:08:76:ed:b5:54:e5
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/data/ca_i_10001.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/data/ca_i_10001.skunkworks.acme.xyz.crt.pem
@ -1,32 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIFgTCCA2mgAwIBAgICJxEwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCT08x
-DTALBgNVBAoMBEFDTUUxJTAjBgNVBAMMHHJvb3QuMTAxLnNrdW5rd29ya3MuYWNt
-ZS54eXowHhcNMTgwODA2MTg1MzEyWhcNMjAwODI1MTg1MzEyWjBcMQswCQYDVQQG
-EwJPTzENMAsGA1UECgwEQUNNRTEaMBgGA1UECwwRQUNNRSBJbnRlcm1lZGlhdGUx
-IjAgBgNVBAMMGTEwMDAxLnNrdW5rd29ya3MuYWNtZS54eXowggIiMA0GCSqGSIb3
-DQEBAQUAA4ICDwAwggIKAoICAQDx0d5dxw6oMddU63Jd3fIHNxCtvzPmHJzX+kON
-HFMi2jrrGEMmOcl0h6uyt2i/9Iz9G5gl/XbG86E0poId8FaofrQ2+i4s9UNH+PQu
-kmSUcCyhyHvP1+ibx0uHTi3SeFZ1AWmfsAvtwO9J1AQSgfC98r0y7J9AU4RqHvLM
-UaaRuMHsL82WbKRdno0V9i+SfxfS9UM7QVCL+Aq6ybAMUTQ0XvCJIYj8uUCAWmDk
-QNAg/KdEgpwE8Y5xSIbtXDXkgVKt8dFHF4IFcz67bSAMbo0VQ3jcQtDjkZ3h+FSo
-QPnb9z9rtjTexwphpmHWcYXM44tD/TjiMGS/qyaI1FFQqXmjOkQvvEZvmM7OnVuy
-hcsu9l3CWxcSC17GmirBDhtGzOTgVQr0n28eWQiTwOHYSiCl00AdEvRcDZmMxSji
-8PGxVIEZE3dIP1H02MuBZAG7p0xL1ApqpvndGjHwHkNxKR3/ITZIW1gSTuBIBOKQ
-KKMi6VJjbxcx8OmxPLVnP/EYBbHTcGygHzRFluQWj5h+wO8kKhPeA6VRdrNwUofA
-GA3QYh0mcuI+/aj2rdPorVyxdXyU35bsuzuFcjuhcetsQIYgXsuqtKLQHRWpv2XM
-Igs8Cu7zQt6iGgpcWwt4v+YVgMtgaCyoTZYXg2mIktbhvV4W2r/iXDE5W9B4KSgV
-qLO4kQIDAQABo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIB
-hjAdBgNVHQ4EFgQUXsctOOAY1ahMSM3VEFuWM+7kydQwHwYDVR0jBBgwFoAUaz/w
-VC/Lw1kfDyMyG/H3LEv1F9wwDQYJKoZIhvcNAQELBQADggIBAADgNBKWkTZ1gRSY
-orRRHF03aiJCZRfw7f+ioIaMR7FJuWUgxYFtCZyUI3SxpfTcL6IUIF69zLnDcdJI
-crnUAZGljxZLIp0TLlsG+FpAwFFWKLi87fTHS9Il+ch/hgbCPkEby0fyrmTatkxG
-AbaAAxMU6+WnRJr3ZGp/9ArEW0Xm9BJ7/vhVJ146tM6QfYbN0zdo4JoBv6L2G8u2
-O9l9960JaFauNQc0qedOnWlvfNIRuLGTtUJfVo1rG1n1gFVuDtBm94Y1YmvkkXe5
-CKhpwk1CwC2kx4s1Ia6JM+DhnioqI2iUDdjkJWFxnCrtI+8COxezhn3LAokUvqt3
-o7TDCzx7/MxVoMPWVRpJ1n/tiqwHcmoze2j0Vc1j6bX3moPyINIJe5qPxeJs8YJR
-epkLsuG7TyrAi17PbatjFhVOXTEzEBaR+0Fn3oIsyL4cEyYE5LHDyburUMqAWaYD
-kETshzaQcNNO6Hz3obx4Qn95Ep/uaLc7ge4oIr8kbksHOeWb+EhpgM86cblfrZw3
-vwPM5zSGQXTjie1DG5FZKCgVpRcKZqRzgZWPwyOr+bzF6xfZdG7iZDytA7ERLkv9
-xfaLmRySHH+FxF4rW1GPDloGM2QRQzaR2mHTthi3HWHWOlZewF1s7BABIjbuFOEF
-DvUKOMJ4xWZqwjCifoNTscAwkTb4
-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/data/ca_i_10001.skunkworks.acme.xyz.csr.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/data/ca_i_10001.skunkworks.acme.xyz.csr.pem
@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIEoTCCAokCAQAwXDELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxGjAYBgNV
-BAsMEUFDTUUgSW50ZXJtZWRpYXRlMSIwIAYDVQQDDBkxMDAwMS5za3Vua3dvcmtz
-LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA8dHeXccO
-qDHXVOtyXd3yBzcQrb8z5hyc1/pDjRxTIto66xhDJjnJdIersrdov/SM/RuYJf12
-xvOhNKaCHfBWqH60NvouLPVDR/j0LpJklHAsoch7z9fom8dLh04t0nhWdQFpn7AL
-7cDvSdQEEoHwvfK9MuyfQFOEah7yzFGmkbjB7C/NlmykXZ6NFfYvkn8X0vVDO0FQ
-i/gKusmwDFE0NF7wiSGI/LlAgFpg5EDQIPynRIKcBPGOcUiG7Vw15IFSrfHRRxeC
-BXM+u20gDG6NFUN43ELQ45Gd4fhUqED52/c/a7Y03scKYaZh1nGFzOOLQ/044jBk
-v6smiNRRUKl5ozpEL7xGb5jOzp1bsoXLLvZdwlsXEgtexpoqwQ4bRszk4FUK9J9v
-HlkIk8Dh2EogpdNAHRL0XA2ZjMUo4vDxsVSBGRN3SD9R9NjLgWQBu6dMS9QKaqb5
-3Rox8B5DcSkd/yE2SFtYEk7gSATikCijIulSY28XMfDpsTy1Zz/xGAWx03BsoB80
-RZbkFo+YfsDvJCoT3gOlUXazcFKHwBgN0GIdJnLiPv2o9q3T6K1csXV8lN+W7Ls7
-hXI7oXHrbECGIF7LqrSi0B0Vqb9lzCILPAru80LeohoKXFsLeL/mFYDLYGgsqE2W
-F4NpiJLW4b1eFtq/4lwxOVvQeCkoFaizuJECAwEAAaAAMA0GCSqGSIb3DQEBCwUA
-A4ICAQC4VYDzMcf339lG/GooiX+wrDMnH7nMu9zUZYAe0qPGHrYxDc17U5aQ7WWd
-sPARBy2GMZP6vIoZyO7/otrqmDwckytGqjnTsRMAW/4Ub0tGQp7A0Ns1JTd/wkop
-SJutAEwobSB68do3kWD6NvNjEqMaPZhtNIci+OsKz+uPw+ktsKS2mmNdAdoZ9ezg
-HsPwcJnCD5+Fj/xkxYCKWaTKr1ZDgrKXpEqG/icbXRr9FjKzsgUkxpXj6N+9x6cB
-64Gc8YVslMs/ks72moawwt50nSCpQjgLbofvhUTU3Ta8/Z0nUlFF/zeqK15v09uW
-nyhL82Gj5akluCXihpKds5vCfLnLs+yp8kypzlaN9Qy/Nw1PRRRiVEzaClDTR7rL
-BVk/pnYLDxhuTxJ6ZGISMas876Gw/XGGWDY7/aFgOI5VNIqN/NmfZEqVlIBc+EQ8
-Kcp+tEAB7CntIFO2puGInactzAdNvsEQg7koAKnGIhn771w5Qe4PkObz6HeozxZc
-urHwC0p653NZa+zy2byYlb9FblmO6lqfsvpz95DtyMvtpon0ugLxBeuBl727SIaj
-H0qJbGL5nN2BvQRwsqJq47WJvH2GtXXMXlSq3zPnF2TGTxlzwbdbIeofmox2GkcM
-TtbbA5+JAPXLkJ1E+fVG4FivusJE1Kv6HybcndkG0n8zx5im9g==
-----END CERTIFICATE REQUEST-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/data/ca_i_10001.skunkworks.acme.xyz.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/data/ca_i_10001.skunkworks.acme.xyz.keys.pem
@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIJKgIBAAKCAgEA8dHeXccOqDHXVOtyXd3yBzcQrb8z5hyc1/pDjRxTIto66xhD
-JjnJdIersrdov/SM/RuYJf12xvOhNKaCHfBWqH60NvouLPVDR/j0LpJklHAsoch7
-z9fom8dLh04t0nhWdQFpn7AL7cDvSdQEEoHwvfK9MuyfQFOEah7yzFGmkbjB7C/N
-lmykXZ6NFfYvkn8X0vVDO0FQi/gKusmwDFE0NF7wiSGI/LlAgFpg5EDQIPynRIKc
-BPGOcUiG7Vw15IFSrfHRRxeCBXM+u20gDG6NFUN43ELQ45Gd4fhUqED52/c/a7Y0
-3scKYaZh1nGFzOOLQ/044jBkv6smiNRRUKl5ozpEL7xGb5jOzp1bsoXLLvZdwlsX
-EgtexpoqwQ4bRszk4FUK9J9vHlkIk8Dh2EogpdNAHRL0XA2ZjMUo4vDxsVSBGRN3
-SD9R9NjLgWQBu6dMS9QKaqb53Rox8B5DcSkd/yE2SFtYEk7gSATikCijIulSY28X
-MfDpsTy1Zz/xGAWx03BsoB80RZbkFo+YfsDvJCoT3gOlUXazcFKHwBgN0GIdJnLi
-Pv2o9q3T6K1csXV8lN+W7Ls7hXI7oXHrbECGIF7LqrSi0B0Vqb9lzCILPAru80Le
-ohoKXFsLeL/mFYDLYGgsqE2WF4NpiJLW4b1eFtq/4lwxOVvQeCkoFaizuJECAwEA
-AQKCAgEAnLXb/Dvu1LMQD/lRMWGO4nwd8+sQEBUE07ZcporvmYuBWS9s/M3ALyNo
-8rWHTbaG09RZIm2C1uW116/8bLh/AEy0L1isKfh7tJ2yaKf4RHX5hpKtIgGSvblG
-yhWw/k97//F9aL4mzNoWeGrMhM3unLo9QE412fMFwdvyjtRvNMpd6dkEy3H2hrEk
-T1IufCqe3tiQzErEjyCcm3Xu/9x0D2hjSwsPgm/vS/7GAcW621XAdFaME2wTWnic
-8B+s0Tu5v/4RGJg0a6HGyqGqfkP6bAhAv8URKBkLDxDmk+8fvRwa3ovC8YhdwvCX
-QOhqxF/FtbbZcUPZVpjsrQmi9LoPl6S0BXcQL5sIRpoJYIG+vviVEcoqnDAG3UQy
-+B30RC4aty2QgacPqoWXKxNqfFe4QDMukMLAG+s3zM6JBk3druKWJoC6NeuJVJYM
-qYp2rHlV/dv740u/00RINEzDJbKOMbUPK/8M8dnGJeENmj8J5VAs6yvh1uxG5nk0
-ULY1Nce/AWUt5iw+eEKXDl3I4gQRpEnyEA3YiBYsnTn0J7XXUhzRGG0+/w3IS4du
-OaUAFvWYgkiVz69SikWQWUfOfb7I3WKcvtGV3D+nWr6NdYeYGH3yOe4JPckdMI/U
-4stdqSnj69Mgc4wQMKmVR1iQw9wrNpbahCEJcUixLQ/fMpYNJ70CggEBAP29iEg4
-UMZkNAVo2xH/s+4QvVSWKN3zhz8W0AWOgyEsUy+cLHV9FhkizQVwIVJYj5YY11uL
-bz1QlmJOkVZp8NttLEzgn8EB9vsOThX5TGRZfvXh0KlbcNL21kyhoeB3ttPzw/Vu
-WoSvzZkwwgdlWfMDRFIH6VABE7+IXzghc9mP2Txua1Ee23HTF3rB3f2Wrosw1hNe
-OHWq8RZn2qOkNLRc78HeBx+Wg0dd4hO4pnFlV+36zNgyw1AC93Xs57gCwVOrkvab
-IW6+aI0tsox5EYIRmLS+6ymopwLE1boUNnGlOBZ311lih2gd9WmLtryROIVhkoo9
-MWRvjQxL57RBKRcCggEBAPP5KQRaXbT/B99xTeaaEVRn1yQ91Ua9oawZnJSfufts
-z/R1xcwu/Htql2TDaKfQuAxfhEBXMZfTZi9RRncYBmRZOu5Oblov8q6+/jsM9KpN
-NraeaPz3lXC7/5xjIB9OfPzmaI+khve0QCZ21DU3Uj3D72ZftKe+vJQz6M9pMhA4
-UitdnBNkQlmVVWRlTzvEkbAWbcCF8Tkut0Ov3lqsn6yZKkQ1fg3+6c8UCjvElJrW
-24fOW3gjfk3SUlRWMtCZn9HU8xYSWi6zrh3BCpx8pyly42MY+IL2R5foNDiZlomL
-vK7qhkSwqxTpjDfo9QB6+O1RkD2AQyUYcYp6KtM05JcCggEAJPCj14fDUq6h2CvE
-wOEOC9mKBrd5qZ5bkTa8ACMYOgse7S56VnxobC5h1KnXYAqelMZ3C8/H2RBTZGp1
-xDPWKcvCCEsnVsz3bONPQOmzUmSpFBjU7OLwEPZ4il15mJk1F7REUgXHzcteTjAH
-/1Wk+7j9CEg4kjol6ttqqVxNZl4HzUFyBDRO1Epb/7YboGCAdqkccWNlKtRBFvb1
-oJ82QQ/Ko9m0Bcg+wnQLhr16FcYgP/gkPFFfl9Vmu1dLAMH97TVsRtSc0GeOBweh
-F8xEXUA8kAu/Zqgz8DZBuz5YEsFv4e1+f3fVqLW71arOZrNpnBlxYQi5mRqYWTLv
-v5FA7wKCAQEA72EmlKXR0dh1shBrHftHS6kDWATvcZR4v/L1RoKeKgqu1C6GX/wu
-MS35051D33yUSVei3Lpw54Y9eenmGM5S3z0J7G66KfVnyXuO2QOyQDK4n2A4pRSL
-5WwgtiIwj2ckjcPJDj+hSgPq+ZKYToq0P/QyviDjkb89KrDwGioeO/n27aPQktpJ
-m7pBadtZbcxGIh8vmroRYEjs+hXiNtevZ9t0tC5EO5lFcbA5BkGwiWiNR+f6qZsx
-v0vBCgz1mOVTAcBOrvZc0/vquDkDn11TawDWCRKkK2NYBb2JF4vjP5wDCyEDkvxB
-MKiisuz5D3qZKclgnGdv+kLMjNGnmUoJiwKCAQEAqi/xTluBlmWtzi9fcic7WTeG
-FgXDaX5/llyr04bpT9NwMLCM3nMV/XHO7p7kVlC6+mIrLh0IwSN9UQ/evKdGHEQf
-EQ7CrE68xnD64Z8EUWAjarw+N+8plEfbgYjzayEVcLs6wMlkzoKWnKy3YHmTENQI
-KvDwk6LWW1R6kIJVE5IKzhCv7y8H9xVITy+4oIqGo75cB+I2Jo8+mEA/VAdQTtmd
-/NPDLnifmebU79Wjyf7FRPPlfk00wu6OChlaqLrlfJI6AvB/TccA9qM8oGXVTz2B
-/qYayhhOULBjcIKpiadQkM+CH3nJqEor7ZV8e5oo99wQSXSyeugchT1MjEqsQg==
-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/docs/ca_101.skunkworks.acme.xyz_cert.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/docs/ca_101.skunkworks.acme.xyz_cert.info.txt
@ -1,90 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 101 (0x65)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=OO, O=ACME, CN=root.101.skunkworks.acme.xyz
-        Validity
-            Not Before: Aug  6 18:53:12 2018 GMT
-            Not After : Aug  3 18:53:12 2028 GMT
-        Subject: C=OO, O=ACME, CN=root.101.skunkworks.acme.xyz
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (4096 bit)
-                Modulus:
-                    00:b1:14:51:ba:23:1f:fa:ba:43:59:d2:6d:07:09:
-                    99:55:80:99:16:50:1a:fc:14:9e:0b:bd:4a:bb:76:
-                    db:ec:6a:a2:da:3e:2c:88:18:b5:1f:3e:83:4c:a6:
-                    dd:f9:93:30:3c:54:cf:63:a4:24:c8:bb:20:c3:72:
-                    02:61:6a:b5:f4:28:5e:c8:71:ec:a9:7d:6e:b4:ce:
-                    ba:ca:bd:4e:b9:97:27:dd:96:dc:a6:ac:d6:68:7d:
-                    ee:a5:b9:68:4a:79:fe:83:31:16:cb:68:58:f9:21:
-                    b6:7c:e3:5a:d3:93:0c:e6:5d:d5:08:f9:7f:7c:73:
-                    23:26:7b:7e:7c:74:a7:af:f2:92:93:83:4c:6a:ae:
-                    40:13:8e:ef:d8:25:7b:4a:7b:cb:be:2b:92:50:90:
-                    13:11:3d:7c:dc:f1:bd:c6:29:44:39:fb:61:96:be:
-                    b7:ce:4e:11:89:41:26:a0:6f:6d:b6:e6:66:38:24:
-                    b7:b6:53:40:69:40:d7:bf:99:3f:3e:b5:32:d6:aa:
-                    5d:72:9e:03:c8:99:0f:b9:e4:df:b2:e0:18:15:d1:
-                    94:a5:5b:b0:bd:c2:dd:20:91:f0:e9:8a:e6:41:ad:
-                    ee:fd:de:9b:73:57:30:de:71:75:4c:cc:85:16:43:
-                    6e:7f:75:c9:02:0b:73:cf:76:a2:84:33:07:e7:b2:
-                    cb:31:41:36:e0:76:dd:63:ef:55:b7:a1:d8:b0:69:
-                    e2:9e:b5:8c:e1:23:15:00:fe:b6:25:03:52:f9:a2:
-                    5f:98:13:b5:a3:37:32:27:5f:d2:69:99:bf:0f:18:
-                    36:bb:ca:9b:96:c2:71:05:68:b4:84:09:30:fd:84:
-                    84:3f:e1:9e:be:b7:6d:d2:d7:ff:c4:df:0a:ca:97:
-                    82:de:50:96:c2:6d:b6:97:a8:1d:de:05:d4:29:06:
-                    1f:6a:ff:1e:1d:35:4e:a7:0e:d0:01:16:96:25:60:
-                    e4:10:ca:85:44:de:3f:2b:34:c9:17:af:e6:39:4c:
-                    fa:2b:01:0a:9b:f3:40:be:05:50:78:60:68:e9:c3:
-                    26:a8:2f:03:4e:c4:4e:fc:7a:43:14:40:a8:5d:c4:
-                    c5:ba:38:f8:e7:2b:98:8e:5c:f3:58:43:fb:6b:8c:
-                    2e:5b:ca:2e:43:b1:3a:c4:40:1a:5b:0d:05:5a:41:
-                    2c:84:b0:ba:ad:e4:e1:5c:01:c0:e1:c6:21:a5:0c:
-                    19:31:0f:b3:3f:e5:be:e6:55:d4:18:70:e3:95:9a:
-                    e0:d7:f4:42:4b:5d:e7:9c:ec:0e:81:45:e6:7c:41:
-                    2d:87:41:c3:f2:f0:86:a5:a9:02:ce:50:12:9d:ea:
-                    af:23:40:a4:ae:b4:a3:51:17:07:29:42:27:43:c9:
-                    0c:b8:e9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Digital Signature, Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                6B:3F:F0:54:2F:CB:C3:59:1F:0F:23:32:1B:F1:F7:2C:4B:F5:17:DC
-            X509v3 Authority Key Identifier: 
-                keyid:6B:3F:F0:54:2F:CB:C3:59:1F:0F:23:32:1B:F1:F7:2C:4B:F5:17:DC
-
-    Signature Algorithm: sha256WithRSAEncryption
-         30:35:8d:4c:76:18:90:43:d8:b0:cd:93:6b:87:3b:9c:c6:3b:
-         69:c5:89:f2:7e:6f:7a:db:0e:af:6c:74:92:a6:eb:eb:f5:1f:
-         d7:d5:ee:50:4a:71:5d:54:18:5a:9e:8e:4d:8a:81:f5:8f:44:
-         40:98:10:d2:e0:61:2c:23:81:b3:be:09:0e:23:b5:53:f8:2e:
-         70:ac:69:26:35:4c:64:f9:f8:5f:87:6d:f0:c6:24:89:99:2b:
-         04:f5:aa:e9:0a:3a:35:0b:29:20:fe:19:e9:43:1f:ac:1d:83:
-         f2:ba:37:7d:fa:38:43:48:65:59:1f:7c:86:1a:92:f7:26:3f:
-         ed:a0:b3:e2:92:87:1e:b6:ad:04:53:6a:1e:a8:7c:0e:4a:16:
-         2c:f0:b5:d6:82:37:96:8a:98:d9:df:1b:cb:b1:0c:4c:47:53:
-         60:6e:95:86:89:12:9f:30:1f:98:8e:68:9e:a6:d9:be:47:3b:
-         e2:6e:9b:ea:2e:84:f6:14:b8:39:15:f9:29:44:06:4f:c1:14:
-         3e:2a:42:e9:4b:e3:b8:ab:e8:9b:7a:ce:cc:b8:89:02:69:c6:
-         a6:e6:c9:73:2a:d3:c8:5e:90:9b:a7:2e:5f:10:7b:5e:2d:e5:
-         4e:92:bd:b5:8d:a6:30:43:91:91:53:43:9c:6d:57:f5:3b:aa:
-         0e:26:8d:93:ed:72:7b:44:c2:c8:00:4d:8e:74:49:26:e3:02:
-         21:86:54:79:4d:62:90:e7:1b:7b:d6:f2:b8:b9:2c:d6:ff:68:
-         60:5c:5b:e4:c7:c3:aa:b0:8d:95:25:6c:f6:a0:4e:99:ab:37:
-         10:60:ed:76:9d:56:ea:0b:c2:a1:e9:68:95:36:cf:ef:3f:99:
-         2f:6f:d1:fb:62:c2:3d:f1:3b:39:d9:80:b3:c7:5c:ed:81:24:
-         87:87:f0:85:39:7c:43:32:92:3b:6f:a5:64:75:03:d8:b6:80:
-         38:ad:d0:83:85:3d:f1:02:53:9f:08:d3:07:1d:e8:6d:53:de:
-         6b:67:c2:da:74:3c:5a:9b:1d:fe:d4:b6:fc:4a:33:49:56:bc:
-         eb:bf:d6:02:ea:7c:4e:51:32:e7:d0:df:ca:f2:db:71:f5:78:
-         8e:47:5f:63:8a:c6:48:78:5d:19:df:84:4a:41:7d:cf:57:5f:
-         b4:47:e9:d4:0b:f4:69:c6:c1:f1:ae:5f:7f:e4:d7:b4:48:ad:
-         cb:ef:60:e3:ce:b7:7c:11:73:83:18:71:0e:30:7c:bf:c2:7c:
-         84:28:fb:50:d5:a5:a5:59:84:23:58:23:57:fa:be:82:d3:63:
-         16:46:ac:17:32:cb:ac:13:2e:3b:df:1b:dd:4e:25:63:ea:5a:
-         9f:a0:08:76:ed:b5:54:e5
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/docs/ca_i_10001.skunkworks.acme.xyz_crt_info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/ca-i/docs/ca_i_10001.skunkworks.acme.xyz_crt_info.txt
@ -1,90 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 10001 (0x2711)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=OO, O=ACME, CN=root.101.skunkworks.acme.xyz
-        Validity
-            Not Before: Aug  6 18:53:12 2018 GMT
-            Not After : Aug 25 18:53:12 2020 GMT
-        Subject: C=OO, O=ACME, OU=ACME Intermediate, CN=10001.skunkworks.acme.xyz
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (4096 bit)
-                Modulus:
-                    00:f1:d1:de:5d:c7:0e:a8:31:d7:54:eb:72:5d:dd:
-                    f2:07:37:10:ad:bf:33:e6:1c:9c:d7:fa:43:8d:1c:
-                    53:22:da:3a:eb:18:43:26:39:c9:74:87:ab:b2:b7:
-                    68:bf:f4:8c:fd:1b:98:25:fd:76:c6:f3:a1:34:a6:
-                    82:1d:f0:56:a8:7e:b4:36:fa:2e:2c:f5:43:47:f8:
-                    f4:2e:92:64:94:70:2c:a1:c8:7b:cf:d7:e8:9b:c7:
-                    4b:87:4e:2d:d2:78:56:75:01:69:9f:b0:0b:ed:c0:
-                    ef:49:d4:04:12:81:f0:bd:f2:bd:32:ec:9f:40:53:
-                    84:6a:1e:f2:cc:51:a6:91:b8:c1:ec:2f:cd:96:6c:
-                    a4:5d:9e:8d:15:f6:2f:92:7f:17:d2:f5:43:3b:41:
-                    50:8b:f8:0a:ba:c9:b0:0c:51:34:34:5e:f0:89:21:
-                    88:fc:b9:40:80:5a:60:e4:40:d0:20:fc:a7:44:82:
-                    9c:04:f1:8e:71:48:86:ed:5c:35:e4:81:52:ad:f1:
-                    d1:47:17:82:05:73:3e:bb:6d:20:0c:6e:8d:15:43:
-                    78:dc:42:d0:e3:91:9d:e1:f8:54:a8:40:f9:db:f7:
-                    3f:6b:b6:34:de:c7:0a:61:a6:61:d6:71:85:cc:e3:
-                    8b:43:fd:38:e2:30:64:bf:ab:26:88:d4:51:50:a9:
-                    79:a3:3a:44:2f:bc:46:6f:98:ce:ce:9d:5b:b2:85:
-                    cb:2e:f6:5d:c2:5b:17:12:0b:5e:c6:9a:2a:c1:0e:
-                    1b:46:cc:e4:e0:55:0a:f4:9f:6f:1e:59:08:93:c0:
-                    e1:d8:4a:20:a5:d3:40:1d:12:f4:5c:0d:99:8c:c5:
-                    28:e2:f0:f1:b1:54:81:19:13:77:48:3f:51:f4:d8:
-                    cb:81:64:01:bb:a7:4c:4b:d4:0a:6a:a6:f9:dd:1a:
-                    31:f0:1e:43:71:29:1d:ff:21:36:48:5b:58:12:4e:
-                    e0:48:04:e2:90:28:a3:22:e9:52:63:6f:17:31:f0:
-                    e9:b1:3c:b5:67:3f:f1:18:05:b1:d3:70:6c:a0:1f:
-                    34:45:96:e4:16:8f:98:7e:c0:ef:24:2a:13:de:03:
-                    a5:51:76:b3:70:52:87:c0:18:0d:d0:62:1d:26:72:
-                    e2:3e:fd:a8:f6:ad:d3:e8:ad:5c:b1:75:7c:94:df:
-                    96:ec:bb:3b:85:72:3b:a1:71:eb:6c:40:86:20:5e:
-                    cb:aa:b4:a2:d0:1d:15:a9:bf:65:cc:22:0b:3c:0a:
-                    ee:f3:42:de:a2:1a:0a:5c:5b:0b:78:bf:e6:15:80:
-                    cb:60:68:2c:a8:4d:96:17:83:69:88:92:d6:e1:bd:
-                    5e:16:da:bf:e2:5c:31:39:5b:d0:78:29:28:15:a8:
-                    b3:b8:91
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:0
-            X509v3 Key Usage: critical
-                Digital Signature, Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                5E:C7:2D:38:E0:18:D5:A8:4C:48:CD:D5:10:5B:96:33:EE:E4:C9:D4
-            X509v3 Authority Key Identifier: 
-                keyid:6B:3F:F0:54:2F:CB:C3:59:1F:0F:23:32:1B:F1:F7:2C:4B:F5:17:DC
-
-    Signature Algorithm: sha256WithRSAEncryption
-         00:e0:34:12:96:91:36:75:81:14:98:a2:b4:51:1c:5d:37:6a:
-         22:42:65:17:f0:ed:ff:a2:a0:86:8c:47:b1:49:b9:65:20:c5:
-         81:6d:09:9c:94:23:74:b1:a5:f4:dc:2f:a2:14:20:5e:bd:cc:
-         b9:c3:71:d2:48:72:b9:d4:01:91:a5:8f:16:4b:22:9d:13:2e:
-         5b:06:f8:5a:40:c0:51:56:28:b8:bc:ed:f4:c7:4b:d2:25:f9:
-         c8:7f:86:06:c2:3e:41:1b:cb:47:f2:ae:64:da:b6:4c:46:01:
-         b6:80:03:13:14:eb:e5:a7:44:9a:f7:64:6a:7f:f4:0a:c4:5b:
-         45:e6:f4:12:7b:fe:f8:55:27:5e:3a:b4:ce:90:7d:86:cd:d3:
-         37:68:e0:9a:01:bf:a2:f6:1b:cb:b6:3b:d9:7d:f7:ad:09:68:
-         56:ae:35:07:34:a9:e7:4e:9d:69:6f:7c:d2:11:b8:b1:93:b5:
-         42:5f:56:8d:6b:1b:59:f5:80:55:6e:0e:d0:66:f7:86:35:62:
-         6b:e4:91:77:b9:08:a8:69:c2:4d:42:c0:2d:a4:c7:8b:35:21:
-         ae:89:33:e0:e1:9e:2a:2a:23:68:94:0d:d8:e4:25:61:71:9c:
-         2a:ed:23:ef:02:3b:17:b3:86:7d:cb:02:89:14:be:ab:77:a3:
-         b4:c3:0b:3c:7b:fc:cc:55:a0:c3:d6:55:1a:49:d6:7f:ed:8a:
-         ac:07:72:6a:33:7b:68:f4:55:cd:63:e9:b5:f7:9a:83:f2:20:
-         d2:09:7b:9a:8f:c5:e2:6c:f1:82:51:7a:99:0b:b2:e1:bb:4f:
-         2a:c0:8b:5e:cf:6d:ab:63:16:15:4e:5d:31:33:10:16:91:fb:
-         41:67:de:82:2c:c8:be:1c:13:26:04:e4:b1:c3:c9:bb:ab:50:
-         ca:80:59:a6:03:90:44:ec:87:36:90:70:d3:4e:e8:7c:f7:a1:
-         bc:78:42:7f:79:12:9f:ee:68:b7:3b:81:ee:28:22:bf:24:6e:
-         4b:07:39:e5:9b:f8:48:69:80:cf:3a:71:b9:5f:ad:9c:37:bf:
-         03:cc:e7:34:86:41:74:e3:89:ed:43:1b:91:59:28:28:15:a5:
-         17:0a:66:a4:73:81:95:8f:c3:23:ab:f9:bc:c5:eb:17:d9:74:
-         6e:e2:64:3c:ad:03:b1:11:2e:4b:fd:c5:f6:8b:99:1c:92:1c:
-         7f:85:c4:5e:2b:5b:51:8f:0e:5a:06:33:64:11:43:36:91:da:
-         61:d3:b6:18:b7:1d:61:d6:3a:56:5e:c0:5d:6c:ec:10:01:22:
-         36:ee:14:e1:05:0e:f5:0a:38:c2:78:c5:66:6a:c2:30:a2:7e:
-         83:53:b1:c0:30:91:36:f8
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/cfg/SERIAL
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/cfg/SERIAL
@ -1 +0,0 @@
-11048
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/cfg/ca-i.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/cfg/ca-i.crt.pem
@ -1,32 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIFgTCCA2mgAwIBAgICJxEwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCT08x
-DTALBgNVBAoMBEFDTUUxJTAjBgNVBAMMHHJvb3QuMTAxLnNrdW5rd29ya3MuYWNt
-ZS54eXowHhcNMTgwODA2MTg1MzEyWhcNMjAwODI1MTg1MzEyWjBcMQswCQYDVQQG
-EwJPTzENMAsGA1UECgwEQUNNRTEaMBgGA1UECwwRQUNNRSBJbnRlcm1lZGlhdGUx
-IjAgBgNVBAMMGTEwMDAxLnNrdW5rd29ya3MuYWNtZS54eXowggIiMA0GCSqGSIb3
-DQEBAQUAA4ICDwAwggIKAoICAQDx0d5dxw6oMddU63Jd3fIHNxCtvzPmHJzX+kON
-HFMi2jrrGEMmOcl0h6uyt2i/9Iz9G5gl/XbG86E0poId8FaofrQ2+i4s9UNH+PQu
-kmSUcCyhyHvP1+ibx0uHTi3SeFZ1AWmfsAvtwO9J1AQSgfC98r0y7J9AU4RqHvLM
-UaaRuMHsL82WbKRdno0V9i+SfxfS9UM7QVCL+Aq6ybAMUTQ0XvCJIYj8uUCAWmDk
-QNAg/KdEgpwE8Y5xSIbtXDXkgVKt8dFHF4IFcz67bSAMbo0VQ3jcQtDjkZ3h+FSo
-QPnb9z9rtjTexwphpmHWcYXM44tD/TjiMGS/qyaI1FFQqXmjOkQvvEZvmM7OnVuy
-hcsu9l3CWxcSC17GmirBDhtGzOTgVQr0n28eWQiTwOHYSiCl00AdEvRcDZmMxSji
-8PGxVIEZE3dIP1H02MuBZAG7p0xL1ApqpvndGjHwHkNxKR3/ITZIW1gSTuBIBOKQ
-KKMi6VJjbxcx8OmxPLVnP/EYBbHTcGygHzRFluQWj5h+wO8kKhPeA6VRdrNwUofA
-GA3QYh0mcuI+/aj2rdPorVyxdXyU35bsuzuFcjuhcetsQIYgXsuqtKLQHRWpv2XM
-Igs8Cu7zQt6iGgpcWwt4v+YVgMtgaCyoTZYXg2mIktbhvV4W2r/iXDE5W9B4KSgV
-qLO4kQIDAQABo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIB
-hjAdBgNVHQ4EFgQUXsctOOAY1ahMSM3VEFuWM+7kydQwHwYDVR0jBBgwFoAUaz/w
-VC/Lw1kfDyMyG/H3LEv1F9wwDQYJKoZIhvcNAQELBQADggIBAADgNBKWkTZ1gRSY
-orRRHF03aiJCZRfw7f+ioIaMR7FJuWUgxYFtCZyUI3SxpfTcL6IUIF69zLnDcdJI
-crnUAZGljxZLIp0TLlsG+FpAwFFWKLi87fTHS9Il+ch/hgbCPkEby0fyrmTatkxG
-AbaAAxMU6+WnRJr3ZGp/9ArEW0Xm9BJ7/vhVJ146tM6QfYbN0zdo4JoBv6L2G8u2
-O9l9960JaFauNQc0qedOnWlvfNIRuLGTtUJfVo1rG1n1gFVuDtBm94Y1YmvkkXe5
-CKhpwk1CwC2kx4s1Ia6JM+DhnioqI2iUDdjkJWFxnCrtI+8COxezhn3LAokUvqt3
-o7TDCzx7/MxVoMPWVRpJ1n/tiqwHcmoze2j0Vc1j6bX3moPyINIJe5qPxeJs8YJR
-epkLsuG7TyrAi17PbatjFhVOXTEzEBaR+0Fn3oIsyL4cEyYE5LHDyburUMqAWaYD
-kETshzaQcNNO6Hz3obx4Qn95Ep/uaLc7ge4oIr8kbksHOeWb+EhpgM86cblfrZw3
-vwPM5zSGQXTjie1DG5FZKCgVpRcKZqRzgZWPwyOr+bzF6xfZdG7iZDytA7ERLkv9
-xfaLmRySHH+FxF4rW1GPDloGM2QRQzaR2mHTthi3HWHWOlZewF1s7BABIjbuFOEF
-DvUKOMJ4xWZqwjCifoNTscAwkTb4
-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/cfg/ca-i.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/cfg/ca-i.keys.pem
@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIJKgIBAAKCAgEA8dHeXccOqDHXVOtyXd3yBzcQrb8z5hyc1/pDjRxTIto66xhD
-JjnJdIersrdov/SM/RuYJf12xvOhNKaCHfBWqH60NvouLPVDR/j0LpJklHAsoch7
-z9fom8dLh04t0nhWdQFpn7AL7cDvSdQEEoHwvfK9MuyfQFOEah7yzFGmkbjB7C/N
-lmykXZ6NFfYvkn8X0vVDO0FQi/gKusmwDFE0NF7wiSGI/LlAgFpg5EDQIPynRIKc
-BPGOcUiG7Vw15IFSrfHRRxeCBXM+u20gDG6NFUN43ELQ45Gd4fhUqED52/c/a7Y0
-3scKYaZh1nGFzOOLQ/044jBkv6smiNRRUKl5ozpEL7xGb5jOzp1bsoXLLvZdwlsX
-EgtexpoqwQ4bRszk4FUK9J9vHlkIk8Dh2EogpdNAHRL0XA2ZjMUo4vDxsVSBGRN3
-SD9R9NjLgWQBu6dMS9QKaqb53Rox8B5DcSkd/yE2SFtYEk7gSATikCijIulSY28X
-MfDpsTy1Zz/xGAWx03BsoB80RZbkFo+YfsDvJCoT3gOlUXazcFKHwBgN0GIdJnLi
-Pv2o9q3T6K1csXV8lN+W7Ls7hXI7oXHrbECGIF7LqrSi0B0Vqb9lzCILPAru80Le
-ohoKXFsLeL/mFYDLYGgsqE2WF4NpiJLW4b1eFtq/4lwxOVvQeCkoFaizuJECAwEA
-AQKCAgEAnLXb/Dvu1LMQD/lRMWGO4nwd8+sQEBUE07ZcporvmYuBWS9s/M3ALyNo
-8rWHTbaG09RZIm2C1uW116/8bLh/AEy0L1isKfh7tJ2yaKf4RHX5hpKtIgGSvblG
-yhWw/k97//F9aL4mzNoWeGrMhM3unLo9QE412fMFwdvyjtRvNMpd6dkEy3H2hrEk
-T1IufCqe3tiQzErEjyCcm3Xu/9x0D2hjSwsPgm/vS/7GAcW621XAdFaME2wTWnic
-8B+s0Tu5v/4RGJg0a6HGyqGqfkP6bAhAv8URKBkLDxDmk+8fvRwa3ovC8YhdwvCX
-QOhqxF/FtbbZcUPZVpjsrQmi9LoPl6S0BXcQL5sIRpoJYIG+vviVEcoqnDAG3UQy
-+B30RC4aty2QgacPqoWXKxNqfFe4QDMukMLAG+s3zM6JBk3druKWJoC6NeuJVJYM
-qYp2rHlV/dv740u/00RINEzDJbKOMbUPK/8M8dnGJeENmj8J5VAs6yvh1uxG5nk0
-ULY1Nce/AWUt5iw+eEKXDl3I4gQRpEnyEA3YiBYsnTn0J7XXUhzRGG0+/w3IS4du
-OaUAFvWYgkiVz69SikWQWUfOfb7I3WKcvtGV3D+nWr6NdYeYGH3yOe4JPckdMI/U
-4stdqSnj69Mgc4wQMKmVR1iQw9wrNpbahCEJcUixLQ/fMpYNJ70CggEBAP29iEg4
-UMZkNAVo2xH/s+4QvVSWKN3zhz8W0AWOgyEsUy+cLHV9FhkizQVwIVJYj5YY11uL
-bz1QlmJOkVZp8NttLEzgn8EB9vsOThX5TGRZfvXh0KlbcNL21kyhoeB3ttPzw/Vu
-WoSvzZkwwgdlWfMDRFIH6VABE7+IXzghc9mP2Txua1Ee23HTF3rB3f2Wrosw1hNe
-OHWq8RZn2qOkNLRc78HeBx+Wg0dd4hO4pnFlV+36zNgyw1AC93Xs57gCwVOrkvab
-IW6+aI0tsox5EYIRmLS+6ymopwLE1boUNnGlOBZ311lih2gd9WmLtryROIVhkoo9
-MWRvjQxL57RBKRcCggEBAPP5KQRaXbT/B99xTeaaEVRn1yQ91Ua9oawZnJSfufts
-z/R1xcwu/Htql2TDaKfQuAxfhEBXMZfTZi9RRncYBmRZOu5Oblov8q6+/jsM9KpN
-NraeaPz3lXC7/5xjIB9OfPzmaI+khve0QCZ21DU3Uj3D72ZftKe+vJQz6M9pMhA4
-UitdnBNkQlmVVWRlTzvEkbAWbcCF8Tkut0Ov3lqsn6yZKkQ1fg3+6c8UCjvElJrW
-24fOW3gjfk3SUlRWMtCZn9HU8xYSWi6zrh3BCpx8pyly42MY+IL2R5foNDiZlomL
-vK7qhkSwqxTpjDfo9QB6+O1RkD2AQyUYcYp6KtM05JcCggEAJPCj14fDUq6h2CvE
-wOEOC9mKBrd5qZ5bkTa8ACMYOgse7S56VnxobC5h1KnXYAqelMZ3C8/H2RBTZGp1
-xDPWKcvCCEsnVsz3bONPQOmzUmSpFBjU7OLwEPZ4il15mJk1F7REUgXHzcteTjAH
-/1Wk+7j9CEg4kjol6ttqqVxNZl4HzUFyBDRO1Epb/7YboGCAdqkccWNlKtRBFvb1
-oJ82QQ/Ko9m0Bcg+wnQLhr16FcYgP/gkPFFfl9Vmu1dLAMH97TVsRtSc0GeOBweh
-F8xEXUA8kAu/Zqgz8DZBuz5YEsFv4e1+f3fVqLW71arOZrNpnBlxYQi5mRqYWTLv
-v5FA7wKCAQEA72EmlKXR0dh1shBrHftHS6kDWATvcZR4v/L1RoKeKgqu1C6GX/wu
-MS35051D33yUSVei3Lpw54Y9eenmGM5S3z0J7G66KfVnyXuO2QOyQDK4n2A4pRSL
-5WwgtiIwj2ckjcPJDj+hSgPq+ZKYToq0P/QyviDjkb89KrDwGioeO/n27aPQktpJ
-m7pBadtZbcxGIh8vmroRYEjs+hXiNtevZ9t0tC5EO5lFcbA5BkGwiWiNR+f6qZsx
-v0vBCgz1mOVTAcBOrvZc0/vquDkDn11TawDWCRKkK2NYBb2JF4vjP5wDCyEDkvxB
-MKiisuz5D3qZKclgnGdv+kLMjNGnmUoJiwKCAQEAqi/xTluBlmWtzi9fcic7WTeG
-FgXDaX5/llyr04bpT9NwMLCM3nMV/XHO7p7kVlC6+mIrLh0IwSN9UQ/evKdGHEQf
-EQ7CrE68xnD64Z8EUWAjarw+N+8plEfbgYjzayEVcLs6wMlkzoKWnKy3YHmTENQI
-KvDwk6LWW1R6kIJVE5IKzhCv7y8H9xVITy+4oIqGo75cB+I2Jo8+mEA/VAdQTtmd
-/NPDLnifmebU79Wjyf7FRPPlfk00wu6OChlaqLrlfJI6AvB/TccA9qM8oGXVTz2B
-/qYayhhOULBjcIKpiadQkM+CH3nJqEor7ZV8e5oo99wQSXSyeugchT1MjEqsQg==
-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10002.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10002.skunkworks.acme.xyz.crt.pem
@ -1,30 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIFMDCCAxgCAicSMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNVBAYTAk9PMQ0wCwYD
-VQQKDARBQ01FMRowGAYDVQQLDBFBQ01FIEludGVybWVkaWF0ZTEiMCAGA1UEAwwZ
-MTAwMDEuc2t1bmt3b3Jrcy5hY21lLnh5ejAeFw0xODA4MDYxODUzMTRaFw0xOTA4
-MDYxODUzMTRaMF8xCzAJBgNVBAYTAk9PMQ0wCwYDVQQKDARBQ01FMRYwFAYDVQQL
-DA1BQ01FIFN0YW5kYXJkMSkwJwYDVQQDDCBjbGllbnRfMTAwMDIuc2t1bmt3b3Jr
-cy5hY21lLnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAN6ZmqfK
-msiO7xtJ1RVOm1BVN6Euqt82pV0hOB4wJGXad5fqSaS5DRZRLVZhV6eZ6T3R8+O5
-IZfjsKYCsUgO0Z7jl1DlVrRGnU3488YKgxmunzFaelDcG+DL6Vv2plJ9OGvtTa9L
-HbHEcewJs7yA7AZ5Vywsp/JnDh4h8BM5gmYz9gRM8PlRZs8uvoAtIpboTECHBZlx
-XXCUnDz7diqIrOm9YQNkeNIyucnYRANjxiJWbdpvOVCwImnYkGDuWtj8cSm0bEr0
-qGWslwpYKASE1Smvr6xV2Aw4AIJs1fGayrQPdzDG5mVTvZJelC1L1Aj8sJi7eSum
-rDPbqoKSMn0u09BLCzenqwUZ+liysXapXZ43pQOYdhRUbg7wJSR5/hwOT5pnOtEF
-+hEG1VQJW/Zwk2NmahnXqhjquGHOU3O2gAqdtSMOwYVKV9PiypS346gPnPfY7WBa
-wnTE4WXBsQuxhhLKpsYEzT7ujQjw6U2zJ8Jo+qaS9oe38wLOay5WBTy5d2xSIFQN
-fd+5bWRyCx06apw6hrqOVyz2RHtF6yUA88ItbbVlkV5PhTaDAGteiLMhEYJKANIe
-31VzsqGgfPMq4PL9Wix7r/uvcvMXMcURZTF04h9tMyGq9a1l2QAJfWMJr8n9L1Wb
-jr5fupIqakOuCHEz1CqnNxS0bY3/DNVVHXX1AgMBAAEwDQYJKoZIhvcNAQELBQAD
-ggIBAG59oLWWzEN3oS2p2Ae3sKbGr0LZ3zCRPAsPoz6H+ooJMhxhEHYzwjK16DoR
-l+0OwUbRM4NhkoOITujCm9fBhbj7v/IVnKd0MTcQquqFFaZKBrkuSdOteiHJzDmh
-kUFlsUFCulqYwJG5Vp9fjx0+IGDqXEdGsSZ2KwTYSMHiW3pTZJz6WOpE1X+16DEW
-D3ZAwcFX9Tw4vrGa7wAOgGs8Z4J4Y2pKDgzpX3Gikif4w+1JidgAX2rxz1/HZLEm
-np7d2SsYlG68MY4Yvg4ON7v6cKDe9TrAkVY3gz/rkpC1TcC45fvk71FtfdqxLcTN
-6UB8Ll9cHjw8f1+exr+/yxVqMkKBmQlda0FzUqBef3zMqwaC1mRmUM2gkoM+Qy76
-kyiAv/cV237cQ9YJOwvPluRBrSej3/Ea2aOKvVh7M9NsNFZIOwe8sRKL7+XqXDyY
-Vuevx6qp2bTX1sNH4r20wEqGEHtZaiZbb9LliKPG9gcaG4PRA1x1cQqYKrj5vtJH
-e1CViBK3ID1gCIzsHtCzZFKuKltYMbnae/cVjmIkA+9LLynPcmf4UxHDEPo4exFs
-TH40Ag+EJINsnDrHeklP0a7ntpKGy5Y7z+CtAIsISHX703bfeXuKzJK+Vxl6vYVv
-RnrwOsh8w7w9K1hVycZIjBfcpycBhgueLnfnmVpyw3Uispun
-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10002.skunkworks.acme.xyz.csr.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10002.skunkworks.acme.xyz.csr.pem
@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIEpDCCAowCAQAwXzELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxFjAUBgNV
-BAsMDUFDTUUgU3RhbmRhcmQxKTAnBgNVBAMMIGNsaWVudF8xMDAwMi5za3Vua3dv
-cmtzLmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3pma
-p8qayI7vG0nVFU6bUFU3oS6q3zalXSE4HjAkZdp3l+pJpLkNFlEtVmFXp5npPdHz
-47khl+OwpgKxSA7RnuOXUOVWtEadTfjzxgqDGa6fMVp6UNwb4MvpW/amUn04a+1N
-r0sdscRx7AmzvIDsBnlXLCyn8mcOHiHwEzmCZjP2BEzw+VFmzy6+gC0iluhMQIcF
-mXFdcJScPPt2Kois6b1hA2R40jK5ydhEA2PGIlZt2m85ULAiadiQYO5a2PxxKbRs
-SvSoZayXClgoBITVKa+vrFXYDDgAgmzV8ZrKtA93MMbmZVO9kl6ULUvUCPywmLt5
-K6asM9uqgpIyfS7T0EsLN6erBRn6WLKxdqldnjelA5h2FFRuDvAlJHn+HA5Pmmc6
-0QX6EQbVVAlb9nCTY2ZqGdeqGOq4Yc5Tc7aACp21Iw7BhUpX0+LKlLfjqA+c99jt
-YFrCdMThZcGxC7GGEsqmxgTNPu6NCPDpTbMnwmj6ppL2h7fzAs5rLlYFPLl3bFIg
-VA1937ltZHILHTpqnDqGuo5XLPZEe0XrJQDzwi1ttWWRXk+FNoMAa16IsyERgkoA
-0h7fVXOyoaB88yrg8v1aLHuv+69y8xcxxRFlMXTiH20zIar1rWXZAAl9Ywmvyf0v
-VZuOvl+6kipqQ64IcTPUKqc3FLRtjf8M1VUddfUCAwEAAaAAMA0GCSqGSIb3DQEB
-CwUAA4ICAQA8vqq1tDogw3iriGP1QS0S8QAmKbuGA1xCqtyJrRxtzLdiXwwD73hN
-bJPenme3tKWqWfA4WVMdObZFobpxL9nMc/Zf7eLNd20hAl2XIuKBdcBIQp97nPqM
-gVP0I24EElHUNrrlQV/Ndf+Xw5AEqesHp8PM7jeuozoIBJ5iVmNXRvTAuWu2mpTj
-bBCMi1IK5rqpI4zmTS+X+5NIJDYW4anGFGHIZ6ceTUXIPVpbM25stO1h71tcVH8u
-OrXPz2X/WeGRUOpWiRTrixuUtRPR9dhp8Xq2qEM5j292sjE03dYJFnbxgrgfJOz4
-9lDVyHh69NrB8z7O8lHzjN4u9VaUQKarWLwTVqPvD5EjS93uqfCEnz4pD6vuP6+x
-o7gqk4FP6V+4dkFEQMISx0eR/U2LRJ5Sf8hBbRAxYvJTCopH4cq3Z3NJdFzOS1rb
-xW/AxxwJga0nLT47j1GVqGTyyMNIHaZwXeRD1diPWGHfsN6K5i1bP+mH5qkgVmxk
-9GxWn0jaedc/SuQ3yhDx4n7HlpOXFXI6ELAeY4uzpGohp+uAKRnlxONynsZW7wQV
-j67cQI4RrLBfh788d6wuTrF0aXfIzeT3MP2O0leG6zzPqdlIgjBQ1quCUKsqYNWt
-Zj1Ab1/ajP2VQyWEp41XY+LCdT+eXESxgSi73QZF3HQ9NS8luU+lrA==
-----END CERTIFICATE REQUEST-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10002.skunkworks.acme.xyz.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10002.skunkworks.acme.xyz.keys.pem
@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIJKQIBAAKCAgEA3pmap8qayI7vG0nVFU6bUFU3oS6q3zalXSE4HjAkZdp3l+pJ
-pLkNFlEtVmFXp5npPdHz47khl+OwpgKxSA7RnuOXUOVWtEadTfjzxgqDGa6fMVp6
-UNwb4MvpW/amUn04a+1Nr0sdscRx7AmzvIDsBnlXLCyn8mcOHiHwEzmCZjP2BEzw
-+VFmzy6+gC0iluhMQIcFmXFdcJScPPt2Kois6b1hA2R40jK5ydhEA2PGIlZt2m85
-ULAiadiQYO5a2PxxKbRsSvSoZayXClgoBITVKa+vrFXYDDgAgmzV8ZrKtA93MMbm
-ZVO9kl6ULUvUCPywmLt5K6asM9uqgpIyfS7T0EsLN6erBRn6WLKxdqldnjelA5h2
-FFRuDvAlJHn+HA5Pmmc60QX6EQbVVAlb9nCTY2ZqGdeqGOq4Yc5Tc7aACp21Iw7B
-hUpX0+LKlLfjqA+c99jtYFrCdMThZcGxC7GGEsqmxgTNPu6NCPDpTbMnwmj6ppL2
-h7fzAs5rLlYFPLl3bFIgVA1937ltZHILHTpqnDqGuo5XLPZEe0XrJQDzwi1ttWWR
-Xk+FNoMAa16IsyERgkoA0h7fVXOyoaB88yrg8v1aLHuv+69y8xcxxRFlMXTiH20z
-Iar1rWXZAAl9Ywmvyf0vVZuOvl+6kipqQ64IcTPUKqc3FLRtjf8M1VUddfUCAwEA
-AQKCAgAi9fMBSWPX/gL1wTnTN95S1p9/FCpIFngQUWhT7XG6AX7pACYC1gGFMMiz
-GWS/8P9d8zyf1nK9PUiAOkoHrDQmBU69qNdeRvzrwx7eSsZeYTulb7VoP7mtK7mB
-9RIYQIx8/u9FicGnKthNnxR4lbL8LVCQoo7aFm90MhZXnp+pV53a/Q6Xyb4g6hGH
-Zg9ZrjBTriEmAVUQmnaTaVccxQyLRXAYLU6AjPD7D5lXAvOabwKf3PoefxtYjmfW
-oXjpPXS0fR7JAvXzyhCK0l+ungIwouQvZ+gfuyfxVBCh+pK9hvRMV+DVpzpN48bX
-+mHZ63387uzP+0RufKCiEz4UxScE89b5IcgBrqPE3Vj9AvaFBSPcl+mN6FdXojAl
-JP63xbKeP5mBrr/tRPNBXPhzQTGPHo6sZbFFYkI0V/m7hWuzZxxh/99EgB2vGdS1
-M63SXZtazbvG6Rhtczygrap5ScQVa0R603Wpl/1gmNUqfRhaF59fuDx7B3V6WsUY
-+GiBb7aEcD5gtf1q97xUrT4SrYprOgS7+svbbIf08Zk0fdzlKq2zocM3EiZ+LQce
-7vECuRwLLkL6xGUnyJ5ptOFtptrPGGUFJWr+QyUt+9V18wla5XgEFmQt4EEJLi+k
-lC1q47tbp9FX2BO+e5zuPo2X8iN8L1KtxxZiA0V3G1Q5+XVHPQKCAQEA8WTHrALv
-oxrB6WmuLoG/wHgt0YlSdJDGdWYfh+5Twila5aZIqKC2pz1Lo08pxwtSaSkNh5+D
-egu4rUIMr4274VEOPuBF5yUEbmou04xiMwX98haeV+0N+mTsJAZwZ1hItyywbpfY
-cysIRrjcyKU4PwHgIEhG9aPn/q21pHcKakzQRE6aLRWqX1/eSfUwTi1rypAojKQ0
-Zeo7Yt5aNnNcoZFkX/ZWUq0hvW2kNdMYWoB4+b8gJ2AwG6kxCsrzUeKNHy0w9ldo
-UYIcB+8KKcckzbgqWSs/JkwgCZCGCaxxSCCbZQuGmfxCacySpyUHuj4ST2Ebik6o
-yTtIwhehvlChxwKCAQEA7BG1OxMrAvympraGpZlwMdyhwIEecqxcqWkBlZ5Zr0Bw
-WRIs4blBlG6qAayXfw5WrPmLWJSXsLQOrJGtFfA5ByjJEppUkXq1M91/7Cy97fT0
-Wm0Ws2+ju+KGJMnL234RuLMDKJ0WWvntNdKLRepyfLT3s+m9CtIuVEryGkBtjBPM
-gliBL5Gx2oFp9pK7Q7V483vBjByeXvk9Ys9bnWAc7s1C+6LR7u1QJsNNgxfOAepK
-yr5fyGR0XZQKDt1i8949mKH9BvJc2H7Ts5+0TS8gDpSw5V2cBbJYh0PbOb3REk9n
-Bdja4lgY8HKdggfqAhStkKL7xNWw5TcixYrk53nqYwKCAQEAuWsUBIhs0fgnosbO
-SGLZi1nEuAKnF2ptRpge+CaUp7tkWqoTfZOVOXjXtKWGDaIgty4VemuIbiK6xDrL
-y70u569/JcTXbOj+MmHVfiGC/HZJzb6Z+ifYaNFEoZdgl8E0eZ8WFp0EYdJYFRrC
-XEysm5kxMxrRhrVT6kg8EgxuL6C5CP7nZmIR8BiPgneXlzVEat+4he9LYE0/OH5b
-BSAvstsfIqbxP6hFFmA1ljKDrmCojA3HAPfdfCHFzeh+ZhODGsN3rIEPXCx4o491
-WwngtzQTM1MIur4WjcI5cwzGJwUE1+S2i2k9Ck9dBo5nFSPApMCOivpIo+mpxYyp
-bKo62QKCAQEAxZAgSttE0NAerEDvOKHL6n7KA/BLSg8D0Wemws9uISPdoj16wEGp
-J47hylrlwph+Y27Ido6M0H4wFa4o28ZaA6rXdDEie0nlYg2KZF4haYbqBM9tAyh4
-L+Jo/1q+t+eu7xMpnpCwx9yH79ZPZmjJ/aH592CzK94wlazPJrcqtuNO8Pseym+1
-F7fctVWhUQ4LtkGo/hhpVfRislH1SyTHsfaoiy19YebLgFVMhlyitKmehESEppGj
-bTlanYwbpxokFJvkxS6KE0k45QfP/hRlUK6RyLLpwz65piJc0tsPoLJA9vzAWlL+
-NCTHuq3i4nDpvLUZ3WY1D+9vs0EFRs+aHwKCAQBYNVTSJE48kiua/CFQwolytwF5
-1D2eE4AjWLXRl6dV7NNa5sDlkv8AVl8UJF/577wGneDm3kKakFIwhpkbBu3VcFkd
-4hDqRMEZoLifpH1EXpJoXP4Kk/mzk6v8BM1M3unBOFYB5Oc4q8QmZ70xyMtL1dFx
-OUNic4ZE+9y+h8gk3NK6fdZvHFv5GdBcMZp8YnGrXkr6slAwxB6IBXNZxIi9A6c3
-P+N3PfDFsknK5PCFy53aNN9fEGf8pCk5uS7PadHZQSveEiNLWiqkT0BubhMW6HH7
-Ik1ozdReIe5PIuovR8lCdhYbfbLBT2KXqV5zMyB47hpJHEYse59nnFnTPwJf
-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10003.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10003.skunkworks.acme.xyz.crt.pem
@ -1,30 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIFMDCCAxgCAicTMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNVBAYTAk9PMQ0wCwYD
-VQQKDARBQ01FMRowGAYDVQQLDBFBQ01FIEludGVybWVkaWF0ZTEiMCAGA1UEAwwZ
-MTAwMDEuc2t1bmt3b3Jrcy5hY21lLnh5ejAeFw0xODA4MDYxODUzMTRaFw0xOTA4
-MDYxODUzMTRaMF8xCzAJBgNVBAYTAk9PMQ0wCwYDVQQKDARBQ01FMRYwFAYDVQQL
-DA1BQ01FIFN0YW5kYXJkMSkwJwYDVQQDDCBjbGllbnRfMTAwMDMuc2t1bmt3b3Jr
-cy5hY21lLnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKL08eAG
-TIxQN7YwEI2+SYv0bZe2VqO9UIiMUDUxsoEIjSZeOC5fvf8lw7u/qjvoFbhBzFC9
-WecTVHQidqVJpx+5qYX7V/S8YiKRPUc4NzGZAAyHoxVlSqwHJ3CIAtXM53u1JN05
-ch8KQ4eT4L+6kCOeGBqcu/LUjqehSVI80KUUwVFkrLtDWss0jfe+N2KXKf7QYkgr
-QTyjUNSa/HEwpIT1MHynYctPnPhKQZGRM9zD8GNLrYUVp0f348nVjtn8ZCCp2N7O
-ASyIPXTy1DWJGuZEuorJpLMHLVXXtoB4qEeFSPddltKnHKV4QgwSQUXgkkqgZOR6
-61FyhEPoE41NPNVH0nXZxPIKJAoWhrC530b2vdSPp3CWOjHHazehi/O7nAHIy4j2
-9BpuCA01bvJKNfJf0F7oy6dmy93h4dsQ7k9hWH3xR/3CzPwirWwSjZF9qANU36lO
-ASkzntm4EO8zJOW67ge3BYOpCdV55m0p/JFQYOpsXhSwNvvKYnIHRy2R1gkL7jns
-0FUXZPD1/eH59komfpVgpdlzLZOSxqi1HIxOblxI6QjSDU7If8Ot67sgyCZKj7H0
-1up+GCIHxuvyFuGNLh9vsKHnW87BRYMocUW3kRES2a9JeBJ8P+Q9eRWjwp09gr9M
-aicuSkBLVXUcQr3yMTbz+4XqsxpiqbPzRsaFAgMBAAEwDQYJKoZIhvcNAQELBQAD
-ggIBAOykl+JulxyHbOPGnRQyQ+5dUbgq8MOKt6XfCxq2/Rj2uF8U5XG+g6aTJfzY
-9Ox7ozmYqh+9dx4Vhe+mVl7Y31ZGgLfJ9urF17tfCc1SaG8aM5ag4JLbPJSF3ppg
-mJJ6gIO8DG1cFhUzQlaMUUJN8f4nIGPYGRxV04npdd48Lk9SDvv5AzqNRtx6z5jE
-eAdEmLgJz+/3Bfb3GSnfDCNtXlNGnMfkP6r3hR3FJEbSllS+GOYnksPy+xUSQ+9G
-NaCm6BnlH3MGXxcP+54dmhOkgsnKel7aVChlzlyW2BZyJKBWEqp/JUAJ6RanZCQz
-5pCLwZW9ANVt2gHUMufB1uYZTFX8METwL5Rhe168wftzlJvr1YcTuvbijRZyMHV0
-hkGMM9A0grwMZbNwwxW+Gsf5sX5gGj38qqVobmb6Oy09p5/VzFX1+sJuRkfvjArn
-CwEvi5sjfc+RFy9q2qLFj1aXTUUbeib99saL2dJOD94HWkoRGJqLp54fBEmBwFnv
-qVEC6zvIjYuILICjiJho4D0OPH8Iegz1Ca3FgeVX1M5vA/ie9lih18unxAv09g4E
-XSB4YX6VVALNSwkqQft7SnA9YiIwj64k7w5ZESJNdZe76xK66XyMxfmkxehjNY2a
-3Dzwc0RA8C+MrlLQgauleiwT8aRAh8jqB3JrinnZBvGmq0XZ
-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10003.skunkworks.acme.xyz.csr.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10003.skunkworks.acme.xyz.csr.pem
@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIEpDCCAowCAQAwXzELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxFjAUBgNV
-BAsMDUFDTUUgU3RhbmRhcmQxKTAnBgNVBAMMIGNsaWVudF8xMDAwMy5za3Vua3dv
-cmtzLmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAovTx
-4AZMjFA3tjAQjb5Ji/Rtl7ZWo71QiIxQNTGygQiNJl44Ll+9/yXDu7+qO+gVuEHM
-UL1Z5xNUdCJ2pUmnH7mphftX9LxiIpE9Rzg3MZkADIejFWVKrAcncIgC1czne7Uk
-3TlyHwpDh5Pgv7qQI54YGpy78tSOp6FJUjzQpRTBUWSsu0NayzSN9743Ypcp/tBi
-SCtBPKNQ1Jr8cTCkhPUwfKdhy0+c+EpBkZEz3MPwY0uthRWnR/fjydWO2fxkIKnY
-3s4BLIg9dPLUNYka5kS6ismkswctVde2gHioR4VI912W0qccpXhCDBJBReCSSqBk
-5HrrUXKEQ+gTjU081UfSddnE8gokChaGsLnfRva91I+ncJY6McdrN6GL87ucAcjL
-iPb0Gm4IDTVu8ko18l/QXujLp2bL3eHh2xDuT2FYffFH/cLM/CKtbBKNkX2oA1Tf
-qU4BKTOe2bgQ7zMk5bruB7cFg6kJ1XnmbSn8kVBg6mxeFLA2+8picgdHLZHWCQvu
-OezQVRdk8PX94fn2SiZ+lWCl2XMtk5LGqLUcjE5uXEjpCNINTsh/w63ruyDIJkqP
-sfTW6n4YIgfG6/IW4Y0uH2+woedbzsFFgyhxRbeRERLZr0l4Enw/5D15FaPCnT2C
-v0xqJy5KQEtVdRxCvfIxNvP7heqzGmKps/NGxoUCAwEAAaAAMA0GCSqGSIb3DQEB
-CwUAA4ICAQBSv8Qlo0rU/MBCLVNIefxD3fwi9ipPoNxcHHAO9c9H+XLRb7tL+UZH
-feranXyUu8hJzUzNtRBU0iQae9c2SiFWmV0RVHwz+XGSz48gmlyAdS8QYIXAKuOt
-ekDOoWy9nLCUn/FQNi34/owqeDbprduqNHb8M9jiVforHiM7fTxZUEtHygmHsnTx
-OP35Yx7YlBbT64hmY4xf05CHeAjTVMIKkH6OgogaLo4MpzihZMjugJdMYsNfAIUD
-B0iUZAiQ7ePU0POZs+KDd+1IJFfAC1M8zKrloo1XGwh3JghOPCQxcy7wV6srN88y
-S8TwycBff8Pd51qjsoCQyPU6vTyrX/WbTi3biiniLeTl++ErQ/cmRRQ3g5yvuLH5
-+R2O52R8I5iYj5Bu8fc/CvzhjwAARZRiEm6yMYPGtHdOzBhcAOnPg+lrQtkxpnIV
-+z+lIX+romcb+bmFYJVnBcyyNJRvYk1Q7K+IB2WBcM9Q0YoUgQ5i06pAGhS0fjgY
-oJzWJpAuc4q5gO06HdOrFxmuBUWkePq4jbhP7lyurIFZwOtj3vjMufWcNDNw8iCF
-NmVT60DT/KoMS8Fuy/HnG724sonS9+kxujLMSDWJXG/tY57QQRIryB7F9C2tzYru
-CStZMEKpHPRDRF1YUKJOaQ2NFJJh2c6elP3DWCsgwGqL03thIfIQHQ==
-----END CERTIFICATE REQUEST-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10003.skunkworks.acme.xyz.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/data/client_10003.skunkworks.acme.xyz.keys.pem
@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEAovTx4AZMjFA3tjAQjb5Ji/Rtl7ZWo71QiIxQNTGygQiNJl44
-Ll+9/yXDu7+qO+gVuEHMUL1Z5xNUdCJ2pUmnH7mphftX9LxiIpE9Rzg3MZkADIej
-FWVKrAcncIgC1czne7Uk3TlyHwpDh5Pgv7qQI54YGpy78tSOp6FJUjzQpRTBUWSs
-u0NayzSN9743Ypcp/tBiSCtBPKNQ1Jr8cTCkhPUwfKdhy0+c+EpBkZEz3MPwY0ut
-hRWnR/fjydWO2fxkIKnY3s4BLIg9dPLUNYka5kS6ismkswctVde2gHioR4VI912W
-0qccpXhCDBJBReCSSqBk5HrrUXKEQ+gTjU081UfSddnE8gokChaGsLnfRva91I+n
-cJY6McdrN6GL87ucAcjLiPb0Gm4IDTVu8ko18l/QXujLp2bL3eHh2xDuT2FYffFH
-/cLM/CKtbBKNkX2oA1TfqU4BKTOe2bgQ7zMk5bruB7cFg6kJ1XnmbSn8kVBg6mxe
-FLA2+8picgdHLZHWCQvuOezQVRdk8PX94fn2SiZ+lWCl2XMtk5LGqLUcjE5uXEjp
-CNINTsh/w63ruyDIJkqPsfTW6n4YIgfG6/IW4Y0uH2+woedbzsFFgyhxRbeRERLZ
-r0l4Enw/5D15FaPCnT2Cv0xqJy5KQEtVdRxCvfIxNvP7heqzGmKps/NGxoUCAwEA
-AQKCAgA4CRLDfmcEOPFvbMfEdhLEVaD58nGIjKkMy3MpV5WSWWZwMyYOjE3BVzMf
-dKENSJlvavDfMr2fgD4iUVeLLvCRMD7jG7L7LWxxhpAT1XjlTT9/D4U87j/nN+6P
-+7U93+AZ4ghzKjXcBqOCE4/NXlICbXLMc+kNb5o+em/EH7V/jsuLOZtMKbUm+0N2
-Vaql9GU0gmPJfVZJi79X3JPCOH/aWJX7x3MRfqbzmlVBwTScTaR0AKoCgZesX8ms
-tgsRWoDz2nQA6cXtkkvP01C1uBfP5wJeh0hjZ6xnQG45b0Quk96rcTtT5LMtE1Vi
-4UQgy0CC+PS4vKv+repdj4hppo2sHRbkoQwfqU48oir+0r8GxYRs/qYnb/ie1MbM
-Ivr0rt4bCIxYTsn//B2m3TWo6az3R8++77FY5SKz6M0IsY30DttWQSufUwHF5MVH
-tdhlFv40LROx/WKc8k6B1x5YoAMznEqCnllvV//mAwqOiHv4xGYfiK5aHw+0Rw7z
-zGZXTKw4O42Y4yd6fjOgNJvhVvVwb44cShwHzdLbRHaQxxhqATkAW0t1kgDPZP4p
-n7e1kGc9wZmq3qSFZwNaEkW9JTC3bx7f/8nzZJUwuZ4dEWcLyXMf/+x5tIZs2Lcu
-3TIoNWUVO+Sal4EEPDbQ4747qulqDYT6IlhFBCY1n0TZ7jcDYQKCAQEA1PLaYzrw
-p5Z3vmh2n7jCqQWcwWwbmSdISSahZ2z4OJfqgvrTaPq4FZ0GkgYjZdkOiCGYhZzr
-peIVar4DsLfHRb2w73MzS7N7UvSYUIwAbFcAy8F5lK7C4Vo0FTdRLASknnqB0dmS
-QFhiSukoXdw1a/DFzonksG8Z/ksDwxcn6Q8k8cfbT+QoZJMbMfzukdY3Cc2mKd9o
-K6z+poXgcUKudfl9yZu1NMT8EuC3nA5Xgeib+70IJCd1A0qGpJplVSWv+YEYJCry
-m017AW9kzhjv5v+K5G8CMkAeH0LRb+glxx0IipXyqgK6fK3BzoLt3bSUREln1Dr5
-R3pPOUX9PeKoBwKCAQEAw+bEW7jMhhwXBQ+VpAj28EMMmqs5HFW4W8L8cXmubXJN
-ip23szUaqjvq+rDNzx8sfVy6N2BvtPes49FmKMskc8MXkNmaCyAgf5+aeE3Haz9A
-v7yBIyQd7XJPmk43FUJiA6nJ88G79QP9GeZCTyRvJ21H+y7xDQcva4ss40nhRjn5
-6khOnDD+vb8Kpz1/gazwy3a6xonllKBgUBsZiRXsdUaYSqQaqdeHcWaJmEGoOze2
-MRzb4oEQ1sMNjkBvOXTSVv1IYMPmNA7P5pAoiV9dWhPTNdFZMzUH6Vj0ZoAQOBmC
-gzGcPcMq7jEFDA3gp3XXoTGa4KgFFw2bY50LGSnCEwKCAQBjBnvf4SzAAgy1Esb3
-B2geSWnX2HoNAmNvAPPVsKrNRnfbaOCe1Nh91IOVrB0R45oKW/UdTReYEEZ9WNdG
-em/EUq3Q6/VSoqgar3uVGUWpG9xW5CWxqoMdYGEP7KVmntIekEGGYHLOUUuEImCP
-JTQCefjCTwV1tnST+DZLppz8l/pKJPIreKIAAxiGamRWlRMLEALRPf6nMM9KiL8S
-bDvMyLRh6HKfk2rVLIK1o0W2N4Ex03nRtjeHzERIjzPIILpwgEPFreMbrTAiPrbV
-0GrfNL5V8/lFfOOFDgFu1Lmcmje6mng57wLhr7uMWP5cNvkruCb8XmBFiO8GZzGY
-capJAoIBAQC9Q/XPu/H1W6wt2omzamnRZKYHxIcvxe2Q0gh9RZds7DLYSlpRjGvP
-roXuX+TnR/H+yBitKcGi8Gsby5JMtT7pjMH20xUNzKM5SiS+OD8DcaAH3oJRRjKX
-1onrxcdYBcOWUHLpyvHh3VGptRm5RrURPXZ+yjJfaOK6n0Ll8NnxtE+stuEj6/4h
-qjILs9G9oi0eFf6LlGy3NF745cW8+O5zu5mk+3k7QBz+RZeH/18en0uplX0nD5UK
-OHafScdrll8lZh2IR5vgDbN0yTAw0G7reR3k7/ajD4guPSAa631ABf1e7Q5LaYTP
-jZKXu8yhXavPc5JznEEWrbHEAtTXIc37AoIBAAvtPoYW088ZzRf4Vs6G18qM/4Rv
-vxxf13VSMfyLhf/v2c7Vmope1hYmD1LPyVzme/zJeuO9PXXQ3Y1xxxhkwS8H2qtd
-tTvusttekK6gbbFAaCXDOnEqf5/FPgzsOOAyLHnWTbONGxjyZmXDNkMxHomVLdDn
-0csa8ZtdiPUGNLdsEvWjkTyy9eqUXZjGINJtDD0DvRfhYyWpphxuLKSV9KULqwE+
-EFiYxFjIqchF/iiogyyl8WxLwReyRTX93DEVJvXIsXbMzhjJmoy0EIAK5k7G7pOY
-EJAO45OyvO+cvnOdfmzS6LxxWot/vV89pXVb3VYwISQ04vE8emhgQrzxGMU=
-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/distro/client_10002.skunkworks.acme.xyz.p12
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/distro/client_10002.skunkworks.acme.xyz.p12
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/distro/client_10003.skunkworks.acme.xyz.p12
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/distro/client_10003.skunkworks.acme.xyz.p12
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/docs/client_10002.skunkworks.acme.xyz.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/docs/client_10002.skunkworks.acme.xyz.info.txt
@ -1,80 +0,0 @@
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 10002 (0x2712)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=OO, O=ACME, OU=ACME Intermediate, CN=10001.skunkworks.acme.xyz
-        Validity
-            Not Before: Aug  6 18:53:14 2018 GMT
-            Not After : Aug  6 18:53:14 2019 GMT
-        Subject: C=OO, O=ACME, OU=ACME Standard, CN=client_10002.skunkworks.acme.xyz
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (4096 bit)
-                Modulus:
-                    00:de:99:9a:a7:ca:9a:c8:8e:ef:1b:49:d5:15:4e:
-                    9b:50:55:37:a1:2e:aa:df:36:a5:5d:21:38:1e:30:
-                    24:65:da:77:97:ea:49:a4:b9:0d:16:51:2d:56:61:
-                    57:a7:99:e9:3d:d1:f3:e3:b9:21:97:e3:b0:a6:02:
-                    b1:48:0e:d1:9e:e3:97:50:e5:56:b4:46:9d:4d:f8:
-                    f3:c6:0a:83:19:ae:9f:31:5a:7a:50:dc:1b:e0:cb:
-                    e9:5b:f6:a6:52:7d:38:6b:ed:4d:af:4b:1d:b1:c4:
-                    71:ec:09:b3:bc:80:ec:06:79:57:2c:2c:a7:f2:67:
-                    0e:1e:21:f0:13:39:82:66:33:f6:04:4c:f0:f9:51:
-                    66:cf:2e:be:80:2d:22:96:e8:4c:40:87:05:99:71:
-                    5d:70:94:9c:3c:fb:76:2a:88:ac:e9:bd:61:03:64:
-                    78:d2:32:b9:c9:d8:44:03:63:c6:22:56:6d:da:6f:
-                    39:50:b0:22:69:d8:90:60:ee:5a:d8:fc:71:29:b4:
-                    6c:4a:f4:a8:65:ac:97:0a:58:28:04:84:d5:29:af:
-                    af:ac:55:d8:0c:38:00:82:6c:d5:f1:9a:ca:b4:0f:
-                    77:30:c6:e6:65:53:bd:92:5e:94:2d:4b:d4:08:fc:
-                    b0:98:bb:79:2b:a6:ac:33:db:aa:82:92:32:7d:2e:
-                    d3:d0:4b:0b:37:a7:ab:05:19:fa:58:b2:b1:76:a9:
-                    5d:9e:37:a5:03:98:76:14:54:6e:0e:f0:25:24:79:
-                    fe:1c:0e:4f:9a:67:3a:d1:05:fa:11:06:d5:54:09:
-                    5b:f6:70:93:63:66:6a:19:d7:aa:18:ea:b8:61:ce:
-                    53:73:b6:80:0a:9d:b5:23:0e:c1:85:4a:57:d3:e2:
-                    ca:94:b7:e3:a8:0f:9c:f7:d8:ed:60:5a:c2:74:c4:
-                    e1:65:c1:b1:0b:b1:86:12:ca:a6:c6:04:cd:3e:ee:
-                    8d:08:f0:e9:4d:b3:27:c2:68:fa:a6:92:f6:87:b7:
-                    f3:02:ce:6b:2e:56:05:3c:b9:77:6c:52:20:54:0d:
-                    7d:df:b9:6d:64:72:0b:1d:3a:6a:9c:3a:86:ba:8e:
-                    57:2c:f6:44:7b:45:eb:25:00:f3:c2:2d:6d:b5:65:
-                    91:5e:4f:85:36:83:00:6b:5e:88:b3:21:11:82:4a:
-                    00:d2:1e:df:55:73:b2:a1:a0:7c:f3:2a:e0:f2:fd:
-                    5a:2c:7b:af:fb:af:72:f3:17:31:c5:11:65:31:74:
-                    e2:1f:6d:33:21:aa:f5:ad:65:d9:00:09:7d:63:09:
-                    af:c9:fd:2f:55:9b:8e:be:5f:ba:92:2a:6a:43:ae:
-                    08:71:33:d4:2a:a7:37:14:b4:6d:8d:ff:0c:d5:55:
-                    1d:75:f5
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha256WithRSAEncryption
-         6e:7d:a0:b5:96:cc:43:77:a1:2d:a9:d8:07:b7:b0:a6:c6:af:
-         42:d9:df:30:91:3c:0b:0f:a3:3e:87:fa:8a:09:32:1c:61:10:
-         76:33:c2:32:b5:e8:3a:11:97:ed:0e:c1:46:d1:33:83:61:92:
-         83:88:4e:e8:c2:9b:d7:c1:85:b8:fb:bf:f2:15:9c:a7:74:31:
-         37:10:aa:ea:85:15:a6:4a:06:b9:2e:49:d3:ad:7a:21:c9:cc:
-         39:a1:91:41:65:b1:41:42:ba:5a:98:c0:91:b9:56:9f:5f:8f:
-         1d:3e:20:60:ea:5c:47:46:b1:26:76:2b:04:d8:48:c1:e2:5b:
-         7a:53:64:9c:fa:58:ea:44:d5:7f:b5:e8:31:16:0f:76:40:c1:
-         c1:57:f5:3c:38:be:b1:9a:ef:00:0e:80:6b:3c:67:82:78:63:
-         6a:4a:0e:0c:e9:5f:71:a2:92:27:f8:c3:ed:49:89:d8:00:5f:
-         6a:f1:cf:5f:c7:64:b1:26:9e:9e:dd:d9:2b:18:94:6e:bc:31:
-         8e:18:be:0e:0e:37:bb:fa:70:a0:de:f5:3a:c0:91:56:37:83:
-         3f:eb:92:90:b5:4d:c0:b8:e5:fb:e4:ef:51:6d:7d:da:b1:2d:
-         c4:cd:e9:40:7c:2e:5f:5c:1e:3c:3c:7f:5f:9e:c6:bf:bf:cb:
-         15:6a:32:42:81:99:09:5d:6b:41:73:52:a0:5e:7f:7c:cc:ab:
-         06:82:d6:64:66:50:cd:a0:92:83:3e:43:2e:fa:93:28:80:bf:
-         f7:15:db:7e:dc:43:d6:09:3b:0b:cf:96:e4:41:ad:27:a3:df:
-         f1:1a:d9:a3:8a:bd:58:7b:33:d3:6c:34:56:48:3b:07:bc:b1:
-         12:8b:ef:e5:ea:5c:3c:98:56:e7:af:c7:aa:a9:d9:b4:d7:d6:
-         c3:47:e2:bd:b4:c0:4a:86:10:7b:59:6a:26:5b:6f:d2:e5:88:
-         a3:c6:f6:07:1a:1b:83:d1:03:5c:75:71:0a:98:2a:b8:f9:be:
-         d2:47:7b:50:95:88:12:b7:20:3d:60:08:8c:ec:1e:d0:b3:64:
-         52:ae:2a:5b:58:31:b9:da:7b:f7:15:8e:62:24:03:ef:4b:2f:
-         29:cf:72:67:f8:53:11:c3:10:fa:38:7b:11:6c:4c:7e:34:02:
-         0f:84:24:83:6c:9c:3a:c7:7a:49:4f:d1:ae:e7:b6:92:86:cb:
-         96:3b:cf:e0:ad:00:8b:08:48:75:fb:d3:76:df:79:7b:8a:cc:
-         92:be:57:19:7a:bd:85:6f:46:7a:f0:3a:c8:7c:c3:bc:3d:2b:
-         58:55:c9:c6:48:8c:17:dc:a7:27:01:86:0b:9e:2e:77:e7:99:
-         5a:72:c3:75:22:b2:9b:a7
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/docs/client_10003.skunkworks.acme.xyz.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/docs/client_10003.skunkworks.acme.xyz.info.txt
@ -1,80 +0,0 @@
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 10003 (0x2713)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=OO, O=ACME, OU=ACME Intermediate, CN=10001.skunkworks.acme.xyz
-        Validity
-            Not Before: Aug  6 18:53:14 2018 GMT
-            Not After : Aug  6 18:53:14 2019 GMT
-        Subject: C=OO, O=ACME, OU=ACME Standard, CN=client_10003.skunkworks.acme.xyz
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (4096 bit)
-                Modulus:
-                    00:a2:f4:f1:e0:06:4c:8c:50:37:b6:30:10:8d:be:
-                    49:8b:f4:6d:97:b6:56:a3:bd:50:88:8c:50:35:31:
-                    b2:81:08:8d:26:5e:38:2e:5f:bd:ff:25:c3:bb:bf:
-                    aa:3b:e8:15:b8:41:cc:50:bd:59:e7:13:54:74:22:
-                    76:a5:49:a7:1f:b9:a9:85:fb:57:f4:bc:62:22:91:
-                    3d:47:38:37:31:99:00:0c:87:a3:15:65:4a:ac:07:
-                    27:70:88:02:d5:cc:e7:7b:b5:24:dd:39:72:1f:0a:
-                    43:87:93:e0:bf:ba:90:23:9e:18:1a:9c:bb:f2:d4:
-                    8e:a7:a1:49:52:3c:d0:a5:14:c1:51:64:ac:bb:43:
-                    5a:cb:34:8d:f7:be:37:62:97:29:fe:d0:62:48:2b:
-                    41:3c:a3:50:d4:9a:fc:71:30:a4:84:f5:30:7c:a7:
-                    61:cb:4f:9c:f8:4a:41:91:91:33:dc:c3:f0:63:4b:
-                    ad:85:15:a7:47:f7:e3:c9:d5:8e:d9:fc:64:20:a9:
-                    d8:de:ce:01:2c:88:3d:74:f2:d4:35:89:1a:e6:44:
-                    ba:8a:c9:a4:b3:07:2d:55:d7:b6:80:78:a8:47:85:
-                    48:f7:5d:96:d2:a7:1c:a5:78:42:0c:12:41:45:e0:
-                    92:4a:a0:64:e4:7a:eb:51:72:84:43:e8:13:8d:4d:
-                    3c:d5:47:d2:75:d9:c4:f2:0a:24:0a:16:86:b0:b9:
-                    df:46:f6:bd:d4:8f:a7:70:96:3a:31:c7:6b:37:a1:
-                    8b:f3:bb:9c:01:c8:cb:88:f6:f4:1a:6e:08:0d:35:
-                    6e:f2:4a:35:f2:5f:d0:5e:e8:cb:a7:66:cb:dd:e1:
-                    e1:db:10:ee:4f:61:58:7d:f1:47:fd:c2:cc:fc:22:
-                    ad:6c:12:8d:91:7d:a8:03:54:df:a9:4e:01:29:33:
-                    9e:d9:b8:10:ef:33:24:e5:ba:ee:07:b7:05:83:a9:
-                    09:d5:79:e6:6d:29:fc:91:50:60:ea:6c:5e:14:b0:
-                    36:fb:ca:62:72:07:47:2d:91:d6:09:0b:ee:39:ec:
-                    d0:55:17:64:f0:f5:fd:e1:f9:f6:4a:26:7e:95:60:
-                    a5:d9:73:2d:93:92:c6:a8:b5:1c:8c:4e:6e:5c:48:
-                    e9:08:d2:0d:4e:c8:7f:c3:ad:eb:bb:20:c8:26:4a:
-                    8f:b1:f4:d6:ea:7e:18:22:07:c6:eb:f2:16:e1:8d:
-                    2e:1f:6f:b0:a1:e7:5b:ce:c1:45:83:28:71:45:b7:
-                    91:11:12:d9:af:49:78:12:7c:3f:e4:3d:79:15:a3:
-                    c2:9d:3d:82:bf:4c:6a:27:2e:4a:40:4b:55:75:1c:
-                    42:bd:f2:31:36:f3:fb:85:ea:b3:1a:62:a9:b3:f3:
-                    46:c6:85
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha256WithRSAEncryption
-         ec:a4:97:e2:6e:97:1c:87:6c:e3:c6:9d:14:32:43:ee:5d:51:
-         b8:2a:f0:c3:8a:b7:a5:df:0b:1a:b6:fd:18:f6:b8:5f:14:e5:
-         71:be:83:a6:93:25:fc:d8:f4:ec:7b:a3:39:98:aa:1f:bd:77:
-         1e:15:85:ef:a6:56:5e:d8:df:56:46:80:b7:c9:f6:ea:c5:d7:
-         bb:5f:09:cd:52:68:6f:1a:33:96:a0:e0:92:db:3c:94:85:de:
-         9a:60:98:92:7a:80:83:bc:0c:6d:5c:16:15:33:42:56:8c:51:
-         42:4d:f1:fe:27:20:63:d8:19:1c:55:d3:89:e9:75:de:3c:2e:
-         4f:52:0e:fb:f9:03:3a:8d:46:dc:7a:cf:98:c4:78:07:44:98:
-         b8:09:cf:ef:f7:05:f6:f7:19:29:df:0c:23:6d:5e:53:46:9c:
-         c7:e4:3f:aa:f7:85:1d:c5:24:46:d2:96:54:be:18:e6:27:92:
-         c3:f2:fb:15:12:43:ef:46:35:a0:a6:e8:19:e5:1f:73:06:5f:
-         17:0f:fb:9e:1d:9a:13:a4:82:c9:ca:7a:5e:da:54:28:65:ce:
-         5c:96:d8:16:72:24:a0:56:12:aa:7f:25:40:09:e9:16:a7:64:
-         24:33:e6:90:8b:c1:95:bd:00:d5:6d:da:01:d4:32:e7:c1:d6:
-         e6:19:4c:55:fc:30:44:f0:2f:94:61:7b:5e:bc:c1:fb:73:94:
-         9b:eb:d5:87:13:ba:f6:e2:8d:16:72:30:75:74:86:41:8c:33:
-         d0:34:82:bc:0c:65:b3:70:c3:15:be:1a:c7:f9:b1:7e:60:1a:
-         3d:fc:aa:a5:68:6e:66:fa:3b:2d:3d:a7:9f:d5:cc:55:f5:fa:
-         c2:6e:46:47:ef:8c:0a:e7:0b:01:2f:8b:9b:23:7d:cf:91:17:
-         2f:6a:da:a2:c5:8f:56:97:4d:45:1b:7a:26:fd:f6:c6:8b:d9:
-         d2:4e:0f:de:07:5a:4a:11:18:9a:8b:a7:9e:1f:04:49:81:c0:
-         59:ef:a9:51:02:eb:3b:c8:8d:8b:88:2c:80:a3:88:98:68:e0:
-         3d:0e:3c:7f:08:7a:0c:f5:09:ad:c5:81:e5:57:d4:ce:6f:03:
-         f8:9e:f6:58:a1:d7:cb:a7:c4:0b:f4:f6:0e:04:5d:20:78:61:
-         7e:95:54:02:cd:4b:09:2a:41:fb:7b:4a:70:3d:62:22:30:8f:
-         ae:24:ef:0e:59:11:22:4d:75:97:bb:eb:12:ba:e9:7c:8c:c5:
-         f9:a4:c5:e8:63:35:8d:9a:dc:3c:f0:73:44:40:f0:2f:8c:ae:
-         52:d0:81:ab:a5:7a:2c:13:f1:a4:40:87:c8:ea:07:72:6b:8a:
-         79:d9:06:f1:a6:ab:45:d9
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/gen_client.sh
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/clients/gen_client.sh
@ -1,58 +0,0 @@
-#!/bin/bash
-#
-# Create CA Intermediate
-# 
-# 
-# This function will generate a CA Intermediate
-# IN: UNIQ_ID_CA, SERIAL
-#
-PARAM1=$1
-PARAM2=$2
-
-usage() {
-  echo
-  echo "Generate a new certificate"
-  echo
-  echo "This program will generate a new certificate authority intermediate"
-  echo "Requires the file ca-i.pem that is used to sign the certificates"
-  echo "The script requires a CA Intermediate certificate used to sign the client"
-  echo ""
-  echo ""
-  echo ""
-  echo
-  echo "Generate a new certificate"
-  echo "  usage:   gen_server.sh  <CA Intermediate> <Org URL> <Serial>"
-  echo
-  echo "  example: gen_server.sh  ca_i_skunkworks.acme.xyz_10001.crt.pem \\"
-  echo "                          skunkworks.acme.xyz \\"
-  echo "                          10052 \\"
-  echo
-  exit 1
-}
-
-
-generate_client() {
-  echo_block "Generate Client Certificates  (${UNIQ_ID})"
-  # params
-  UNIQ_ID=$1
-  UNIQ_ID_CA=$2
-  SERIAL=$3
-
-  openssl genrsa -out "client_${UNIQ_ID}.keys.pem" 4096
-
-  openssl req -new -key "client_${UNIQ_ID}.keys.pem" \
-              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=client_${UNIQ_ID}" \
-              -out "client_${UNIQ_ID}.csr.pem"
-  # Intermediate signs Client
-  openssl x509 -req -days 365 \
-               -CA "ca_i_${UNIQ_ID_CA}.crt.pem" -CAkey "ca_i_${UNIQ_ID_CA}.keys.pem" -set_serial ${SERIAL} \
-               -in "client_${UNIQ_ID}.csr.pem" -out "client_${UNIQ_ID}.crt.pem"
-
-  # Package the Certificates
-  openssl pkcs12 -export -password "pass:password" -inkey "client_${UNIQ_ID}.keys.pem" \
-                 -name "Client ${UNIQ_ID} VPN Certificate" -certfile "ca_cert-chain_${UNIQ_ID_CA}.crts.pem" -caname "client_${UNIQ_ID}@acme.xyz" \
-                 -in "client_${UNIQ_ID}.crt.pem" -out "client_${UNIQ_ID}.p12"
-
-  # verify certificate (output to text file for review)
-  openssl x509 -noout -text -in "client_${UNIQ_ID}.crt.pem" > "client_${UNIQ_ID}.info.txt"
-}
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/cfg/SERIAL
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/cfg/SERIAL
@ -1 +0,0 @@
-10028
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/cfg/ca-i.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/cfg/ca-i.crt.pem
@ -1,32 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIFgTCCA2mgAwIBAgICJxEwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCT08x
-DTALBgNVBAoMBEFDTUUxJTAjBgNVBAMMHHJvb3QuMTAxLnNrdW5rd29ya3MuYWNt
-ZS54eXowHhcNMTgwODA2MTg1MzEyWhcNMjAwODI1MTg1MzEyWjBcMQswCQYDVQQG
-EwJPTzENMAsGA1UECgwEQUNNRTEaMBgGA1UECwwRQUNNRSBJbnRlcm1lZGlhdGUx
-IjAgBgNVBAMMGTEwMDAxLnNrdW5rd29ya3MuYWNtZS54eXowggIiMA0GCSqGSIb3
-DQEBAQUAA4ICDwAwggIKAoICAQDx0d5dxw6oMddU63Jd3fIHNxCtvzPmHJzX+kON
-HFMi2jrrGEMmOcl0h6uyt2i/9Iz9G5gl/XbG86E0poId8FaofrQ2+i4s9UNH+PQu
-kmSUcCyhyHvP1+ibx0uHTi3SeFZ1AWmfsAvtwO9J1AQSgfC98r0y7J9AU4RqHvLM
-UaaRuMHsL82WbKRdno0V9i+SfxfS9UM7QVCL+Aq6ybAMUTQ0XvCJIYj8uUCAWmDk
-QNAg/KdEgpwE8Y5xSIbtXDXkgVKt8dFHF4IFcz67bSAMbo0VQ3jcQtDjkZ3h+FSo
-QPnb9z9rtjTexwphpmHWcYXM44tD/TjiMGS/qyaI1FFQqXmjOkQvvEZvmM7OnVuy
-hcsu9l3CWxcSC17GmirBDhtGzOTgVQr0n28eWQiTwOHYSiCl00AdEvRcDZmMxSji
-8PGxVIEZE3dIP1H02MuBZAG7p0xL1ApqpvndGjHwHkNxKR3/ITZIW1gSTuBIBOKQ
-KKMi6VJjbxcx8OmxPLVnP/EYBbHTcGygHzRFluQWj5h+wO8kKhPeA6VRdrNwUofA
-GA3QYh0mcuI+/aj2rdPorVyxdXyU35bsuzuFcjuhcetsQIYgXsuqtKLQHRWpv2XM
-Igs8Cu7zQt6iGgpcWwt4v+YVgMtgaCyoTZYXg2mIktbhvV4W2r/iXDE5W9B4KSgV
-qLO4kQIDAQABo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIB
-hjAdBgNVHQ4EFgQUXsctOOAY1ahMSM3VEFuWM+7kydQwHwYDVR0jBBgwFoAUaz/w
-VC/Lw1kfDyMyG/H3LEv1F9wwDQYJKoZIhvcNAQELBQADggIBAADgNBKWkTZ1gRSY
-orRRHF03aiJCZRfw7f+ioIaMR7FJuWUgxYFtCZyUI3SxpfTcL6IUIF69zLnDcdJI
-crnUAZGljxZLIp0TLlsG+FpAwFFWKLi87fTHS9Il+ch/hgbCPkEby0fyrmTatkxG
-AbaAAxMU6+WnRJr3ZGp/9ArEW0Xm9BJ7/vhVJ146tM6QfYbN0zdo4JoBv6L2G8u2
-O9l9960JaFauNQc0qedOnWlvfNIRuLGTtUJfVo1rG1n1gFVuDtBm94Y1YmvkkXe5
-CKhpwk1CwC2kx4s1Ia6JM+DhnioqI2iUDdjkJWFxnCrtI+8COxezhn3LAokUvqt3
-o7TDCzx7/MxVoMPWVRpJ1n/tiqwHcmoze2j0Vc1j6bX3moPyINIJe5qPxeJs8YJR
-epkLsuG7TyrAi17PbatjFhVOXTEzEBaR+0Fn3oIsyL4cEyYE5LHDyburUMqAWaYD
-kETshzaQcNNO6Hz3obx4Qn95Ep/uaLc7ge4oIr8kbksHOeWb+EhpgM86cblfrZw3
-vwPM5zSGQXTjie1DG5FZKCgVpRcKZqRzgZWPwyOr+bzF6xfZdG7iZDytA7ERLkv9
-xfaLmRySHH+FxF4rW1GPDloGM2QRQzaR2mHTthi3HWHWOlZewF1s7BABIjbuFOEF
-DvUKOMJ4xWZqwjCifoNTscAwkTb4
-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/cfg/ca-i.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/cfg/ca-i.keys.pem
@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIJKgIBAAKCAgEA8dHeXccOqDHXVOtyXd3yBzcQrb8z5hyc1/pDjRxTIto66xhD
-JjnJdIersrdov/SM/RuYJf12xvOhNKaCHfBWqH60NvouLPVDR/j0LpJklHAsoch7
-z9fom8dLh04t0nhWdQFpn7AL7cDvSdQEEoHwvfK9MuyfQFOEah7yzFGmkbjB7C/N
-lmykXZ6NFfYvkn8X0vVDO0FQi/gKusmwDFE0NF7wiSGI/LlAgFpg5EDQIPynRIKc
-BPGOcUiG7Vw15IFSrfHRRxeCBXM+u20gDG6NFUN43ELQ45Gd4fhUqED52/c/a7Y0
-3scKYaZh1nGFzOOLQ/044jBkv6smiNRRUKl5ozpEL7xGb5jOzp1bsoXLLvZdwlsX
-EgtexpoqwQ4bRszk4FUK9J9vHlkIk8Dh2EogpdNAHRL0XA2ZjMUo4vDxsVSBGRN3
-SD9R9NjLgWQBu6dMS9QKaqb53Rox8B5DcSkd/yE2SFtYEk7gSATikCijIulSY28X
-MfDpsTy1Zz/xGAWx03BsoB80RZbkFo+YfsDvJCoT3gOlUXazcFKHwBgN0GIdJnLi
-Pv2o9q3T6K1csXV8lN+W7Ls7hXI7oXHrbECGIF7LqrSi0B0Vqb9lzCILPAru80Le
-ohoKXFsLeL/mFYDLYGgsqE2WF4NpiJLW4b1eFtq/4lwxOVvQeCkoFaizuJECAwEA
-AQKCAgEAnLXb/Dvu1LMQD/lRMWGO4nwd8+sQEBUE07ZcporvmYuBWS9s/M3ALyNo
-8rWHTbaG09RZIm2C1uW116/8bLh/AEy0L1isKfh7tJ2yaKf4RHX5hpKtIgGSvblG
-yhWw/k97//F9aL4mzNoWeGrMhM3unLo9QE412fMFwdvyjtRvNMpd6dkEy3H2hrEk
-T1IufCqe3tiQzErEjyCcm3Xu/9x0D2hjSwsPgm/vS/7GAcW621XAdFaME2wTWnic
-8B+s0Tu5v/4RGJg0a6HGyqGqfkP6bAhAv8URKBkLDxDmk+8fvRwa3ovC8YhdwvCX
-QOhqxF/FtbbZcUPZVpjsrQmi9LoPl6S0BXcQL5sIRpoJYIG+vviVEcoqnDAG3UQy
-+B30RC4aty2QgacPqoWXKxNqfFe4QDMukMLAG+s3zM6JBk3druKWJoC6NeuJVJYM
-qYp2rHlV/dv740u/00RINEzDJbKOMbUPK/8M8dnGJeENmj8J5VAs6yvh1uxG5nk0
-ULY1Nce/AWUt5iw+eEKXDl3I4gQRpEnyEA3YiBYsnTn0J7XXUhzRGG0+/w3IS4du
-OaUAFvWYgkiVz69SikWQWUfOfb7I3WKcvtGV3D+nWr6NdYeYGH3yOe4JPckdMI/U
-4stdqSnj69Mgc4wQMKmVR1iQw9wrNpbahCEJcUixLQ/fMpYNJ70CggEBAP29iEg4
-UMZkNAVo2xH/s+4QvVSWKN3zhz8W0AWOgyEsUy+cLHV9FhkizQVwIVJYj5YY11uL
-bz1QlmJOkVZp8NttLEzgn8EB9vsOThX5TGRZfvXh0KlbcNL21kyhoeB3ttPzw/Vu
-WoSvzZkwwgdlWfMDRFIH6VABE7+IXzghc9mP2Txua1Ee23HTF3rB3f2Wrosw1hNe
-OHWq8RZn2qOkNLRc78HeBx+Wg0dd4hO4pnFlV+36zNgyw1AC93Xs57gCwVOrkvab
-IW6+aI0tsox5EYIRmLS+6ymopwLE1boUNnGlOBZ311lih2gd9WmLtryROIVhkoo9
-MWRvjQxL57RBKRcCggEBAPP5KQRaXbT/B99xTeaaEVRn1yQ91Ua9oawZnJSfufts
-z/R1xcwu/Htql2TDaKfQuAxfhEBXMZfTZi9RRncYBmRZOu5Oblov8q6+/jsM9KpN
-NraeaPz3lXC7/5xjIB9OfPzmaI+khve0QCZ21DU3Uj3D72ZftKe+vJQz6M9pMhA4
-UitdnBNkQlmVVWRlTzvEkbAWbcCF8Tkut0Ov3lqsn6yZKkQ1fg3+6c8UCjvElJrW
-24fOW3gjfk3SUlRWMtCZn9HU8xYSWi6zrh3BCpx8pyly42MY+IL2R5foNDiZlomL
-vK7qhkSwqxTpjDfo9QB6+O1RkD2AQyUYcYp6KtM05JcCggEAJPCj14fDUq6h2CvE
-wOEOC9mKBrd5qZ5bkTa8ACMYOgse7S56VnxobC5h1KnXYAqelMZ3C8/H2RBTZGp1
-xDPWKcvCCEsnVsz3bONPQOmzUmSpFBjU7OLwEPZ4il15mJk1F7REUgXHzcteTjAH
-/1Wk+7j9CEg4kjol6ttqqVxNZl4HzUFyBDRO1Epb/7YboGCAdqkccWNlKtRBFvb1
-oJ82QQ/Ko9m0Bcg+wnQLhr16FcYgP/gkPFFfl9Vmu1dLAMH97TVsRtSc0GeOBweh
-F8xEXUA8kAu/Zqgz8DZBuz5YEsFv4e1+f3fVqLW71arOZrNpnBlxYQi5mRqYWTLv
-v5FA7wKCAQEA72EmlKXR0dh1shBrHftHS6kDWATvcZR4v/L1RoKeKgqu1C6GX/wu
-MS35051D33yUSVei3Lpw54Y9eenmGM5S3z0J7G66KfVnyXuO2QOyQDK4n2A4pRSL
-5WwgtiIwj2ckjcPJDj+hSgPq+ZKYToq0P/QyviDjkb89KrDwGioeO/n27aPQktpJ
-m7pBadtZbcxGIh8vmroRYEjs+hXiNtevZ9t0tC5EO5lFcbA5BkGwiWiNR+f6qZsx
-v0vBCgz1mOVTAcBOrvZc0/vquDkDn11TawDWCRKkK2NYBb2JF4vjP5wDCyEDkvxB
-MKiisuz5D3qZKclgnGdv+kLMjNGnmUoJiwKCAQEAqi/xTluBlmWtzi9fcic7WTeG
-FgXDaX5/llyr04bpT9NwMLCM3nMV/XHO7p7kVlC6+mIrLh0IwSN9UQ/evKdGHEQf
-EQ7CrE68xnD64Z8EUWAjarw+N+8plEfbgYjzayEVcLs6wMlkzoKWnKy3YHmTENQI
-KvDwk6LWW1R6kIJVE5IKzhCv7y8H9xVITy+4oIqGo75cB+I2Jo8+mEA/VAdQTtmd
-/NPDLnifmebU79Wjyf7FRPPlfk00wu6OChlaqLrlfJI6AvB/TccA9qM8oGXVTz2B
-/qYayhhOULBjcIKpiadQkM+CH3nJqEor7ZV8e5oo99wQSXSyeugchT1MjEqsQg==
-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10002.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10002.skunkworks.acme.xyz.crt.pem
@ -1,36 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIGQDCCBCigAwIBAgICJxIwDQYJKoZIhvcNAQELBQAwXDELMAkGA1UEBhMCT08x
-DTALBgNVBAoMBEFDTUUxGjAYBgNVBAsMEUFDTUUgSW50ZXJtZWRpYXRlMSIwIAYD
-VQQDDBkxMDAwMS5za3Vua3dvcmtzLmFjbWUueHl6MB4XDTE4MDgwNjE4NTMxM1oX
-DTE5MDgwNjE4NTMxM1owWDELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxFjAU
-BgNVBAsMDUFDTUUgU3RhbmRhcmQxIjAgBgNVBAMMGTEwMDAyLnNrdW5rd29ya3Mu
-YWNtZS54eXowggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDlqjKdhxGj
-ZOfzsQ199sX3h1BifGvL7hE7p4i9P9vh34L47rjFEs5LieK1lZxjE54NxkDNbieO
-fMnrT7szEFluSFNYFWoyHA3DZwGgX9/bzwtjloekQKIWyreC00us6QfDJ0ujdvWM
-pDaRVxmsEKBj38f3qjIP41+mOJW9sNtBV27fKtkmwPJYs8coh1XIPWEe0X43wCbu
-7DMshZN0bC8alv9EdLkxA2xkY/GucFqnnuYic7KlqSn3AduW9aPmWMErKqI+AS78
-2vjGdhlZYq1NoxiNytwvKhVPY7uO3SnwQ+9rY86cnHHxyV3k6PwG2v9PyMe9y1m2
-Cfat4l5gwrY43v3aMrQYYGWq1WIbXAqP2KDizUuGKwFnyZGwHMLPN0uIkV5d/lXj
-0cmn4GsJZ5hNfWTAHTDh33xwcb4YaJnYkBA1SuR0FXVdbaVKMJBDbFq7+pKol7Jw
-qxdwpFdLwsZ5AkYwylLmoPmBufbD690IrqxRilyhu7z0xysHwX6t5dDH/L7MLvbh
-avoEOA1Gbh/z9g8onJZyL80qX+PdmZZd5m0hTVZPFMIEA/z6b/PPtzF61zyQi7FN
-3ZjHy12MUJyBqEwjtlMr0m+elB4ARCi7nlOUcm2zbZ5RHRjeSUK6T1DlKc2/LIrZ
-GDhLjfshxapVfOkK/hrAVptA6zjWAo5PJQIDAQABo4IBDjCCAQowCQYDVR0TBAIw
-ADARBglghkgBhvhCAQEEBAMCBkAwGAYJYIZIAYb4QgENBAsWCUFDTUUgQ29ycDAd
-BgNVHQ4EFgQUwB9PVErwnWHOi+qg+HyPMkYcSCIwbAYDVR0jBGUwY4AUXsctOOAY
-1ahMSM3VEFuWM+7kydShR6RFMEMxCzAJBgNVBAYTAk9PMQ0wCwYDVQQKDARBQ01F
-MSUwIwYDVQQDDBxyb290LjEwMS5za3Vua3dvcmtzLmFjbWUueHl6ggInETAOBgNV
-HQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHgYDVR0RBBcwFYITc2t1
-bmt3b3Jrcy5hY21lLnh5ejANBgkqhkiG9w0BAQsFAAOCAgEAuJALl4R/gQU73dne
-48RNqPBy0pMRiHoMkkUk6OJlTtFnQBd+UDjMK2HZqArNfDmHpCWmdSgvxD1Zt2Hl
-MMIDaDMGBuP1rbih4blvN36gDoABbAnbWWPwRRq7k1u6IPxeE/6AhYeuZalk98U4
-9ZMfxwrsIRwjIUBXcZyXM8A/522sxOsppBXvRy6/RVDWm1MyAhOi/JkiuqHJoKis
-O8AhaV0aDaFzMAwcjJmC2PJWbcOV0FP7imy5lsKtLbbFQpgxxkNvybDFIprkW7nG
-3UozHfSHWfz8pIVWvbLIu3hhCZj1jXgZymTQuYP77uU/dmC+mxlU6GES7RqwWT/q
-KyQYumMJ8O8LFoE9JtS4webwczcgeY6XY/AdcsDJ18URSE5fElx8+sdKGlbzFmcf
-UUZYCkRsq7VdQyDL9uuQprEkewa43enWZcGVcIr5nEDDIg9wHOR62L/X5lBSsUjg
-+OYJ8Oe5ZTBxxfhcH/uQoWDK0N97ub739n2qaVBGoLfAI2nL7MlGQNp6HukhYXft
-nYIsxH8b0XSR9bypNIfxRAXfb+rk2z/Oy/A4mBlKia2oYDgz+iBFydCuIMCNCm5X
-vk4S1+DacdTqtjQHIcwjHqY/oVIWCTbvRE7ZlUpp9vvzhuvDF9k00bqz5WuAEwMN
-RT+cSflExaNfZeqMVUkaUSaOdqM=
-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10002.skunkworks.acme.xyz.csr.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10002.skunkworks.acme.xyz.csr.pem
@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIEnTCCAoUCAQAwWDELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxFjAUBgNV
-BAsMDUFDTUUgU3RhbmRhcmQxIjAgBgNVBAMMGTEwMDAyLnNrdW5rd29ya3MuYWNt
-ZS54eXowggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDlqjKdhxGjZOfz
-sQ199sX3h1BifGvL7hE7p4i9P9vh34L47rjFEs5LieK1lZxjE54NxkDNbieOfMnr
-T7szEFluSFNYFWoyHA3DZwGgX9/bzwtjloekQKIWyreC00us6QfDJ0ujdvWMpDaR
-VxmsEKBj38f3qjIP41+mOJW9sNtBV27fKtkmwPJYs8coh1XIPWEe0X43wCbu7DMs
-hZN0bC8alv9EdLkxA2xkY/GucFqnnuYic7KlqSn3AduW9aPmWMErKqI+AS782vjG
-dhlZYq1NoxiNytwvKhVPY7uO3SnwQ+9rY86cnHHxyV3k6PwG2v9PyMe9y1m2Cfat
-4l5gwrY43v3aMrQYYGWq1WIbXAqP2KDizUuGKwFnyZGwHMLPN0uIkV5d/lXj0cmn
-4GsJZ5hNfWTAHTDh33xwcb4YaJnYkBA1SuR0FXVdbaVKMJBDbFq7+pKol7Jwqxdw
-pFdLwsZ5AkYwylLmoPmBufbD690IrqxRilyhu7z0xysHwX6t5dDH/L7MLvbhavoE
-OA1Gbh/z9g8onJZyL80qX+PdmZZd5m0hTVZPFMIEA/z6b/PPtzF61zyQi7FN3ZjH
-y12MUJyBqEwjtlMr0m+elB4ARCi7nlOUcm2zbZ5RHRjeSUK6T1DlKc2/LIrZGDhL
-jfshxapVfOkK/hrAVptA6zjWAo5PJQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIB
-AAKIoUaPwdXSsQGPqhPtkAVblTnbJqFPaa0cdHTPu92DDGP0ZQhCP15pV1kJ4obv
-Dbhk2pf60c7IDW16UAUgu1UJAFtYw/K+GSE8GqWvFS/Cwi1AMekEW9n8gLfoKRhC
-SEmap8QrdCnkuGwAggtUR0LEPK7vP/NFOtDoiiz50oNIDOUlhmhXkGqx2PiM0qFD
-t7CxKNTL7HrqxrfYi87tyNs5pmMRiUsRSIDA5dfSk12JGD/gIA5WDd1NalYx30MJ
-Q7VDNZg56ROUiBeNsQcXVEDmgbX3ggzOtmldzc1Pc767H/o7rLUUizeLurOwOrKH
-4HesApITS8VIs3pTOYFlBIc6co/rUy6HZe26GCkcdyMIWnvM0Seh5BpYR8dCvzXB
-7cxkA2coGv3HrYiHywA9l0ejpGtazVOLvLOaOKuYUTwiYfZQkPO0jyiJdne2BzLX
-zqOXzXV5BRZXoZAqCdmKlDdSDsZ8lvJcDosajxmGt3scakUlsiGzPoHBEbjT0FRK
-uoWHuR2PWKDNX7KJ6173r7xx8ldRw/uAoQmln0xvPY6uRSPMkScHuRb7YBtas8ZH
-weBP3VTsMj9D8+Ou0YA0HkAqlLFEbTmituxoHhitkf6ixETWRMbONXnkgzdPoJ8h
-W0d6LyVO9vy9zs+MI4NXWZOcZNk2y7AUOwIjNo1yKJBb
-----END CERTIFICATE REQUEST-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10002.skunkworks.acme.xyz.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10002.skunkworks.acme.xyz.keys.pem
@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIJKgIBAAKCAgEA5aoynYcRo2Tn87ENffbF94dQYnxry+4RO6eIvT/b4d+C+O64
-xRLOS4nitZWcYxOeDcZAzW4njnzJ60+7MxBZbkhTWBVqMhwNw2cBoF/f288LY5aH
-pECiFsq3gtNLrOkHwydLo3b1jKQ2kVcZrBCgY9/H96oyD+NfpjiVvbDbQVdu3yrZ
-JsDyWLPHKIdVyD1hHtF+N8Am7uwzLIWTdGwvGpb/RHS5MQNsZGPxrnBap57mInOy
-pakp9wHblvWj5ljBKyqiPgEu/Nr4xnYZWWKtTaMYjcrcLyoVT2O7jt0p8EPva2PO
-nJxx8cld5Oj8Btr/T8jHvctZtgn2reJeYMK2ON792jK0GGBlqtViG1wKj9ig4s1L
-hisBZ8mRsBzCzzdLiJFeXf5V49HJp+BrCWeYTX1kwB0w4d98cHG+GGiZ2JAQNUrk
-dBV1XW2lSjCQQ2xau/qSqJeycKsXcKRXS8LGeQJGMMpS5qD5gbn2w+vdCK6sUYpc
-obu89McrB8F+reXQx/y+zC724Wr6BDgNRm4f8/YPKJyWci/NKl/j3ZmWXeZtIU1W
-TxTCBAP8+m/zz7cxetc8kIuxTd2Yx8tdjFCcgahMI7ZTK9JvnpQeAEQou55TlHJt
-s22eUR0Y3klCuk9Q5SnNvyyK2Rg4S437IcWqVXzpCv4awFabQOs41gKOTyUCAwEA
-AQKCAgEAsY8ASuHeNSESY0mDUNu0+kZXU402GhgYorJH+WihquOO8r49g7+iVqxn
-5lOg8Mh97dBU0X5Ufsjjo1WlOTluquCn7vW/gLZHvcapb0AwZlSQTZJXlBmUN2LK
-tg5991TCd5Kt29dgyDc9KOjaJDlGh3C/vS6MPdRgYrZkrp9JJB9gzJDoChoqQ4Ha
-e+8F1yX9LEJy/s9ESnu6pLUw51WspTYQbPCBLO+koYjTlTWwIN+stP4WJBXBKAL7
-rp6C9NexoJn5jU6E8WCp7WXo+z5bFib+GMG5sY0rpJFKtI0wm10qgTBM0K/zOCei
-vBOUpggyU5C7PHU3CpJxcMYOiWiAT8i5+H8lGESiDqGXpLBSWUOcvKvWcodLFkM6
-6ftD5smkgEBeJxG3F9RFfrBEYtC1xFlBtB2RCBcEorTaGORwwft1cXLzx+BT8MP0
-Vtboccz+5fw3CGzxP/6vQ7YrroQJxA7TGE+YFhBbumwADjEbrVoLAsk5rL5e01Ny
-HagpNQ38ebomYYhnsn/mIyFllbIK1IyspISwHqtwDnsRFhR+6aHCJmOgnzNlY7cm
-Op/Fi1H2YfE4j28OKB8PqnxVJTF0iTaFLl2e6i8n4tRZWS6muyA5v05Qel1hb+uv
-dHjfaFJEoeYbmRT14QAku1kdDoJwfuESm0eCxlFcp1kX+tVUy4ECggEBAPbIuiCm
-evlqcoayhSx3Cbj9rePeyWBuEX2jJhFG8eCD6DokybQk/jU+SkQT5IZZCngSZdBo
-ROHCe/p0ZALcucmTnt7dY8teg9RlS2z/33TLuNsx9VXfSOrADJtK2x2mKZJzrNM+
-el/hBm8IpNPU1wOZxQvqBOjOGfGhBP14Qm1kHzxilQvyq8MtLbJIRlgORF/DABaL
-pD+DB86O6khD+iw9nGw050qLqUbi7sZKm4uYjigkNukOb8/7Aai3AKErLO/DfsM3
-F4KGcVvb4S8eyL8vCKgl7SUFY5h02jS7HqKmj9loUWqRL1xc3wdHMIX1c6L4ST9C
-EAjrL5P/mD35lrkCggEBAO49zzRm8iyp6zpsieDNdT0DQ2twqp0dduyODPRF9ET/
-o4y6lR58bx+epri4TFMBmIOVV4jsPC9bxIU1YoOPdB79ODigmtk80a1FwthX8L4Z
-HLutO3PQ3eeDF8aZ6BE6YXYNIPu0szBp0BMy3WKjSxVvkjt9WreCnymqgL5KiqNn
-Q7qE2/nC+i3zbHupMisgD/NrS74urjDjHXBUw0VAXygMWlk+VPQ/AkGwj4XZFfqj
-4PwAcDtlQFQHbIthcKGXEdnJjeqTGNQnkzfp7/4uij/xuGSvkdRKNAubLvGl2z8k
-gHgADzuVgzk7LnO0FfPnZorPkfqEJBsl0+npQCA3Bc0CggEBAKnKHNUN9ZnYtQcb
-mCipldTjJFqdE2v3Dq2kLDLC3vObjZFDcksxEH1NaAdCsH4GkP9fmRE0TAAPsQD2
-R0D44BJiMHIhW+G2G3lsX+KUgQd4iqy0yJjWUPLCQ2osrGjPw9ZxI70LRWLmDWkj
-R1Q/IdfmWf4CenI6Kvtlz2sc7Ica1arUILvhsG9OjBwXQd6fokdIgK0CUnUoD5z8
-ExC5RExf71k7ZM6THFobFDD1b+MxiMzxbZ4XQrKTfea4UgSREg+8L2DcbJ5vJVsQ
-AvRKd8+h6pDV1z0bYhSogOC6xS8e7eWksi9hyHYBp6j4P9hKsc60iKCvMR0RwuBO
-gE5ThHECggEBAN38F7qDBboaJYUNpzchGdFc3hAZLdAxqSLnhSiCmgVEkZbKL7H1
-TfGPeVd62hspzHsmxyZcwAN8pVNdl8pv+0n4tc8FzuMF6XVjIBdHcZkfewdgdZoH
-jwxtuNSjiXmsBS3jM8105NYCcg/BgEitUIPLrtzhg4qkGjvPlCA7Ao0Y5iHAM9u4
-EjaIr5dV4toOCO7OFghCJKqGpGKLiFtZjJCbWf/3tV7T6v1cT47u5Kziz/rfSbP+
-Nv9U343LoA/g3JAqXqKopyTfLyyVPLqBkO3eA+tFMEM3VOFPmmEtImnmUBIANDFX
-saq8+x5yOVZHUeObXzCmuaHWEGvOm6Kowi0CggEAT++n5AMRO0Swib9a0WwSNRgZ
-W3Ybyg17F6hW/y+6ck/60HsYGQ9G03N3fo5yVF2VENg+3qFBMKMoPPM/PZdxesJo
-tWEzkXM4UyyFbXlmpCNstolzXWEq3a6czgqqSnX1dCNGZXgKbKuSwARFo78vFIUU
-IavLMKOr1lKMJtMY3stdS61+hDmp0eXzQtWjg/hwWofTyXYGWoCcvMEmsZxIjQKk
-9drrVk644sMZ93nnM9byyg+n3z46bCOTDywNFy5Ri+XN+8/wbgssyD7Uadq7rR48
-7srE1FIz88gyeK9VvNL6Ij47WzGmgDgZV3wd9JGizpbFa9U1PW7va/zbj2ZxWQ==
-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10003.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10003.skunkworks.acme.xyz.crt.pem
@ -1,36 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIGQDCCBCigAwIBAgICJxMwDQYJKoZIhvcNAQELBQAwXDELMAkGA1UEBhMCT08x
-DTALBgNVBAoMBEFDTUUxGjAYBgNVBAsMEUFDTUUgSW50ZXJtZWRpYXRlMSIwIAYD
-VQQDDBkxMDAwMS5za3Vua3dvcmtzLmFjbWUueHl6MB4XDTE4MDgwNjE4NTMxNFoX
-DTE5MDgwNjE4NTMxNFowWDELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxFjAU
-BgNVBAsMDUFDTUUgU3RhbmRhcmQxIjAgBgNVBAMMGTEwMDAzLnNrdW5rd29ya3Mu
-YWNtZS54eXowggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCtaA8xY3Au
-p1QSDRH+gLBw73soQACVVw4swT03ehaiGNNBy7I2WrL+13seU8dYx8hv/O+rig61
-DyKk8gHg1EfMhJgaX6dD7XZI0cSTIOC5S4ipoGSJvyWQoNNUEVDYwhjPF7uQtB0P
-R6lIJm4QfaBBmsTx21R4DMUQREn/2ws9En+Pl4h1u92GTkfcc5q55vzkrwXcrW1b
-njF1UNRscUlqgWnDGChWNpE5PgJpYQZtf5SfW5POdGmF9C3QX+KZ73Kh2fYy3tnz
-aDGx+I78lOhaNth46LBC3vPGPcSnkBXgKXl1WxcAm/DKnQUg47T6KZN/TyktOkyG
-sNG+vzqHM7WOEUa8GVeqHSwg4yGDiQeDC+eBtFySOTsPYWHt36nBQawy9yGREoHC
-q7yrhL0uGVdwn+Dyw3P5FHhcIrE3hgVWysIKd3OHormnUpDLf7EyVRSVv89V8dFn
-OjhCaniXapeqGqmMOpeCBjmDR5z1UB7Uuq17cO2dsPrvymo3g2nWYWAihNWEMNj2
-kdncP2K2ZA/onT5a77KK9Wn5XCXTN9UttGosbaEdy1SLh54LpTyaimtu7PoqI1Xw
-Od9rzfmRmX7GZDy8PKzX2OIShZh2cK0Gmy5m2tXTJZxQ6FLIAn7BmI7mCHffCCEi
-Uh6w7ls/y6p/idXP78pfcJmGQ+n+heWsewIDAQABo4IBDjCCAQowCQYDVR0TBAIw
-ADARBglghkgBhvhCAQEEBAMCBkAwGAYJYIZIAYb4QgENBAsWCUFDTUUgQ29ycDAd
-BgNVHQ4EFgQUHYy8RlI3XCE5fdEpp16ruMm0P+UwbAYDVR0jBGUwY4AUXsctOOAY
-1ahMSM3VEFuWM+7kydShR6RFMEMxCzAJBgNVBAYTAk9PMQ0wCwYDVQQKDARBQ01F
-MSUwIwYDVQQDDBxyb290LjEwMS5za3Vua3dvcmtzLmFjbWUueHl6ggInETAOBgNV
-HQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHgYDVR0RBBcwFYITc2t1
-bmt3b3Jrcy5hY21lLnh5ejANBgkqhkiG9w0BAQsFAAOCAgEAEfnmW6usnkQAoXQE
-MCA/+/1JpjNDUPjnLAz9bljALy9rh7MddjQLH3s7iFeP1LZkXYwtaVgcAkj79Ms+
-9jPlO6MyrMxX1lECUdm+X7eZGbNCYRmOQgwNh66ZDA+19kPJMdakznYeaQkNx4+q
-e4JEL4Uiidcd0MsJCQeZyJUuC1Q3joC5lYWXiDUHrw2349ZW7cYYJarDoQJXiRtt
-J/1xTFB7Xd6G1wJrJDi909OvnUuvZxO0A+/cCYN1BtPWEWy5yYtBOs1OiUIlsRVr
-Ny0FoH/HNI8SfFAZwceZDnS9RsgogLu8cLs7mpWU8vyvitaDDFAg4blwzsd1i0Jn
-MVg6jDwuWF/3ZYR8DyTvopmbrqoAwG00uESVN1CFBke6WbJWT+Vx5bUAyzA0l3BO
-gM3474bQOk15i608UQhe0xdUkeGNCfWDoBHm33e7obfRMY9yWKTbAf6b8Kvhszxg
-YPLr4AFjqKvPhCHXh4+g/0AoOAnDK23Ml9JXOT0M5cHbSXZm5UmsDkLW7c0p6VsG
-QRXrVO/CUN7sQPr8CXBqEeL9FQmkzhlW8KAvccbdRb8dbWn0Ft6zNkSREZ/XJuf6
-k/wbUOYN2AS2g2QlQRWn3PtGjYriRMUKex8qVFWPLSVSi9a7hvT3hSKER/H7pYzr
-zDbdyEzsrkOgcUfrEC4ysZJWPkg=
-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10003.skunkworks.acme.xyz.csr.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10003.skunkworks.acme.xyz.csr.pem
@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIEnTCCAoUCAQAwWDELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxFjAUBgNV
-BAsMDUFDTUUgU3RhbmRhcmQxIjAgBgNVBAMMGTEwMDAzLnNrdW5rd29ya3MuYWNt
-ZS54eXowggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCtaA8xY3Aup1QS
-DRH+gLBw73soQACVVw4swT03ehaiGNNBy7I2WrL+13seU8dYx8hv/O+rig61DyKk
-8gHg1EfMhJgaX6dD7XZI0cSTIOC5S4ipoGSJvyWQoNNUEVDYwhjPF7uQtB0PR6lI
-Jm4QfaBBmsTx21R4DMUQREn/2ws9En+Pl4h1u92GTkfcc5q55vzkrwXcrW1bnjF1
-UNRscUlqgWnDGChWNpE5PgJpYQZtf5SfW5POdGmF9C3QX+KZ73Kh2fYy3tnzaDGx
-+I78lOhaNth46LBC3vPGPcSnkBXgKXl1WxcAm/DKnQUg47T6KZN/TyktOkyGsNG+
-vzqHM7WOEUa8GVeqHSwg4yGDiQeDC+eBtFySOTsPYWHt36nBQawy9yGREoHCq7yr
-hL0uGVdwn+Dyw3P5FHhcIrE3hgVWysIKd3OHormnUpDLf7EyVRSVv89V8dFnOjhC
-aniXapeqGqmMOpeCBjmDR5z1UB7Uuq17cO2dsPrvymo3g2nWYWAihNWEMNj2kdnc
-P2K2ZA/onT5a77KK9Wn5XCXTN9UttGosbaEdy1SLh54LpTyaimtu7PoqI1XwOd9r
-zfmRmX7GZDy8PKzX2OIShZh2cK0Gmy5m2tXTJZxQ6FLIAn7BmI7mCHffCCEiUh6w
-7ls/y6p/idXP78pfcJmGQ+n+heWsewIDAQABoAAwDQYJKoZIhvcNAQELBQADggIB
-AF5WVuu2NyCp8OqRlnFmzpvwLl/znDJqHZoE7OumD8rv89OzRwZpKCArtLxB6Ed7
-HoZ2WdGNZmBTNllK7oYAWnXTWvL817kFmJ8W5SXD1sqUn9qHav3GwfTmBGqi4mkZ
-FSXwtOB1GJoqeDkfK97OUWjSagNQLIS9cHqQDi0T6BcUv37ANLmo+7IO2q4avhAY
-WQ7w0frmFx6DyIM20L3XzlwWstGqOVWKShaeQx7nn8yVy/HFLPtIPdK6BE+PnieZ
-Gdv0XB7dfwIhgABKMcm8pxdMjDghzerAN+fPxhx8DrIARUINipl2jJIuoAvIBdcn
-K7bNW58HiqRsln9P4ZJuyPQSyh7AhvrGMXkxxpk40RsZ1KrFBwzb82+ZSqKSOI2a
-A/vnd4MuPXiFqwDqh/41yhHs6mqrkvzjb8UhP9bMe7kxXh2Q7I9Jtmgn/GzSssxp
-iC5TXlrX4cy9VvsSi3wkjxtNXAlSBh13rTDwzYzkkDo689nSew+sH65q9N3MGDwV
-IZQeiLPQVB5hFfwQtO8j/YMpthGpLIwcxz8yr2Is1bHl1nq5kuYkMMFp7/uPH02/
-FhgOp2pRHnjTnCso/Xm1NEJqbYLNEpWdW0ZsRh8ZBe7R3CaVJp9veUojutcy5JJ2
-B16okynMRAKS8ykS3SwCbxykQBvCddnxTRaP+AZzvrQ/
-----END CERTIFICATE REQUEST-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10003.skunkworks.acme.xyz.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/data/server_10003.skunkworks.acme.xyz.keys.pem
@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEArWgPMWNwLqdUEg0R/oCwcO97KEAAlVcOLME9N3oWohjTQcuy
-Nlqy/td7HlPHWMfIb/zvq4oOtQ8ipPIB4NRHzISYGl+nQ+12SNHEkyDguUuIqaBk
-ib8lkKDTVBFQ2MIYzxe7kLQdD0epSCZuEH2gQZrE8dtUeAzFEERJ/9sLPRJ/j5eI
-dbvdhk5H3HOaueb85K8F3K1tW54xdVDUbHFJaoFpwxgoVjaROT4CaWEGbX+Un1uT
-znRphfQt0F/ime9yodn2Mt7Z82gxsfiO/JToWjbYeOiwQt7zxj3Ep5AV4Cl5dVsX
-AJvwyp0FIOO0+imTf08pLTpMhrDRvr86hzO1jhFGvBlXqh0sIOMhg4kHgwvngbRc
-kjk7D2Fh7d+pwUGsMvchkRKBwqu8q4S9LhlXcJ/g8sNz+RR4XCKxN4YFVsrCCndz
-h6K5p1KQy3+xMlUUlb/PVfHRZzo4Qmp4l2qXqhqpjDqXggY5g0ec9VAe1Lqte3Dt
-nbD678pqN4Np1mFgIoTVhDDY9pHZ3D9itmQP6J0+Wu+yivVp+Vwl0zfVLbRqLG2h
-HctUi4eeC6U8moprbuz6KiNV8Dnfa835kZl+xmQ8vDys19jiEoWYdnCtBpsuZtrV
-0yWcUOhSyAJ+wZiO5gh33wghIlIesO5bP8uqf4nVz+/KX3CZhkPp/oXlrHsCAwEA
-AQKCAgBfQZd++PHqHu8Wz2lAFi9Wiqdrz+TCJMVbnndjX0TJnLuIHD50j1Rem749
-RaZvRaf8pMR/xeIYYg0U8QBJIjOizH/FlSAMN4jPrbO/YsMv5qdXDw3LgV5AWahd
-OPnhaJY6RP47GkYQW7xJLxstIeWDxGJFvcdj/xfNvMWtsAU3ck7ycTp7+kxRd/UP
-y82GK7ZmZSLiO76kIn1mxZU7UOwUfqy7iCy4V1dlS4QFoU/nnLrm42aJdfd1p1H3
-coTHLPsan+IXxcWSaX1LF5Bsfdw5moFFwgT5ZwIgt1Os/ICX2BCpf/Vd10vp8WGc
-1JlZBrfIqpKjDrB1GPLPRrr/BE/JqGLtzJ7b5Ze5Qqe6VjJFOo5p5US992P99g+I
-crItK0q+4iLruVMwVxlrUPqk0Sgk5vYBtsQIXdpznvoKZvqslnh1NoNobZ4ZwyRE
-WzhlNuqqB+bKzMfv6eKYYhZIrAkMaRHa5SroYx87Xi7WS3V3p7/sQxnmzJ98WX21
-kxlnr7tsdeJ8O44ysJyQDK5Jzk8KqkCk+XejanBpZQRH3RC2kpJlwUQvOIbltsin
-lOTVG27Oilo5nsb14K8t5rR6LpQCUAKEGjOVaPnDx8ck7h27pxlVnDnD/vAjYlSo
-U3Tk0HI+s1smiP0RylmIuOPlKjbieGN6klhKlitk5tXoYqhPsQKCAQEA2h8E5w9/
-5fOw7WVp1ufu/JZ+9cmQe+qwDfYJ1xglMgaB7MVVwA4mrXBy/rRjrG4561nmKVoT
-Y1kSaScCvdDBQL4/tMYaa+ytzfH+wvxiStlscjbtr26eqdcqe7jq95m7TEgbG+CJ
-TJ3+MH0HtXd8S/PZQFypN6AXngmH9uSyXKlQ5GYbwUjNCTwXh4dy/Z4e+F7WLGIs
-Y+zbH7nLqbdZQObLmv/59DlzNoQtZTeHuqou+w7YaMd30Ogf4VuDgkFbrID8TEKV
-FsDGeT/vgO75v8X/P5tv2+h+9Oi8BAYDm/hE4IvCyAS/MYS9oGhfsIY2laZdiJBe
-+P1WkNU8SK9imQKCAQEAy4UqeYHaIR9YDrOGUMcZ8gH/hoOuXPRKZ7oJPHPjD21q
-H8lvXXeO6+OosgXR3znvtYYR+ruw33GqH9cCKpsONAPdimPg/JZEiVWq5mKX2rsm
-qwUQa9ZWhTnKIJPHmKy1dLBUoizzsLbmiQwV1edM2OiF2G6x/1ul7YRL9kCdRdIl
-DLwa/ZRI6lxxYGWfvP4UPhb7bAXrQdczSdQQIrO7A3IGd38VFlBccuARbGVl3Xjy
-OottxF2OjH+zeWdYL6SpNyQPF7vKR/+2xaZO76qjmj5Wr33TgA6qt3KW6XqKDaIB
-hM5dva9xRmwI4+RlrwqRKcmrLZJ/ZM1HkbmjT0pIMwKCAQAlj+3yNJMb8IlpeGtv
-nOVlDi2y+hEtpc7HuLUdG4VcRg6dzaXkuwsiFxlWj44SpbDHvOWL/X0VQMOQ5Czu
-r0J4ecrSwMLQDyQnMSNkRL5QkXzBdoAcE/qy2ODyCXg9R3YfvtMcS+CZFyQtCXsI
-XxlCoy2ojcx+Tc2DY7TMabnlhyrtCkCBWp4klvqeVk8RKee/ceWEIyvt0V4y6nYO
-NgriyFwLx0UuL66NltmScqunE6OfjIDsGl2h1jeXQYE2LzcwT84i+9xc3LnRK5d9
-JqpPwjMgqw3qWvFyD5pBPx/j/i8uVCMo+thKGMfnFdJUvegsgUfeOq6ARnBf5LjK
-85kRAoIBACDBihiMYcM6/D1Bf7i4kuB0md/YidPELcWMF7h3HnB5N79t+FKez43/
-0kL01NaMyJv6vCIS22DbNnpxbJPW6O5OQPXpJWkB9n30H9F8xNwbixmzcvUoRjyj
-FHkxz8ou4fWp+7UubvpeNbSREWKgG6o9om03Q8bJxWb5CBDWTXnTXMsz61Qs7Z9q
-yYSuVotgiXmE0WqNeVPbgxG64+3x54OicpABEC/LN1X14lgD6eU/dh0eG8ijFjJe
-y1Aa5gKlCecqEpPLUb9M1Ony3nmMiVBmACW2prfRpIBqHQfvBRE0pfHuFQBWoHCp
-KrUjKYqGtN546ugm0AI1V/OIYVR9rCkCggEAXsUVKdw7gWqcoHtW1cKWaddTC8F0
-yUwYwZi93uOIoOYlQUBhXjiNMYf+NTb0zYdkxvYhc6dgSBChKX+rr5KZrZSqCwlI
-sar5Bwo7KFLHIPxQTWlf7jm3NbZFPeS2rBkmqBEINRxmfAovlnJYvUHDVRKnrlFX
-+wTxMm+KQwHbhbvMK1zwaCFS+PNB2rtnDlQQnPneAKKBR7pFWTShflL/6VapSsBV
-xeGy7AA++VN2zm1duni07ku3Laz9zXvKnyn7MJs/ehujOMVDFT2BYVlnuPnj/Btz
-1g4z5MLhiL3QcpIChugJfWAioe6U4jdGa7oY0UFdUDg71wV74EpWqfkwSA==
-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/distro/server_10002.skunkworks.acme.xyz.p12
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/distro/server_10002.skunkworks.acme.xyz.p12
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/distro/server_10003.skunkworks.acme.xyz.p12
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/distro/server_10003.skunkworks.acme.xyz.p12
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/docs/server_10002.skunkworks.acme.xyz.crt.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/docs/server_10002.skunkworks.acme.xyz.crt.info.txt
@ -1,100 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 10002 (0x2712)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=OO, O=ACME, OU=ACME Intermediate, CN=10001.skunkworks.acme.xyz
-        Validity
-            Not Before: Aug  6 18:53:13 2018 GMT
-            Not After : Aug  6 18:53:13 2019 GMT
-        Subject: C=OO, O=ACME, OU=ACME Standard, CN=10002.skunkworks.acme.xyz
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (4096 bit)
-                Modulus:
-                    00:e5:aa:32:9d:87:11:a3:64:e7:f3:b1:0d:7d:f6:
-                    c5:f7:87:50:62:7c:6b:cb:ee:11:3b:a7:88:bd:3f:
-                    db:e1:df:82:f8:ee:b8:c5:12:ce:4b:89:e2:b5:95:
-                    9c:63:13:9e:0d:c6:40:cd:6e:27:8e:7c:c9:eb:4f:
-                    bb:33:10:59:6e:48:53:58:15:6a:32:1c:0d:c3:67:
-                    01:a0:5f:df:db:cf:0b:63:96:87:a4:40:a2:16:ca:
-                    b7:82:d3:4b:ac:e9:07:c3:27:4b:a3:76:f5:8c:a4:
-                    36:91:57:19:ac:10:a0:63:df:c7:f7:aa:32:0f:e3:
-                    5f:a6:38:95:bd:b0:db:41:57:6e:df:2a:d9:26:c0:
-                    f2:58:b3:c7:28:87:55:c8:3d:61:1e:d1:7e:37:c0:
-                    26:ee:ec:33:2c:85:93:74:6c:2f:1a:96:ff:44:74:
-                    b9:31:03:6c:64:63:f1:ae:70:5a:a7:9e:e6:22:73:
-                    b2:a5:a9:29:f7:01:db:96:f5:a3:e6:58:c1:2b:2a:
-                    a2:3e:01:2e:fc:da:f8:c6:76:19:59:62:ad:4d:a3:
-                    18:8d:ca:dc:2f:2a:15:4f:63:bb:8e:dd:29:f0:43:
-                    ef:6b:63:ce:9c:9c:71:f1:c9:5d:e4:e8:fc:06:da:
-                    ff:4f:c8:c7:bd:cb:59:b6:09:f6:ad:e2:5e:60:c2:
-                    b6:38:de:fd:da:32:b4:18:60:65:aa:d5:62:1b:5c:
-                    0a:8f:d8:a0:e2:cd:4b:86:2b:01:67:c9:91:b0:1c:
-                    c2:cf:37:4b:88:91:5e:5d:fe:55:e3:d1:c9:a7:e0:
-                    6b:09:67:98:4d:7d:64:c0:1d:30:e1:df:7c:70:71:
-                    be:18:68:99:d8:90:10:35:4a:e4:74:15:75:5d:6d:
-                    a5:4a:30:90:43:6c:5a:bb:fa:92:a8:97:b2:70:ab:
-                    17:70:a4:57:4b:c2:c6:79:02:46:30:ca:52:e6:a0:
-                    f9:81:b9:f6:c3:eb:dd:08:ae:ac:51:8a:5c:a1:bb:
-                    bc:f4:c7:2b:07:c1:7e:ad:e5:d0:c7:fc:be:cc:2e:
-                    f6:e1:6a:fa:04:38:0d:46:6e:1f:f3:f6:0f:28:9c:
-                    96:72:2f:cd:2a:5f:e3:dd:99:96:5d:e6:6d:21:4d:
-                    56:4f:14:c2:04:03:fc:fa:6f:f3:cf:b7:31:7a:d7:
-                    3c:90:8b:b1:4d:dd:98:c7:cb:5d:8c:50:9c:81:a8:
-                    4c:23:b6:53:2b:d2:6f:9e:94:1e:00:44:28:bb:9e:
-                    53:94:72:6d:b3:6d:9e:51:1d:18:de:49:42:ba:4f:
-                    50:e5:29:cd:bf:2c:8a:d9:18:38:4b:8d:fb:21:c5:
-                    aa:55:7c:e9:0a:fe:1a:c0:56:9b:40:eb:38:d6:02:
-                    8e:4f:25
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Cert Type: 
-                SSL Server
-            Netscape Comment: 
-                ACME Corp
-            X509v3 Subject Key Identifier: 
-                C0:1F:4F:54:4A:F0:9D:61:CE:8B:EA:A0:F8:7C:8F:32:46:1C:48:22
-            X509v3 Authority Key Identifier: 
-                keyid:5E:C7:2D:38:E0:18:D5:A8:4C:48:CD:D5:10:5B:96:33:EE:E4:C9:D4
-                DirName:/C=OO/O=ACME/CN=root.101.skunkworks.acme.xyz
-                serial:27:11
-
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-            X509v3 Subject Alternative Name: 
-                DNS:skunkworks.acme.xyz
-    Signature Algorithm: sha256WithRSAEncryption
-         b8:90:0b:97:84:7f:81:05:3b:dd:d9:de:e3:c4:4d:a8:f0:72:
-         d2:93:11:88:7a:0c:92:45:24:e8:e2:65:4e:d1:67:40:17:7e:
-         50:38:cc:2b:61:d9:a8:0a:cd:7c:39:87:a4:25:a6:75:28:2f:
-         c4:3d:59:b7:61:e5:30:c2:03:68:33:06:06:e3:f5:ad:b8:a1:
-         e1:b9:6f:37:7e:a0:0e:80:01:6c:09:db:59:63:f0:45:1a:bb:
-         93:5b:ba:20:fc:5e:13:fe:80:85:87:ae:65:a9:64:f7:c5:38:
-         f5:93:1f:c7:0a:ec:21:1c:23:21:40:57:71:9c:97:33:c0:3f:
-         e7:6d:ac:c4:eb:29:a4:15:ef:47:2e:bf:45:50:d6:9b:53:32:
-         02:13:a2:fc:99:22:ba:a1:c9:a0:a8:ac:3b:c0:21:69:5d:1a:
-         0d:a1:73:30:0c:1c:8c:99:82:d8:f2:56:6d:c3:95:d0:53:fb:
-         8a:6c:b9:96:c2:ad:2d:b6:c5:42:98:31:c6:43:6f:c9:b0:c5:
-         22:9a:e4:5b:b9:c6:dd:4a:33:1d:f4:87:59:fc:fc:a4:85:56:
-         bd:b2:c8:bb:78:61:09:98:f5:8d:78:19:ca:64:d0:b9:83:fb:
-         ee:e5:3f:76:60:be:9b:19:54:e8:61:12:ed:1a:b0:59:3f:ea:
-         2b:24:18:ba:63:09:f0:ef:0b:16:81:3d:26:d4:b8:c1:e6:f0:
-         73:37:20:79:8e:97:63:f0:1d:72:c0:c9:d7:c5:11:48:4e:5f:
-         12:5c:7c:fa:c7:4a:1a:56:f3:16:67:1f:51:46:58:0a:44:6c:
-         ab:b5:5d:43:20:cb:f6:eb:90:a6:b1:24:7b:06:b8:dd:e9:d6:
-         65:c1:95:70:8a:f9:9c:40:c3:22:0f:70:1c:e4:7a:d8:bf:d7:
-         e6:50:52:b1:48:e0:f8:e6:09:f0:e7:b9:65:30:71:c5:f8:5c:
-         1f:fb:90:a1:60:ca:d0:df:7b:b9:be:f7:f6:7d:aa:69:50:46:
-         a0:b7:c0:23:69:cb:ec:c9:46:40:da:7a:1e:e9:21:61:77:ed:
-         9d:82:2c:c4:7f:1b:d1:74:91:f5:bc:a9:34:87:f1:44:05:df:
-         6f:ea:e4:db:3f:ce:cb:f0:38:98:19:4a:89:ad:a8:60:38:33:
-         fa:20:45:c9:d0:ae:20:c0:8d:0a:6e:57:be:4e:12:d7:e0:da:
-         71:d4:ea:b6:34:07:21:cc:23:1e:a6:3f:a1:52:16:09:36:ef:
-         44:4e:d9:95:4a:69:f6:fb:f3:86:eb:c3:17:d9:34:d1:ba:b3:
-         e5:6b:80:13:03:0d:45:3f:9c:49:f9:44:c5:a3:5f:65:ea:8c:
-         55:49:1a:51:26:8e:76:a3
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/docs/server_10003.skunkworks.acme.xyz.crt.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/docs/server_10003.skunkworks.acme.xyz.crt.info.txt
@ -1,100 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 10003 (0x2713)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=OO, O=ACME, OU=ACME Intermediate, CN=10001.skunkworks.acme.xyz
-        Validity
-            Not Before: Aug  6 18:53:14 2018 GMT
-            Not After : Aug  6 18:53:14 2019 GMT
-        Subject: C=OO, O=ACME, OU=ACME Standard, CN=10003.skunkworks.acme.xyz
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (4096 bit)
-                Modulus:
-                    00:ad:68:0f:31:63:70:2e:a7:54:12:0d:11:fe:80:
-                    b0:70:ef:7b:28:40:00:95:57:0e:2c:c1:3d:37:7a:
-                    16:a2:18:d3:41:cb:b2:36:5a:b2:fe:d7:7b:1e:53:
-                    c7:58:c7:c8:6f:fc:ef:ab:8a:0e:b5:0f:22:a4:f2:
-                    01:e0:d4:47:cc:84:98:1a:5f:a7:43:ed:76:48:d1:
-                    c4:93:20:e0:b9:4b:88:a9:a0:64:89:bf:25:90:a0:
-                    d3:54:11:50:d8:c2:18:cf:17:bb:90:b4:1d:0f:47:
-                    a9:48:26:6e:10:7d:a0:41:9a:c4:f1:db:54:78:0c:
-                    c5:10:44:49:ff:db:0b:3d:12:7f:8f:97:88:75:bb:
-                    dd:86:4e:47:dc:73:9a:b9:e6:fc:e4:af:05:dc:ad:
-                    6d:5b:9e:31:75:50:d4:6c:71:49:6a:81:69:c3:18:
-                    28:56:36:91:39:3e:02:69:61:06:6d:7f:94:9f:5b:
-                    93:ce:74:69:85:f4:2d:d0:5f:e2:99:ef:72:a1:d9:
-                    f6:32:de:d9:f3:68:31:b1:f8:8e:fc:94:e8:5a:36:
-                    d8:78:e8:b0:42:de:f3:c6:3d:c4:a7:90:15:e0:29:
-                    79:75:5b:17:00:9b:f0:ca:9d:05:20:e3:b4:fa:29:
-                    93:7f:4f:29:2d:3a:4c:86:b0:d1:be:bf:3a:87:33:
-                    b5:8e:11:46:bc:19:57:aa:1d:2c:20:e3:21:83:89:
-                    07:83:0b:e7:81:b4:5c:92:39:3b:0f:61:61:ed:df:
-                    a9:c1:41:ac:32:f7:21:91:12:81:c2:ab:bc:ab:84:
-                    bd:2e:19:57:70:9f:e0:f2:c3:73:f9:14:78:5c:22:
-                    b1:37:86:05:56:ca:c2:0a:77:73:87:a2:b9:a7:52:
-                    90:cb:7f:b1:32:55:14:95:bf:cf:55:f1:d1:67:3a:
-                    38:42:6a:78:97:6a:97:aa:1a:a9:8c:3a:97:82:06:
-                    39:83:47:9c:f5:50:1e:d4:ba:ad:7b:70:ed:9d:b0:
-                    fa:ef:ca:6a:37:83:69:d6:61:60:22:84:d5:84:30:
-                    d8:f6:91:d9:dc:3f:62:b6:64:0f:e8:9d:3e:5a:ef:
-                    b2:8a:f5:69:f9:5c:25:d3:37:d5:2d:b4:6a:2c:6d:
-                    a1:1d:cb:54:8b:87:9e:0b:a5:3c:9a:8a:6b:6e:ec:
-                    fa:2a:23:55:f0:39:df:6b:cd:f9:91:99:7e:c6:64:
-                    3c:bc:3c:ac:d7:d8:e2:12:85:98:76:70:ad:06:9b:
-                    2e:66:da:d5:d3:25:9c:50:e8:52:c8:02:7e:c1:98:
-                    8e:e6:08:77:df:08:21:22:52:1e:b0:ee:5b:3f:cb:
-                    aa:7f:89:d5:cf:ef:ca:5f:70:99:86:43:e9:fe:85:
-                    e5:ac:7b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Cert Type: 
-                SSL Server
-            Netscape Comment: 
-                ACME Corp
-            X509v3 Subject Key Identifier: 
-                1D:8C:BC:46:52:37:5C:21:39:7D:D1:29:A7:5E:AB:B8:C9:B4:3F:E5
-            X509v3 Authority Key Identifier: 
-                keyid:5E:C7:2D:38:E0:18:D5:A8:4C:48:CD:D5:10:5B:96:33:EE:E4:C9:D4
-                DirName:/C=OO/O=ACME/CN=root.101.skunkworks.acme.xyz
-                serial:27:11
-
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-            X509v3 Subject Alternative Name: 
-                DNS:skunkworks.acme.xyz
-    Signature Algorithm: sha256WithRSAEncryption
-         11:f9:e6:5b:ab:ac:9e:44:00:a1:74:04:30:20:3f:fb:fd:49:
-         a6:33:43:50:f8:e7:2c:0c:fd:6e:58:c0:2f:2f:6b:87:b3:1d:
-         76:34:0b:1f:7b:3b:88:57:8f:d4:b6:64:5d:8c:2d:69:58:1c:
-         02:48:fb:f4:cb:3e:f6:33:e5:3b:a3:32:ac:cc:57:d6:51:02:
-         51:d9:be:5f:b7:99:19:b3:42:61:19:8e:42:0c:0d:87:ae:99:
-         0c:0f:b5:f6:43:c9:31:d6:a4:ce:76:1e:69:09:0d:c7:8f:aa:
-         7b:82:44:2f:85:22:89:d7:1d:d0:cb:09:09:07:99:c8:95:2e:
-         0b:54:37:8e:80:b9:95:85:97:88:35:07:af:0d:b7:e3:d6:56:
-         ed:c6:18:25:aa:c3:a1:02:57:89:1b:6d:27:fd:71:4c:50:7b:
-         5d:de:86:d7:02:6b:24:38:bd:d3:d3:af:9d:4b:af:67:13:b4:
-         03:ef:dc:09:83:75:06:d3:d6:11:6c:b9:c9:8b:41:3a:cd:4e:
-         89:42:25:b1:15:6b:37:2d:05:a0:7f:c7:34:8f:12:7c:50:19:
-         c1:c7:99:0e:74:bd:46:c8:28:80:bb:bc:70:bb:3b:9a:95:94:
-         f2:fc:af:8a:d6:83:0c:50:20:e1:b9:70:ce:c7:75:8b:42:67:
-         31:58:3a:8c:3c:2e:58:5f:f7:65:84:7c:0f:24:ef:a2:99:9b:
-         ae:aa:00:c0:6d:34:b8:44:95:37:50:85:06:47:ba:59:b2:56:
-         4f:e5:71:e5:b5:00:cb:30:34:97:70:4e:80:cd:f8:ef:86:d0:
-         3a:4d:79:8b:ad:3c:51:08:5e:d3:17:54:91:e1:8d:09:f5:83:
-         a0:11:e6:df:77:bb:a1:b7:d1:31:8f:72:58:a4:db:01:fe:9b:
-         f0:ab:e1:b3:3c:60:60:f2:eb:e0:01:63:a8:ab:cf:84:21:d7:
-         87:8f:a0:ff:40:28:38:09:c3:2b:6d:cc:97:d2:57:39:3d:0c:
-         e5:c1:db:49:76:66:e5:49:ac:0e:42:d6:ed:cd:29:e9:5b:06:
-         41:15:eb:54:ef:c2:50:de:ec:40:fa:fc:09:70:6a:11:e2:fd:
-         15:09:a4:ce:19:56:f0:a0:2f:71:c6:dd:45:bf:1d:6d:69:f4:
-         16:de:b3:36:44:91:11:9f:d7:26:e7:fa:93:fc:1b:50:e6:0d:
-         d8:04:b6:83:64:25:41:15:a7:dc:fb:46:8d:8a:e2:44:c5:0a:
-         7b:1f:2a:54:55:8f:2d:25:52:8b:d6:bb:86:f4:f7:85:22:84:
-         47:f1:fb:a5:8c:eb:cc:36:dd:c8:4c:ec:ae:43:a0:71:47:eb:
-         10:2e:32:b1:92:56:3e:48
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/gen_server.sh
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/gen_server.sh
@ -1,62 +0,0 @@
-#!/bin/bash
-#
-# Create CA Intermediate
-# 
-# 
-# This function will generate a CA Intermediate
-# IN: UNIQ_ID_CA, SERIAL
-#
-PARAM1=$1
-PARAM2=$2
-
-usage() {
-  echo
-  echo "Generate a new certificate"
-  echo
-  echo "This program will generate a new certificate authority intermediate"
-  echo "Requires the file ca-i.pem that is used to sign the certificates"
-  echo "The script requires a CA Intermediate certificate used to sign the client"
-  echo ""
-  echo ""
-  echo ""
-  echo
-  echo "Generate a new certificate"
-  echo "  usage:   gen_server.sh  <CA Intermediate> <Org URL> <Serial>"
-  echo
-  echo "  example: gen_server.sh  ca_i_skunkworks.acme.xyz_10001.crt.pem \\"
-  echo "                          skunkworks.acme.xyz \\"
-  echo "                          10052 \\"
-  echo
-  exit 1
-}
-
-#
-# Generate a Server Certificate
-# IN: ${SERIAL}, ${UNIQ_ID}
-#
-generate_server() {
-  openssl genrsa -out "server_${UNIQ_ID}.keys.pem" 4096
-
-  openssl req -new -config $FQ_S_CNF -key "server_${UNIQ_ID}.keys.pem" \
-              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=${UNIQ_ID}" \
-              -out "server_${UNIQ_ID}.csr.pem"
-
-  # Intermediate signs Server
-  openssl x509 -req -days 365 -extfile $FQ_S_CNF -extensions v3_server \
-               -CA "ca_i_${UNIQ_ID_CA}.crt.pem" -CAkey "ca_i_${UNIQ_ID_CA}.keys.pem" -set_serial ${SERIAL} \
-               -in "server_${UNIQ_ID}.csr.pem" -out "server_${UNIQ_ID}.crt.pem"
-
-  # verify certificate (output to text file for review)
-  openssl x509 -noout -text -in "server_${UNIQ_ID}.crt.pem" > "server_${UNIQ_ID}.crt.info.txt" 
-}
-
-# if all argument strings are empty, then continue execution
-if [[ -n $1 ]] && [[ -n $2 ]] && [[ -n $3 ]]; then
-	UNIQ_ID_CA=$1
-	ORG_URL=$2
-	SERIAL=$3
-	UNIQ_ID="${ORG_URL}_${SERIAL}"
-	generate_server
-else
- usage
-fi
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/README
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/README
@ -0,0 +1,21 @@
+
+      ============================
+        CA Intermediate README
+          Version 3.1
+      ============================
+
+
+-------------
+  INTRO
+-------------
+
+This application will generate new client certificates. The certificates can be used with any
+VPN client service. The certificate chain is also included (CA certificate & CA-I certificate).
+
+
+-------------
+  USAGE
+-------------
+
+
+
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/data/ca_101.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/data/ca_101.skunkworks.acme.xyz.crt.pem
@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFZDCCA0ygAwIBAgIBZTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJPTzEN
+MAsGA1UECgwEQUNNRTElMCMGA1UEAwwccm9vdC4xMDEuc2t1bmt3b3Jrcy5hY21l
+Lnh5ejAeFw0xODA4MjUxODA2MTFaFw0yODA4MjIxODA2MTFaMEMxCzAJBgNVBAYT
+Ak9PMQ0wCwYDVQQKDARBQ01FMSUwIwYDVQQDDBxyb290LjEwMS5za3Vua3dvcmtz
+LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvIrPlS24
+lgzjr/cuHJHWUyDMLMI6aV68Olu01SuZi0yGRouTUe/XS3qIjXlkySzHUqCDw/mV
+092h1lKRTlYGRZ0fwcSRrYZlySOV9dc1+TxBSAggoWcAG/tEwJ+TZFstogfUi4T+
+06DTiAmkglJ17Yyauf/IJOEwPU8c9U6joNZvPd/Y4taTgnGwliy9BAaOGKAxptZg
+FWGKlXWJw8Ya6ciBYz07yCwwyVOanAYN0NJn9Pl2c4E7R8hSQ7zj8Jvc5o57ou8f
+I5Zdm217G2AxUnsD9KEuYtyKRKDb+DOvGkcvKlJxpx/BuU3QvhC0tw7RFPWIDBzV
+nXD5ApdZLZCweUvHLi7bgA88fJXN9oYrRduhIzRCIOjtmlB6JnAiMwaNQpWy4/+S
+ZqDlky89dw29hUfj701An0QdYMyxH+uUuqfKPWdQREBkP1ARH8WaHXzzyJpX5orj
+ShIsg93HlZ68ILgrY7NpnFah8BJPbJUnp4QDAzIITZ+SYPQA8TBuUwyI2GNPmaPH
+o7nhcb7lIX0BERhsGqZV8nK6RIcEAxwjcgQgR3jcnxnzI0/bsQRFFkS2NkG/Dm3a
+vCJi8NGTaOppGaGs05r012tK5hiNOCJ2vZdo4oUuQgBlk/TtodpwBIyPNPdtNP+X
+AFeElVeC2lkwwah7Tz2t1LrLm6ksencGs2UCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIjB85Zt9x66faSMH7k25V3J
+svQJMB8GA1UdIwQYMBaAFIjB85Zt9x66faSMH7k25V3JsvQJMA0GCSqGSIb3DQEB
+CwUAA4ICAQCeR/j04yiT+RT/IN5g+5tgQ3iIlKqR3Jc/OCWFAB52MQd/Ar1xK+mK
+LykCaMBVv2GLrwol17CChomjChdoap/NilHTBoL0vQ2BYeYfa6Y+rMz0O4p5hM0R
+4IvyOnvi58qW+4mD4AP0Aot+l38DruuyC5eziglz1LfwBuL+2amIFbSBWEssntEV
+tp6WhqgTFiDEFwBpS70ImeweekU6LTZOagA2haYMq3nKtfgZw9bOcNbdhxMqxAn0
+GnmRoGDjvmh6mExsqJsGylke5gh3xRHLtuku9tWYPrM8xQE6rsE3A9pM1h/Abgqt
+wfgQe4v+42btQ2bvuqXM6fwpDmGoIo5TGPiJf97XbQeYFSLmELka+KGekWX0Ol7h
+755yunWyx2yPMq4wwd9uho8QVDFEwivXwMgZ/3WZUVAMxNHXsulw3ajAx5lyF400
+96/a5AuGM6tPlsCmovQtCkTlra6vE2EBiX2r58msIebTsudjfbYr0JuAoetrTOIm
+L38fFEeD6WMQ16DY4KqtErTfu4n3XAVdROayW6hlJmonD7m2H6qbhDsyV0aThmz7
+LJD0tshhNRMJdnaDiiyaTt+0yiiWqkqHLF0pxbovVaqau86M9bMCnHQGRCOmPCRB
+Rzp4RHdQPa45fGBkxJfg38S2xA273RuRP2xXRQBwsqyy9r7ftV0chA==
+-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/data/ca_i_1001.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/data/ca_i_1001.skunkworks.acme.xyz.crt.pem
@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFgDCCA2igAwIBAgICA+kwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCT08x
+DTALBgNVBAoMBEFDTUUxJTAjBgNVBAMMHHJvb3QuMTAxLnNrdW5rd29ya3MuYWNt
+ZS54eXowHhcNMTgwODI1MTgwNjEzWhcNMjAwOTEzMTgwNjEzWjBbMQswCQYDVQQG
+EwJPTzENMAsGA1UECgwEQUNNRTEaMBgGA1UECwwRQUNNRSBJbnRlcm1lZGlhdGUx
+ITAfBgNVBAMMGDEwMDEuc2t1bmt3b3Jrcy5hY21lLnh5ejCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMB/26XCkATLPCrMuieRUyuD06O30YFrxVin1K46
+/Vpfzy35jmXHwOf9SkPqZDlT+rVo1cB62mysEDuJTVgzwp7ReO0VtTiYpyXF2bkx
+kEfugV8mrjTSUmqPz1lEy/2fQtODebkwJiyrutxZ//ZMpcd69s3i6HaNsSCQqtVC
+hicoD/rVcL3hv/fo9cyyoGM9TZR8m2zbgg0+eXGyWXlI585ST3C+kp0gsYEgUrWU
+7LxsbF2ntbz0wyoOciq0106KI+J8lfyTSuBRQQXQIcq4M5/24YzLz1WLzt8dCFFQ
+Oma7tvCNy+z8hTQkBk7Jir4ByDB4HeYEXv/IGtTnyekP+AE+x+KQ22AkFyn7URcr
+2Mkz04ahAPu2/YzKMTxWf+3RDGcpW2C/KoS2u0+YddoLKFEYar9g1RYXnGS/qUE7
+z9xrLGhupd8jI+0FPkZoTb89vBQIux0fqjN3zG+xJ8hcVaBDcGp3e8RL6grOXW+d
+39q5fbha4lV2/PERPt45lvFPDaNcdtB0h3YqKJ5tBi5QpDAMn0V+59Ux9EaqQL/R
+tUn6LO8SB34r/Vignb/RAXHjROiptHGBkiQQJsBsNpH2zRkBWe/WS+HebCq61bOy
+zmcnkE62saKqUv5WT2dVnYA00RcPINCE3TtFiN7olUnfumQsumRYbSuVRq+ORk84
+27uTAgMBAAGjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MB0GA1UdDgQWBBQLAZvP+qDe9PEdskSjByyu7knZDTAfBgNVHSMEGDAWgBSIwfOW
+bfceun2kjB+5NuVdybL0CTANBgkqhkiG9w0BAQsFAAOCAgEAMz+Z6RvWJJIDkrGe
+xqMrncJ1pyl7U6h2TocMAy/zPHdrRJYjyVGaUSXCqQxZlJOkZWWQ+tn1MuMp8u/+
+13br3UaJbtknTBjt998+MltzBCDvyGaIy6R8PFT5F8cHv674wrkaQf8sPvcBmq7O
+Ma+RCGTvDOR6EiXgjYu/laLWOvw2Qi38A6RqEUQ8hrGcG6kS1bwHOQC3/TrYXEMk
+1KLR9fU5f2/zdjraE0x4KhIgGoYl1akqJ7qLQVB8px4AiHtnSuKnnlAPXkaA26Zp
+pCobhaPTFtSdZnHsxCeZTVKPyuiRpoPGcO74xLw8QukBJT2Dnt4uZbGrkJFjb1Wf
+AoqXpFThhop7jPeozaQPtPmQK8NUre7n0X6rPCf0JCDHoWKuDuQRvQswpWuxuIEZ
+WEpax2xuMCjiBKqSAV+xG41s7pIFCcd+YD9X3sLFtmBDX6X1pke4OR7Ir0YsTR+r
+QBR3POZN08nFPwOhs/jObTnyMdStuHRX1xKMc6ShcZJ0m2MW9IWYmtFJ6eAr63MQ
+uYafsC6QyhO/nK2sJGV9DfV4CAwC8F+vG9l+aElER2Y4jZE/Gg2A6f9fwoQVkmqJ
+mN1tn1UnxZjn+S7736nP3OP86swnVe59hvbGPCS0q3Ytv9v7BVz6XylbnoNX0qEm
+ekoRJi5yAXKCkT5ECdqgxfSOaqg=
+-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/data/ca_i_1001.skunkworks.acme.xyz.csr.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/data/ca_i_1001.skunkworks.acme.xyz.csr.pem
@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEoDCCAogCAQAwWzELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxGjAYBgNV
+BAsMEUFDTUUgSW50ZXJtZWRpYXRlMSEwHwYDVQQDDBgxMDAxLnNrdW5rd29ya3Mu
+YWNtZS54eXowggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAf9ulwpAE
+yzwqzLonkVMrg9Ojt9GBa8VYp9SuOv1aX88t+Y5lx8Dn/UpD6mQ5U/q1aNXAetps
+rBA7iU1YM8Ke0XjtFbU4mKclxdm5MZBH7oFfJq400lJqj89ZRMv9n0LTg3m5MCYs
+q7rcWf/2TKXHevbN4uh2jbEgkKrVQoYnKA/61XC94b/36PXMsqBjPU2UfJts24IN
+Pnlxsll5SOfOUk9wvpKdILGBIFK1lOy8bGxdp7W89MMqDnIqtNdOiiPifJX8k0rg
+UUEF0CHKuDOf9uGMy89Vi87fHQhRUDpmu7bwjcvs/IU0JAZOyYq+AcgweB3mBF7/
+yBrU58npD/gBPsfikNtgJBcp+1EXK9jJM9OGoQD7tv2MyjE8Vn/t0QxnKVtgvyqE
+trtPmHXaCyhRGGq/YNUWF5xkv6lBO8/cayxobqXfIyPtBT5GaE2/PbwUCLsdH6oz
+d8xvsSfIXFWgQ3Bqd3vES+oKzl1vnd/auX24WuJVdvzxET7eOZbxTw2jXHbQdId2
+KiiebQYuUKQwDJ9FfufVMfRGqkC/0bVJ+izvEgd+K/1YoJ2/0QFx40ToqbRxgZIk
+ECbAbDaR9s0ZAVnv1kvh3mwqutWzss5nJ5BOtrGiqlL+Vk9nVZ2ANNEXDyDQhN07
+RYje6JVJ37pkLLpkWG0rlUavjkZPONu7kwIDAQABoAAwDQYJKoZIhvcNAQELBQAD
+ggIBAAKbGCLSg3eeO6TUSLBwmzy5FkoR2vrHVllayORuf1qbC17bURNezPawze+L
+4zuZoRPyBiimw0oGSEXgk6rOXA5t3le5RtHa1UfOvMHa7jz8Ivpefig9tQK6zzba
+bzKK9sSWBSNYqoZMYdlPOzAytruIAfF2TwZr/Np0ks4Jv5/fGqust3se95/tbxx8
+j6hLHlZePGiiG94vjbzeH1GOEf0MVuPyQ/AmhrMjV/XDO+0VbuUjhkR89Rj7mXND
+lAN0MVxE3rx4ORY4PH94ymhpYeHIAWIxVBIajCtuYK/KDRA4aGDrjv1K9kw+rlpn
+AckzQUbOkgpZrXCoya96zXSCzpaavkpKK3bA5SQ4RQU1cYNVHW0pOelOunlN28W8
+JjoUTZ9cyrCLDPqbSGprnukvgMdhakQ4fy4Be3wkboY6DeYsa8ooYfSkhZjDFR5f
+vJTZkuRp5Cp0u5OPcG7v84a/EcIvP7JqvEd+17BXZ1oCNCwnKOG9jizFayR1Diak
+xgAMdgytkO/CGxEDaO3ziWtJdLsBnTDiDGXGgqfrb5GXW0YyQ5Sf2VJJG/Dbe/67
+55ztnKMORYE6ZtsFbTsJGQyCcDIBlGuxAYRrzHThGrOhtGMLFntu+kYEu6FZeqBy
+/i7KtsN7LBcUubcVLzeILr6LFWulksDDYFUkcKFHIUnO0XjL
+-----END CERTIFICATE REQUEST-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/data/ca_i_1001.skunkworks.acme.xyz.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/data/ca_i_1001.skunkworks.acme.xyz.keys.pem
@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAwH/bpcKQBMs8Ksy6J5FTK4PTo7fRgWvFWKfUrjr9Wl/PLfmO
+ZcfA5/1KQ+pkOVP6tWjVwHrabKwQO4lNWDPCntF47RW1OJinJcXZuTGQR+6BXyau
+NNJSao/PWUTL/Z9C04N5uTAmLKu63Fn/9kylx3r2zeLodo2xIJCq1UKGJygP+tVw
+veG/9+j1zLKgYz1NlHybbNuCDT55cbJZeUjnzlJPcL6SnSCxgSBStZTsvGxsXae1
+vPTDKg5yKrTXTooj4nyV/JNK4FFBBdAhyrgzn/bhjMvPVYvO3x0IUVA6Zru28I3L
+7PyFNCQGTsmKvgHIMHgd5gRe/8ga1OfJ6Q/4AT7H4pDbYCQXKftRFyvYyTPThqEA
+7b9jMoxPFZ/7dEMZylbYL8qhLa7T5h12gsoURhqv2DVFhecZL+pQTvP3GssaG6l
+3yMj7QU+RmhNvz28FAi7HR+qM3fMb7EnyFxVoENwand7xEvqCs5db53f2rl9uFri
+VXb88RE+3jmW8U8No1x20HSHdioonm0GLlCkMAyfRX7n1TH0RqpAv9G1Sfos7xIH
+fiv9WKCdv9EBceNE6Km0cYGSJBAmwGw2kfbNGQFZ79ZL4d5sKrrVs7LOZyeQTrax
+oqpS/lZPZ1WdgDTRFw8g0ITdO0WI3uiVSd+6ZCy6ZFhtK5VGr45GTzjbu5MCAwEA
+AQKCAgAyXAChX8H/jw+hfsegfFNOygD/DqK/gesx404ven03PGNd+rB3Dgf4aPoZ
+xGMN4FtxRAjPfxRPY8AnYycZ0Qi0Nca193zeXokzx4vK+B1vxASSWPMwHGm1OQQc
+rXPUWOrJnNamTONfwllzNhRRYgHoqtGQUTFReoYBJ/eZLPsdmUx86YPCGSH4gDh1
+obF15N673tFmbBKc1mA9D1R690i1YDEqJKEEfD4TstoQaPJ55L+AzNQtp7a69OaH
+J6JACMGUidVPK1VmU7t4AtgkSYYv7g1ZoSQPlDC9i8HWS+/LWoZkbiQQToumdVo1
+GGK0jJDLpVDlEPWtYrMqSa03zJargAjzrPvCLXF8HotWY+cNesy5oLHH4qJw+jCJ
+45uKmVNPzk6AWP6mgvD8OtqDEg7GJGCRy56FNpjnrbgwE9YrHdrNE7LCsemIeLT0
+329moDj0xydjFXbtuQ8iaGkQANXmsxr9+f5up5Sr52cK08I4s0dp8KsLaKFtrxxm
+tWYacEm++cagjpj+CXkAbftLO7Y7Rd+a1PmcpWhHNpMf+IsUgDWpKvJtODDTZOW
+ES4tk9kakhFZKj6CoAshwb+4yPhIAt9vAFY6XsYdirISNv+K0XxEM0lTo77wnI3n
+e2iHjq7XZFHLM2r00vSBYr14wd/b2KenCbHCda8k5JszIzVo2QKCAQEA9HqNocfZ
+J+/saOFDpHD1iFoElLUUC5KAmdSJbGjOHk0Fs89KZXMBwBkUz/Phyrqd8X3hZmvc
+SzlM9q/kiNzHSNBu6Lv41NaQQ6Gjc8NaFau94csbWvM9SRWADx7W8THTKbVtNd28
+26wftI0aarRfU3HkgYC9fKnCB45oXaDPNBQdjBpbmfAgW33EpvRqiTdhNbj6zCWh
+PNGv8ekMvbeFsCbazJ8+WRxE8o7bQKoiCClubV3+G518mwrBhLcIczvkNRIt/0BN
+sCYjnVrI/1GPoiUj4iayzwTlDbrUhBfl8hk4hgO0aecwxciatKHIIJ0/yT0ajbT8
+wJ8xMMiyNFVr5QKCAQEAyZI3BvH5T+yBtDCm+EflzH//LrFH7TOJyHJCPUgzUfaQ
+wLj5+Sey9ZDvuaPKZ0/34Rwq24NbvGD38RyiHXO3xHTd0VmQ8pMlclHC8pDI7ya7
+1XBp+jLzIvsIEU/n9+pG9MPEi/weEwjnh/bK96MqcpoTi6nFbx8NpJ3t2E9BZYEP
+PggOwzHuwdflh9YGiikvehB7ARWVaHMeYVStmHQFW5xTK3b+92jUwO7mZ2UzqjYn
+XQ3Cy4JqWYE0RWjz65Ba/YhWcQAKit8KbsmqrIiBj2+2DtPJ5liAKzt6FldBfWhq
+9rFmvpuNfn3ruvax2b4MPJ2HpdOrYeHK2Q/mmAZCFwKCAQEAqHEv2EF7ixqxRem+
+0zPI1/M9qL/CWd7MoDBhpsHnEdV7klHGLnO4xwQA5O5hqW4+mD5k6E50b5fBQU4b
+JXkIDVEeuVeZr/tNVmut1HrKPJghscpgxJ9GoG4h10kmSvRLSzdnUW+/SZMkHSAD
+DXXNIA8eo2NyKsxDlTU3DxtW58jcOsWGS1+4y5Cxx14rcPMpFPyoP7PFjcPjd8dc
+MfKaN63tnoIxUPA7SOvIgJs362uwW8Yg6CHv0lrszmXVep/PMgmei3lgjXcZnrcI
+OXGWht8UBCMpm50BvB33gjN9CPr7iMpQqY7SedMnVEELQ/1UD3D8NJp4cra8C6Kb
+tZcNSQKCAQAZF2heJvTf7BLhOUUvltOWN0CusUbA0i+OkhqIwloRE95E/0GusDBo
+vRf6RddGMQAsN3NmS925f2Cd1PChNexkOh/6lWmjqIl6x4663ycEDhBHq2ylxn3Z
+luIUNZwski8u/MeUnVepCuy3UhNF7Du2dFOGiSWYhYcPPNGEoakEV6JsGFiuF6Me
+4h8iX5QE0sekLDUDl4o3rEzV1NKfLaIVG0qHGJL4fUYulg58RG6/+2m+/Z2H874F
+Uj4NfdkPM7L/6F7KRjUJwGXuEJB8Vam7Dy7cfaSeVdnuh8LU0RvH3p2iA8dEZtyg
+KFCVv2u4LR4c1YczLzwgPRkhGAeeWPkVAoIBAQCSeqwSv5oA0XqfShS9DWtYXocI
+ArsIHBsqYpwUgMAqO+A5JVd0WKx7/WNFADshCLrMOUaOBE/hr1jboL6cQCqCRoHC
+A8KRN0IFv8001kA90/hWOiReA47uKNRsj/F8z5DQfkeFpPkFuntH+7iotJ0K077g
+2oRVV56TL6vg3NvqE4sxvG2JOy9u7kXCquv7NJxRlQQRoEtCq0jE/pOAQGZR2bJn
+yclTiVw2CsM+ojyfP7i+0BbSl+xIvGPZ8VBcsue8pMs6U0qHBx8Gp4w06P1pAF48
+NwFa2ODTO1zXRtjWsISurGPUV9eYyotPM6X12oF97qow+QOyITDge78MjeyR
+-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/distro/ca_cert-chain_1001.skunkworks.acme.xyz.crts.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/distro/ca_cert-chain_1001.skunkworks.acme.xyz.crts.pem
@ -0,0 +1,63 @@
+-----BEGIN CERTIFICATE-----
+MIIFZDCCA0ygAwIBAgIBZTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJPTzEN
+MAsGA1UECgwEQUNNRTElMCMGA1UEAwwccm9vdC4xMDEuc2t1bmt3b3Jrcy5hY21l
+Lnh5ejAeFw0xODA4MjUxODA2MTFaFw0yODA4MjIxODA2MTFaMEMxCzAJBgNVBAYT
+Ak9PMQ0wCwYDVQQKDARBQ01FMSUwIwYDVQQDDBxyb290LjEwMS5za3Vua3dvcmtz
+LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvIrPlS24
+lgzjr/cuHJHWUyDMLMI6aV68Olu01SuZi0yGRouTUe/XS3qIjXlkySzHUqCDw/mV
+092h1lKRTlYGRZ0fwcSRrYZlySOV9dc1+TxBSAggoWcAG/tEwJ+TZFstogfUi4T+
+06DTiAmkglJ17Yyauf/IJOEwPU8c9U6joNZvPd/Y4taTgnGwliy9BAaOGKAxptZg
+FWGKlXWJw8Ya6ciBYz07yCwwyVOanAYN0NJn9Pl2c4E7R8hSQ7zj8Jvc5o57ou8f
+I5Zdm217G2AxUnsD9KEuYtyKRKDb+DOvGkcvKlJxpx/BuU3QvhC0tw7RFPWIDBzV
+nXD5ApdZLZCweUvHLi7bgA88fJXN9oYrRduhIzRCIOjtmlB6JnAiMwaNQpWy4/+S
+ZqDlky89dw29hUfj701An0QdYMyxH+uUuqfKPWdQREBkP1ARH8WaHXzzyJpX5orj
+ShIsg93HlZ68ILgrY7NpnFah8BJPbJUnp4QDAzIITZ+SYPQA8TBuUwyI2GNPmaPH
+o7nhcb7lIX0BERhsGqZV8nK6RIcEAxwjcgQgR3jcnxnzI0/bsQRFFkS2NkG/Dm3a
+vCJi8NGTaOppGaGs05r012tK5hiNOCJ2vZdo4oUuQgBlk/TtodpwBIyPNPdtNP+X
+AFeElVeC2lkwwah7Tz2t1LrLm6ksencGs2UCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIjB85Zt9x66faSMH7k25V3J
+svQJMB8GA1UdIwQYMBaAFIjB85Zt9x66faSMH7k25V3JsvQJMA0GCSqGSIb3DQEB
+CwUAA4ICAQCeR/j04yiT+RT/IN5g+5tgQ3iIlKqR3Jc/OCWFAB52MQd/Ar1xK+mK
+LykCaMBVv2GLrwol17CChomjChdoap/NilHTBoL0vQ2BYeYfa6Y+rMz0O4p5hM0R
+4IvyOnvi58qW+4mD4AP0Aot+l38DruuyC5eziglz1LfwBuL+2amIFbSBWEssntEV
+tp6WhqgTFiDEFwBpS70ImeweekU6LTZOagA2haYMq3nKtfgZw9bOcNbdhxMqxAn0
+GnmRoGDjvmh6mExsqJsGylke5gh3xRHLtuku9tWYPrM8xQE6rsE3A9pM1h/Abgqt
+wfgQe4v+42btQ2bvuqXM6fwpDmGoIo5TGPiJf97XbQeYFSLmELka+KGekWX0Ol7h
+755yunWyx2yPMq4wwd9uho8QVDFEwivXwMgZ/3WZUVAMxNHXsulw3ajAx5lyF400
+96/a5AuGM6tPlsCmovQtCkTlra6vE2EBiX2r58msIebTsudjfbYr0JuAoetrTOIm
+L38fFEeD6WMQ16DY4KqtErTfu4n3XAVdROayW6hlJmonD7m2H6qbhDsyV0aThmz7
+LJD0tshhNRMJdnaDiiyaTt+0yiiWqkqHLF0pxbovVaqau86M9bMCnHQGRCOmPCRB
+Rzp4RHdQPa45fGBkxJfg38S2xA273RuRP2xXRQBwsqyy9r7ftV0chA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFgDCCA2igAwIBAgICA+kwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCT08x
+DTALBgNVBAoMBEFDTUUxJTAjBgNVBAMMHHJvb3QuMTAxLnNrdW5rd29ya3MuYWNt
+ZS54eXowHhcNMTgwODI1MTgwNjEzWhcNMjAwOTEzMTgwNjEzWjBbMQswCQYDVQQG
+EwJPTzENMAsGA1UECgwEQUNNRTEaMBgGA1UECwwRQUNNRSBJbnRlcm1lZGlhdGUx
+ITAfBgNVBAMMGDEwMDEuc2t1bmt3b3Jrcy5hY21lLnh5ejCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMB/26XCkATLPCrMuieRUyuD06O30YFrxVin1K46
+/Vpfzy35jmXHwOf9SkPqZDlT+rVo1cB62mysEDuJTVgzwp7ReO0VtTiYpyXF2bkx
+kEfugV8mrjTSUmqPz1lEy/2fQtODebkwJiyrutxZ//ZMpcd69s3i6HaNsSCQqtVC
+hicoD/rVcL3hv/fo9cyyoGM9TZR8m2zbgg0+eXGyWXlI585ST3C+kp0gsYEgUrWU
+7LxsbF2ntbz0wyoOciq0106KI+J8lfyTSuBRQQXQIcq4M5/24YzLz1WLzt8dCFFQ
+Oma7tvCNy+z8hTQkBk7Jir4ByDB4HeYEXv/IGtTnyekP+AE+x+KQ22AkFyn7URcr
+2Mkz04ahAPu2/YzKMTxWf+3RDGcpW2C/KoS2u0+YddoLKFEYar9g1RYXnGS/qUE7
+z9xrLGhupd8jI+0FPkZoTb89vBQIux0fqjN3zG+xJ8hcVaBDcGp3e8RL6grOXW+d
+39q5fbha4lV2/PERPt45lvFPDaNcdtB0h3YqKJ5tBi5QpDAMn0V+59Ux9EaqQL/R
+tUn6LO8SB34r/Vignb/RAXHjROiptHGBkiQQJsBsNpH2zRkBWe/WS+HebCq61bOy
+zmcnkE62saKqUv5WT2dVnYA00RcPINCE3TtFiN7olUnfumQsumRYbSuVRq+ORk84
+27uTAgMBAAGjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MB0GA1UdDgQWBBQLAZvP+qDe9PEdskSjByyu7knZDTAfBgNVHSMEGDAWgBSIwfOW
+bfceun2kjB+5NuVdybL0CTANBgkqhkiG9w0BAQsFAAOCAgEAMz+Z6RvWJJIDkrGe
+xqMrncJ1pyl7U6h2TocMAy/zPHdrRJYjyVGaUSXCqQxZlJOkZWWQ+tn1MuMp8u/+
+13br3UaJbtknTBjt998+MltzBCDvyGaIy6R8PFT5F8cHv674wrkaQf8sPvcBmq7O
+Ma+RCGTvDOR6EiXgjYu/laLWOvw2Qi38A6RqEUQ8hrGcG6kS1bwHOQC3/TrYXEMk
+1KLR9fU5f2/zdjraE0x4KhIgGoYl1akqJ7qLQVB8px4AiHtnSuKnnlAPXkaA26Zp
+pCobhaPTFtSdZnHsxCeZTVKPyuiRpoPGcO74xLw8QukBJT2Dnt4uZbGrkJFjb1Wf
+AoqXpFThhop7jPeozaQPtPmQK8NUre7n0X6rPCf0JCDHoWKuDuQRvQswpWuxuIEZ
+WEpax2xuMCjiBKqSAV+xG41s7pIFCcd+YD9X3sLFtmBDX6X1pke4OR7Ir0YsTR+r
+QBR3POZN08nFPwOhs/jObTnyMdStuHRX1xKMc6ShcZJ0m2MW9IWYmtFJ6eAr63MQ
+uYafsC6QyhO/nK2sJGV9DfV4CAwC8F+vG9l+aElER2Y4jZE/Gg2A6f9fwoQVkmqJ
+mN1tn1UnxZjn+S7736nP3OP86swnVe59hvbGPCS0q3Ytv9v7BVz6XylbnoNX0qEm
+ekoRJi5yAXKCkT5ECdqgxfSOaqg=
+-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/distro/ca_i_1001.skunkworks.acme.xyz.p12
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/distro/ca_i_1001.skunkworks.acme.xyz.p12
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/docs/ca_101.skunkworks.acme.xyz_cert.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/docs/ca_101.skunkworks.acme.xyz_cert.info.txt
@ -0,0 +1,90 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 101 (0x65)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=OO, O=ACME, CN=root.101.skunkworks.acme.xyz
+        Validity
+            Not Before: Aug 25 18:06:11 2018 GMT
+            Not After : Aug 22 18:06:11 2028 GMT
+        Subject: C=OO, O=ACME, CN=root.101.skunkworks.acme.xyz
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:bc:8a:cf:95:2d:b8:96:0c:e3:af:f7:2e:1c:91:
+                    d6:53:20:cc:2c:c2:3a:69:5e:bc:3a:5b:b4:d5:2b:
+                    99:8b:4c:86:46:8b:93:51:ef:d7:4b:7a:88:8d:79:
+                    64:c9:2c:c7:52:a0:83:c3:f9:95:d3:dd:a1:d6:52:
+                    91:4e:56:06:45:9d:1f:c1:c4:91:ad:86:65:c9:23:
+                    95:f5:d7:35:f9:3c:41:48:08:20:a1:67:00:1b:fb:
+                    44:c0:9f:93:64:5b:2d:a2:07:d4:8b:84:fe:d3:a0:
+                    d3:88:09:a4:82:52:75:ed:8c:9a:b9:ff:c8:24:e1:
+                    30:3d:4f:1c:f5:4e:a3:a0:d6:6f:3d:df:d8:e2:d6:
+                    93:82:71:b0:96:2c:bd:04:06:8e:18:a0:31:a6:d6:
+                    60:15:61:8a:95:75:89:c3:c6:1a:e9:c8:81:63:3d:
+                    3b:c8:2c:30:c9:53:9a:9c:06:0d:d0:d2:67:f4:f9:
+                    76:73:81:3b:47:c8:52:43:bc:e3:f0:9b:dc:e6:8e:
+                    7b:a2:ef:1f:23:96:5d:9b:6d:7b:1b:60:31:52:7b:
+                    03:f4:a1:2e:62:dc:8a:44:a0:db:f8:33:af:1a:47:
+                    2f:2a:52:71:a7:1f:c1:b9:4d:d0:be:10:b4:b7:0e:
+                    d1:14:f5:88:0c:1c:d5:9d:70:f9:02:97:59:2d:90:
+                    b0:79:4b:c7:2e:2e:db:80:0f:3c:7c:95:cd:f6:86:
+                    2b:45:db:a1:23:34:42:20:e8:ed:9a:50:7a:26:70:
+                    22:33:06:8d:42:95:b2:e3:ff:92:66:a0:e5:93:2f:
+                    3d:77:0d:bd:85:47:e3:ef:4d:40:9f:44:1d:60:cc:
+                    b1:1f:eb:94:ba:a7:ca:3d:67:50:44:40:64:3f:50:
+                    11:1f:c5:9a:1d:7c:f3:c8:9a:57:e6:8a:e3:4a:12:
+                    2c:83:dd:c7:95:9e:bc:20:b8:2b:63:b3:69:9c:56:
+                    a1:f0:12:4f:6c:95:27:a7:84:03:03:32:08:4d:9f:
+                    92:60:f4:00:f1:30:6e:53:0c:88:d8:63:4f:99:a3:
+                    c7:a3:b9:e1:71:be:e5:21:7d:01:11:18:6c:1a:a6:
+                    55:f2:72:ba:44:87:04:03:1c:23:72:04:20:47:78:
+                    dc:9f:19:f3:23:4f:db:b1:04:45:16:44:b6:36:41:
+                    bf:0e:6d:da:bc:22:62:f0:d1:93:68:ea:69:19:a1:
+                    ac:d3:9a:f4:d7:6b:4a:e6:18:8d:38:22:76:bd:97:
+                    68:e2:85:2e:42:00:65:93:f4:ed:a1:da:70:04:8c:
+                    8f:34:f7:6d:34:ff:97:00:57:84:95:57:82:da:59:
+                    30:c1:a8:7b:4f:3d:ad:d4:ba:cb:9b:a9:2c:7a:77:
+                    06:b3:65
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                88:C1:F3:96:6D:F7:1E:BA:7D:A4:8C:1F:B9:36:E5:5D:C9:B2:F4:09
+            X509v3 Authority Key Identifier: 
+                keyid:88:C1:F3:96:6D:F7:1E:BA:7D:A4:8C:1F:B9:36:E5:5D:C9:B2:F4:09
+
+    Signature Algorithm: sha256WithRSAEncryption
+         9e:47:f8:f4:e3:28:93:f9:14:ff:20:de:60:fb:9b:60:43:78:
+         88:94:aa:91:dc:97:3f:38:25:85:00:1e:76:31:07:7f:02:bd:
+         71:2b:e9:8a:2f:29:02:68:c0:55:bf:61:8b:af:0a:25:d7:b0:
+         82:86:89:a3:0a:17:68:6a:9f:cd:8a:51:d3:06:82:f4:bd:0d:
+         81:61:e6:1f:6b:a6:3e:ac:cc:f4:3b:8a:79:84:cd:11:e0:8b:
+         f2:3a:7b:e2:e7:ca:96:fb:89:83:e0:03:f4:02:8b:7e:97:7f:
+         03:ae:eb:b2:0b:97:b3:8a:09:73:d4:b7:f0:06:e2:fe:d9:a9:
+         88:15:b4:81:58:4b:2c:9e:d1:15:b6:9e:96:86:a8:13:16:20:
+         c4:17:00:69:4b:bd:08:99:ec:1e:7a:45:3a:2d:36:4e:6a:00:
+         36:85:a6:0c:ab:79:ca:b5:f8:19:c3:d6:ce:70:d6:dd:87:13:
+         2a:c4:09:f4:1a:79:91:a0:60:e3:be:68:7a:98:4c:6c:a8:9b:
+         06:ca:59:1e:e6:08:77:c5:11:cb:b6:e9:2e:f6:d5:98:3e:b3:
+         3c:c5:01:3a:ae:c1:37:03:da:4c:d6:1f:c0:6e:0a:ad:c1:f8:
+         10:7b:8b:fe:e3:66:ed:43:66:ef:ba:a5:cc:e9:fc:29:0e:61:
+         a8:22:8e:53:18:f8:89:7f:de:d7:6d:07:98:15:22:e6:10:b9:
+         1a:f8:a1:9e:91:65:f4:3a:5e:e1:ef:9e:72:ba:75:b2:c7:6c:
+         8f:32:ae:30:c1:df:6e:86:8f:10:54:31:44:c2:2b:d7:c0:c8:
+         19:ff:75:99:51:50:0c:c4:d1:d7:b2:e9:70:dd:a8:c0:c7:99:
+         72:17:8d:34:f7:af:da:e4:0b:86:33:ab:4f:96:c0:a6:a2:f4:
+         2d:0a:44:e5:ad:ae:af:13:61:01:89:7d:ab:e7:c9:ac:21:e6:
+         d3:b2:e7:63:7d:b6:2b:d0:9b:80:a1:eb:6b:4c:e2:26:2f:7f:
+         1f:14:47:83:e9:63:10:d7:a0:d8:e0:aa:ad:12:b4:df:bb:89:
+         f7:5c:05:5d:44:e6:b2:5b:a8:65:26:6a:27:0f:b9:b6:1f:aa:
+         9b:84:3b:32:57:46:93:86:6c:fb:2c:90:f4:b6:c8:61:35:13:
+         09:76:76:83:8a:2c:9a:4e:df:b4:ca:28:96:aa:4a:87:2c:5d:
+         29:c5:ba:2f:55:aa:9a:bb:ce:8c:f5:b3:02:9c:74:06:44:23:
+         a6:3c:24:41:47:3a:78:44:77:50:3d:ae:39:7c:60:64:c4:97:
+         e0:df:c4:b6:c4:0d:bb:dd:1b:91:3f:6c:57:45:00:70:b2:ac:
+         b2:f6:be:df:b5:5d:1c:84
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/docs/ca_i_1001.skunkworks.acme.xyz.crt.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/ca-i/docs/ca_i_1001.skunkworks.acme.xyz.crt.info.txt
@ -0,0 +1,90 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1001 (0x3e9)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=OO, O=ACME, CN=root.101.skunkworks.acme.xyz
+        Validity
+            Not Before: Aug 25 18:06:13 2018 GMT
+            Not After : Sep 13 18:06:13 2020 GMT
+        Subject: C=OO, O=ACME, OU=ACME Intermediate, CN=1001.skunkworks.acme.xyz
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c0:7f:db:a5:c2:90:04:cb:3c:2a:cc:ba:27:91:
+                    53:2b:83:d3:a3:b7:d1:81:6b:c5:58:a7:d4:ae:3a:
+                    fd:5a:5f:cf:2d:f9:8e:65:c7:c0:e7:fd:4a:43:ea:
+                    64:39:53:fa:b5:68:d5:c0:7a:da:6c:ac:10:3b:89:
+                    4d:58:33:c2:9e:d1:78:ed:15:b5:38:98:a7:25:c5:
+                    d9:b9:31:90:47:ee:81:5f:26:ae:34:d2:52:6a:8f:
+                    cf:59:44:cb:fd:9f:42:d3:83:79:b9:30:26:2c:ab:
+                    ba:dc:59:ff:f6:4c:a5:c7:7a:f6:cd:e2:e8:76:8d:
+                    b1:20:90:aa:d5:42:86:27:28:0f:fa:d5:70:bd:e1:
+                    bf:f7:e8:f5:cc:b2:a0:63:3d:4d:94:7c:9b:6c:db:
+                    82:0d:3e:79:71:b2:59:79:48:e7:ce:52:4f:70:be:
+                    92:9d:20:b1:81:20:52:b5:94:ec:bc:6c:6c:5d:a7:
+                    b5:bc:f4:c3:2a:0e:72:2a:b4:d7:4e:8a:23:e2:7c:
+                    95:fc:93:4a:e0:51:41:05:d0:21:ca:b8:33:9f:f6:
+                    e1:8c:cb:cf:55:8b:ce:df:1d:08:51:50:3a:66:bb:
+                    b6:f0:8d:cb:ec:fc:85:34:24:06:4e:c9:8a:be:01:
+                    c8:30:78:1d:e6:04:5e:ff:c8:1a:d4:e7:c9:e9:0f:
+                    f8:01:3e:c7:e2:90:db:60:24:17:29:fb:51:17:2b:
+                    d8:c9:33:d3:86:a1:00:fb:b6:fd:8c:ca:31:3c:56:
+                    7f:ed:d1:0c:67:29:5b:60:bf:2a:84:b6:bb:4f:98:
+                    75:da:0b:28:51:18:6a:bf:60:d5:16:17:9c:64:bf:
+                    a9:41:3b:cf:dc:6b:2c:68:6e:a5:df:23:23:ed:05:
+                    3e:46:68:4d:bf:3d:bc:14:08:bb:1d:1f:aa:33:77:
+                    cc:6f:b1:27:c8:5c:55:a0:43:70:6a:77:7b:c4:4b:
+                    ea:0a:ce:5d:6f:9d:df:da:b9:7d:b8:5a:e2:55:76:
+                    fc:f1:11:3e:de:39:96:f1:4f:0d:a3:5c:76:d0:74:
+                    87:76:2a:28:9e:6d:06:2e:50:a4:30:0c:9f:45:7e:
+                    e7:d5:31:f4:46:aa:40:bf:d1:b5:49:fa:2c:ef:12:
+                    07:7e:2b:fd:58:a0:9d:bf:d1:01:71:e3:44:e8:a9:
+                    b4:71:81:92:24:10:26:c0:6c:36:91:f6:cd:19:01:
+                    59:ef:d6:4b:e1:de:6c:2a:ba:d5:b3:b2:ce:67:27:
+                    90:4e:b6:b1:a2:aa:52:fe:56:4f:67:55:9d:80:34:
+                    d1:17:0f:20:d0:84:dd:3b:45:88:de:e8:95:49:df:
+                    ba:64:2c:ba:64:58:6d:2b:95:46:af:8e:46:4f:38:
+                    db:bb:93
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:0
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                0B:01:9B:CF:FA:A0:DE:F4:F1:1D:B2:44:A3:07:2C:AE:EE:49:D9:0D
+            X509v3 Authority Key Identifier: 
+                keyid:88:C1:F3:96:6D:F7:1E:BA:7D:A4:8C:1F:B9:36:E5:5D:C9:B2:F4:09
+
+    Signature Algorithm: sha256WithRSAEncryption
+         33:3f:99:e9:1b:d6:24:92:03:92:b1:9e:c6:a3:2b:9d:c2:75:
+         a7:29:7b:53:a8:76:4e:87:0c:03:2f:f3:3c:77:6b:44:96:23:
+         c9:51:9a:51:25:c2:a9:0c:59:94:93:a4:65:65:90:fa:d9:f5:
+         32:e3:29:f2:ef:fe:d7:76:eb:dd:46:89:6e:d9:27:4c:18:ed:
+         f7:df:3e:32:5b:73:04:20:ef:c8:66:88:cb:a4:7c:3c:54:f9:
+         17:c7:07:bf:ae:f8:c2:b9:1a:41:ff:2c:3e:f7:01:9a:ae:ce:
+         31:af:91:08:64:ef:0c:e4:7a:12:25:e0:8d:8b:bf:95:a2:d6:
+         3a:fc:36:42:2d:fc:03:a4:6a:11:44:3c:86:b1:9c:1b:a9:12:
+         d5:bc:07:39:00:b7:fd:3a:d8:5c:43:24:d4:a2:d1:f5:f5:39:
+         7f:6f:f3:76:3a:da:13:4c:78:2a:12:20:1a:86:25:d5:a9:2a:
+         27:ba:8b:41:50:7c:a7:1e:00:88:7b:67:4a:e2:a7:9e:50:0f:
+         5e:46:80:db:a6:69:a4:2a:1b:85:a3:d3:16:d4:9d:66:71:ec:
+         c4:27:99:4d:52:8f:ca:e8:91:a6:83:c6:70:ee:f8:c4:bc:3c:
+         42:e9:01:25:3d:83:9e:de:2e:65:b1:ab:90:91:63:6f:55:9f:
+         02:8a:97:a4:54:e1:86:8a:7b:8c:f7:a8:cd:a4:0f:b4:f9:90:
+         2b:c3:54:ad:ee:e7:d1:7e:ab:3c:27:f4:24:20:c7:a1:62:ae:
+         0e:e4:11:bd:0b:30:a5:6b:b1:b8:81:19:58:4a:5a:c7:6c:6e:
+         30:28:e2:04:aa:92:01:5f:b1:1b:8d:6c:ee:92:05:09:c7:7e:
+         60:3f:57:de:c2:c5:b6:60:43:5f:a5:f5:a6:47:b8:39:1e:c8:
+         af:46:2c:4d:1f:ab:40:14:77:3c:e6:4d:d3:c9:c5:3f:03:a1:
+         b3:f8:ce:6d:39:f2:31:d4:ad:b8:74:57:d7:12:8c:73:a4:a1:
+         71:92:74:9b:63:16:f4:85:98:9a:d1:49:e9:e0:2b:eb:73:10:
+         b9:86:9f:b0:2e:90:ca:13:bf:9c:ad:ac:24:65:7d:0d:f5:78:
+         08:0c:02:f0:5f:af:1b:d9:7e:68:49:44:47:66:38:8d:91:3f:
+         1a:0d:80:e9:ff:5f:c2:84:15:92:6a:89:98:dd:6d:9f:55:27:
+         c5:98:e7:f9:2e:fb:df:a9:cf:dc:e3:fc:ea:cc:27:55:ee:7d:
+         86:f6:c6:3c:24:b4:ab:76:2d:bf:db:fb:05:5c:fa:5f:29:5b:
+         9e:83:57:d2:a1:26:7a:4a:11:26:2e:72:01:72:82:91:3e:44:
+         09:da:a0:c5:f4:8e:6a:a8
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/README
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/README
@ -0,0 +1,22 @@
+
+      ============================
+        CLIENT GENERATION
+          Version 3.1
+      ============================
+
+
+-------------
+  INTRO
+-------------
+
+This application will generate new client certificates. The certificates can be used with any
+VPN client service. The certificate chain is also included (CA certificate & CA-I certificate).
+
+
+-------------
+  USAGE
+-------------
+
+./ gen_client.sh  
+
+
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/cfg/SERIAL
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/cfg/SERIAL
@ -0,0 +1 @@
+1001
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/cfg/ca-i.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/cfg/ca-i.crt.pem
@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFgDCCA2igAwIBAgICA+kwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCT08x
+DTALBgNVBAoMBEFDTUUxJTAjBgNVBAMMHHJvb3QuMTAxLnNrdW5rd29ya3MuYWNt
+ZS54eXowHhcNMTgwODI1MTgwNjEzWhcNMjAwOTEzMTgwNjEzWjBbMQswCQYDVQQG
+EwJPTzENMAsGA1UECgwEQUNNRTEaMBgGA1UECwwRQUNNRSBJbnRlcm1lZGlhdGUx
+ITAfBgNVBAMMGDEwMDEuc2t1bmt3b3Jrcy5hY21lLnh5ejCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMB/26XCkATLPCrMuieRUyuD06O30YFrxVin1K46
+/Vpfzy35jmXHwOf9SkPqZDlT+rVo1cB62mysEDuJTVgzwp7ReO0VtTiYpyXF2bkx
+kEfugV8mrjTSUmqPz1lEy/2fQtODebkwJiyrutxZ//ZMpcd69s3i6HaNsSCQqtVC
+hicoD/rVcL3hv/fo9cyyoGM9TZR8m2zbgg0+eXGyWXlI585ST3C+kp0gsYEgUrWU
+7LxsbF2ntbz0wyoOciq0106KI+J8lfyTSuBRQQXQIcq4M5/24YzLz1WLzt8dCFFQ
+Oma7tvCNy+z8hTQkBk7Jir4ByDB4HeYEXv/IGtTnyekP+AE+x+KQ22AkFyn7URcr
+2Mkz04ahAPu2/YzKMTxWf+3RDGcpW2C/KoS2u0+YddoLKFEYar9g1RYXnGS/qUE7
+z9xrLGhupd8jI+0FPkZoTb89vBQIux0fqjN3zG+xJ8hcVaBDcGp3e8RL6grOXW+d
+39q5fbha4lV2/PERPt45lvFPDaNcdtB0h3YqKJ5tBi5QpDAMn0V+59Ux9EaqQL/R
+tUn6LO8SB34r/Vignb/RAXHjROiptHGBkiQQJsBsNpH2zRkBWe/WS+HebCq61bOy
+zmcnkE62saKqUv5WT2dVnYA00RcPINCE3TtFiN7olUnfumQsumRYbSuVRq+ORk84
+27uTAgMBAAGjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MB0GA1UdDgQWBBQLAZvP+qDe9PEdskSjByyu7knZDTAfBgNVHSMEGDAWgBSIwfOW
+bfceun2kjB+5NuVdybL0CTANBgkqhkiG9w0BAQsFAAOCAgEAMz+Z6RvWJJIDkrGe
+xqMrncJ1pyl7U6h2TocMAy/zPHdrRJYjyVGaUSXCqQxZlJOkZWWQ+tn1MuMp8u/+
+13br3UaJbtknTBjt998+MltzBCDvyGaIy6R8PFT5F8cHv674wrkaQf8sPvcBmq7O
+Ma+RCGTvDOR6EiXgjYu/laLWOvw2Qi38A6RqEUQ8hrGcG6kS1bwHOQC3/TrYXEMk
+1KLR9fU5f2/zdjraE0x4KhIgGoYl1akqJ7qLQVB8px4AiHtnSuKnnlAPXkaA26Zp
+pCobhaPTFtSdZnHsxCeZTVKPyuiRpoPGcO74xLw8QukBJT2Dnt4uZbGrkJFjb1Wf
+AoqXpFThhop7jPeozaQPtPmQK8NUre7n0X6rPCf0JCDHoWKuDuQRvQswpWuxuIEZ
+WEpax2xuMCjiBKqSAV+xG41s7pIFCcd+YD9X3sLFtmBDX6X1pke4OR7Ir0YsTR+r
+QBR3POZN08nFPwOhs/jObTnyMdStuHRX1xKMc6ShcZJ0m2MW9IWYmtFJ6eAr63MQ
+uYafsC6QyhO/nK2sJGV9DfV4CAwC8F+vG9l+aElER2Y4jZE/Gg2A6f9fwoQVkmqJ
+mN1tn1UnxZjn+S7736nP3OP86swnVe59hvbGPCS0q3Ytv9v7BVz6XylbnoNX0qEm
+ekoRJi5yAXKCkT5ECdqgxfSOaqg=
+-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/cfg/ca-i.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/cfg/ca-i.keys.pem
@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAwH/bpcKQBMs8Ksy6J5FTK4PTo7fRgWvFWKfUrjr9Wl/PLfmO
+ZcfA5/1KQ+pkOVP6tWjVwHrabKwQO4lNWDPCntF47RW1OJinJcXZuTGQR+6BXyau
+NNJSao/PWUTL/Z9C04N5uTAmLKu63Fn/9kylx3r2zeLodo2xIJCq1UKGJygP+tVw
+veG/9+j1zLKgYz1NlHybbNuCDT55cbJZeUjnzlJPcL6SnSCxgSBStZTsvGxsXae1
+vPTDKg5yKrTXTooj4nyV/JNK4FFBBdAhyrgzn/bhjMvPVYvO3x0IUVA6Zru28I3L
+7PyFNCQGTsmKvgHIMHgd5gRe/8ga1OfJ6Q/4AT7H4pDbYCQXKftRFyvYyTPThqEA
+7b9jMoxPFZ/7dEMZylbYL8qhLa7T5h12gsoURhqv2DVFhecZL+pQTvP3GssaG6l
+3yMj7QU+RmhNvz28FAi7HR+qM3fMb7EnyFxVoENwand7xEvqCs5db53f2rl9uFri
+VXb88RE+3jmW8U8No1x20HSHdioonm0GLlCkMAyfRX7n1TH0RqpAv9G1Sfos7xIH
+fiv9WKCdv9EBceNE6Km0cYGSJBAmwGw2kfbNGQFZ79ZL4d5sKrrVs7LOZyeQTrax
+oqpS/lZPZ1WdgDTRFw8g0ITdO0WI3uiVSd+6ZCy6ZFhtK5VGr45GTzjbu5MCAwEA
+AQKCAgAyXAChX8H/jw+hfsegfFNOygD/DqK/gesx404ven03PGNd+rB3Dgf4aPoZ
+xGMN4FtxRAjPfxRPY8AnYycZ0Qi0Nca193zeXokzx4vK+B1vxASSWPMwHGm1OQQc
+rXPUWOrJnNamTONfwllzNhRRYgHoqtGQUTFReoYBJ/eZLPsdmUx86YPCGSH4gDh1
+obF15N673tFmbBKc1mA9D1R690i1YDEqJKEEfD4TstoQaPJ55L+AzNQtp7a69OaH
+J6JACMGUidVPK1VmU7t4AtgkSYYv7g1ZoSQPlDC9i8HWS+/LWoZkbiQQToumdVo1
+GGK0jJDLpVDlEPWtYrMqSa03zJargAjzrPvCLXF8HotWY+cNesy5oLHH4qJw+jCJ
+45uKmVNPzk6AWP6mgvD8OtqDEg7GJGCRy56FNpjnrbgwE9YrHdrNE7LCsemIeLT0
+329moDj0xydjFXbtuQ8iaGkQANXmsxr9+f5up5Sr52cK08I4s0dp8KsLaKFtrxxm
+tWYacEm++cagjpj+CXkAbftLO7Y7Rd+a1PmcpWhHNpMf+IsUgDWpKvJtODDTZOW
+ES4tk9kakhFZKj6CoAshwb+4yPhIAt9vAFY6XsYdirISNv+K0XxEM0lTo77wnI3n
+e2iHjq7XZFHLM2r00vSBYr14wd/b2KenCbHCda8k5JszIzVo2QKCAQEA9HqNocfZ
+J+/saOFDpHD1iFoElLUUC5KAmdSJbGjOHk0Fs89KZXMBwBkUz/Phyrqd8X3hZmvc
+SzlM9q/kiNzHSNBu6Lv41NaQQ6Gjc8NaFau94csbWvM9SRWADx7W8THTKbVtNd28
+26wftI0aarRfU3HkgYC9fKnCB45oXaDPNBQdjBpbmfAgW33EpvRqiTdhNbj6zCWh
+PNGv8ekMvbeFsCbazJ8+WRxE8o7bQKoiCClubV3+G518mwrBhLcIczvkNRIt/0BN
+sCYjnVrI/1GPoiUj4iayzwTlDbrUhBfl8hk4hgO0aecwxciatKHIIJ0/yT0ajbT8
+wJ8xMMiyNFVr5QKCAQEAyZI3BvH5T+yBtDCm+EflzH//LrFH7TOJyHJCPUgzUfaQ
+wLj5+Sey9ZDvuaPKZ0/34Rwq24NbvGD38RyiHXO3xHTd0VmQ8pMlclHC8pDI7ya7
+1XBp+jLzIvsIEU/n9+pG9MPEi/weEwjnh/bK96MqcpoTi6nFbx8NpJ3t2E9BZYEP
+PggOwzHuwdflh9YGiikvehB7ARWVaHMeYVStmHQFW5xTK3b+92jUwO7mZ2UzqjYn
+XQ3Cy4JqWYE0RWjz65Ba/YhWcQAKit8KbsmqrIiBj2+2DtPJ5liAKzt6FldBfWhq
+9rFmvpuNfn3ruvax2b4MPJ2HpdOrYeHK2Q/mmAZCFwKCAQEAqHEv2EF7ixqxRem+
+0zPI1/M9qL/CWd7MoDBhpsHnEdV7klHGLnO4xwQA5O5hqW4+mD5k6E50b5fBQU4b
+JXkIDVEeuVeZr/tNVmut1HrKPJghscpgxJ9GoG4h10kmSvRLSzdnUW+/SZMkHSAD
+DXXNIA8eo2NyKsxDlTU3DxtW58jcOsWGS1+4y5Cxx14rcPMpFPyoP7PFjcPjd8dc
+MfKaN63tnoIxUPA7SOvIgJs362uwW8Yg6CHv0lrszmXVep/PMgmei3lgjXcZnrcI
+OXGWht8UBCMpm50BvB33gjN9CPr7iMpQqY7SedMnVEELQ/1UD3D8NJp4cra8C6Kb
+tZcNSQKCAQAZF2heJvTf7BLhOUUvltOWN0CusUbA0i+OkhqIwloRE95E/0GusDBo
+vRf6RddGMQAsN3NmS925f2Cd1PChNexkOh/6lWmjqIl6x4663ycEDhBHq2ylxn3Z
+luIUNZwski8u/MeUnVepCuy3UhNF7Du2dFOGiSWYhYcPPNGEoakEV6JsGFiuF6Me
+4h8iX5QE0sekLDUDl4o3rEzV1NKfLaIVG0qHGJL4fUYulg58RG6/+2m+/Z2H874F
+Uj4NfdkPM7L/6F7KRjUJwGXuEJB8Vam7Dy7cfaSeVdnuh8LU0RvH3p2iA8dEZtyg
+KFCVv2u4LR4c1YczLzwgPRkhGAeeWPkVAoIBAQCSeqwSv5oA0XqfShS9DWtYXocI
+ArsIHBsqYpwUgMAqO+A5JVd0WKx7/WNFADshCLrMOUaOBE/hr1jboL6cQCqCRoHC
+A8KRN0IFv8001kA90/hWOiReA47uKNRsj/F8z5DQfkeFpPkFuntH+7iotJ0K077g
+2oRVV56TL6vg3NvqE4sxvG2JOy9u7kXCquv7NJxRlQQRoEtCq0jE/pOAQGZR2bJn
+yclTiVw2CsM+ojyfP7i+0BbSl+xIvGPZ8VBcsue8pMs6U0qHBx8Gp4w06P1pAF48
+NwFa2ODTO1zXRtjWsISurGPUV9eYyotPM6X12oF97qow+QOyITDge78MjeyR
+-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/cfg/ca_cert-chain.crts.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/cfg/ca_cert-chain.crts.pem
@ -0,0 +1,63 @@
+-----BEGIN CERTIFICATE-----
+MIIFZDCCA0ygAwIBAgIBZTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJPTzEN
+MAsGA1UECgwEQUNNRTElMCMGA1UEAwwccm9vdC4xMDEuc2t1bmt3b3Jrcy5hY21l
+Lnh5ejAeFw0xODA4MjUxODA2MTFaFw0yODA4MjIxODA2MTFaMEMxCzAJBgNVBAYT
+Ak9PMQ0wCwYDVQQKDARBQ01FMSUwIwYDVQQDDBxyb290LjEwMS5za3Vua3dvcmtz
+LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvIrPlS24
+lgzjr/cuHJHWUyDMLMI6aV68Olu01SuZi0yGRouTUe/XS3qIjXlkySzHUqCDw/mV
+092h1lKRTlYGRZ0fwcSRrYZlySOV9dc1+TxBSAggoWcAG/tEwJ+TZFstogfUi4T+
+06DTiAmkglJ17Yyauf/IJOEwPU8c9U6joNZvPd/Y4taTgnGwliy9BAaOGKAxptZg
+FWGKlXWJw8Ya6ciBYz07yCwwyVOanAYN0NJn9Pl2c4E7R8hSQ7zj8Jvc5o57ou8f
+I5Zdm217G2AxUnsD9KEuYtyKRKDb+DOvGkcvKlJxpx/BuU3QvhC0tw7RFPWIDBzV
+nXD5ApdZLZCweUvHLi7bgA88fJXN9oYrRduhIzRCIOjtmlB6JnAiMwaNQpWy4/+S
+ZqDlky89dw29hUfj701An0QdYMyxH+uUuqfKPWdQREBkP1ARH8WaHXzzyJpX5orj
+ShIsg93HlZ68ILgrY7NpnFah8BJPbJUnp4QDAzIITZ+SYPQA8TBuUwyI2GNPmaPH
+o7nhcb7lIX0BERhsGqZV8nK6RIcEAxwjcgQgR3jcnxnzI0/bsQRFFkS2NkG/Dm3a
+vCJi8NGTaOppGaGs05r012tK5hiNOCJ2vZdo4oUuQgBlk/TtodpwBIyPNPdtNP+X
+AFeElVeC2lkwwah7Tz2t1LrLm6ksencGs2UCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIjB85Zt9x66faSMH7k25V3J
+svQJMB8GA1UdIwQYMBaAFIjB85Zt9x66faSMH7k25V3JsvQJMA0GCSqGSIb3DQEB
+CwUAA4ICAQCeR/j04yiT+RT/IN5g+5tgQ3iIlKqR3Jc/OCWFAB52MQd/Ar1xK+mK
+LykCaMBVv2GLrwol17CChomjChdoap/NilHTBoL0vQ2BYeYfa6Y+rMz0O4p5hM0R
+4IvyOnvi58qW+4mD4AP0Aot+l38DruuyC5eziglz1LfwBuL+2amIFbSBWEssntEV
+tp6WhqgTFiDEFwBpS70ImeweekU6LTZOagA2haYMq3nKtfgZw9bOcNbdhxMqxAn0
+GnmRoGDjvmh6mExsqJsGylke5gh3xRHLtuku9tWYPrM8xQE6rsE3A9pM1h/Abgqt
+wfgQe4v+42btQ2bvuqXM6fwpDmGoIo5TGPiJf97XbQeYFSLmELka+KGekWX0Ol7h
+755yunWyx2yPMq4wwd9uho8QVDFEwivXwMgZ/3WZUVAMxNHXsulw3ajAx5lyF400
+96/a5AuGM6tPlsCmovQtCkTlra6vE2EBiX2r58msIebTsudjfbYr0JuAoetrTOIm
+L38fFEeD6WMQ16DY4KqtErTfu4n3XAVdROayW6hlJmonD7m2H6qbhDsyV0aThmz7
+LJD0tshhNRMJdnaDiiyaTt+0yiiWqkqHLF0pxbovVaqau86M9bMCnHQGRCOmPCRB
+Rzp4RHdQPa45fGBkxJfg38S2xA273RuRP2xXRQBwsqyy9r7ftV0chA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFgDCCA2igAwIBAgICA+kwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCT08x
+DTALBgNVBAoMBEFDTUUxJTAjBgNVBAMMHHJvb3QuMTAxLnNrdW5rd29ya3MuYWNt
+ZS54eXowHhcNMTgwODI1MTgwNjEzWhcNMjAwOTEzMTgwNjEzWjBbMQswCQYDVQQG
+EwJPTzENMAsGA1UECgwEQUNNRTEaMBgGA1UECwwRQUNNRSBJbnRlcm1lZGlhdGUx
+ITAfBgNVBAMMGDEwMDEuc2t1bmt3b3Jrcy5hY21lLnh5ejCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMB/26XCkATLPCrMuieRUyuD06O30YFrxVin1K46
+/Vpfzy35jmXHwOf9SkPqZDlT+rVo1cB62mysEDuJTVgzwp7ReO0VtTiYpyXF2bkx
+kEfugV8mrjTSUmqPz1lEy/2fQtODebkwJiyrutxZ//ZMpcd69s3i6HaNsSCQqtVC
+hicoD/rVcL3hv/fo9cyyoGM9TZR8m2zbgg0+eXGyWXlI585ST3C+kp0gsYEgUrWU
+7LxsbF2ntbz0wyoOciq0106KI+J8lfyTSuBRQQXQIcq4M5/24YzLz1WLzt8dCFFQ
+Oma7tvCNy+z8hTQkBk7Jir4ByDB4HeYEXv/IGtTnyekP+AE+x+KQ22AkFyn7URcr
+2Mkz04ahAPu2/YzKMTxWf+3RDGcpW2C/KoS2u0+YddoLKFEYar9g1RYXnGS/qUE7
+z9xrLGhupd8jI+0FPkZoTb89vBQIux0fqjN3zG+xJ8hcVaBDcGp3e8RL6grOXW+d
+39q5fbha4lV2/PERPt45lvFPDaNcdtB0h3YqKJ5tBi5QpDAMn0V+59Ux9EaqQL/R
+tUn6LO8SB34r/Vignb/RAXHjROiptHGBkiQQJsBsNpH2zRkBWe/WS+HebCq61bOy
+zmcnkE62saKqUv5WT2dVnYA00RcPINCE3TtFiN7olUnfumQsumRYbSuVRq+ORk84
+27uTAgMBAAGjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MB0GA1UdDgQWBBQLAZvP+qDe9PEdskSjByyu7knZDTAfBgNVHSMEGDAWgBSIwfOW
+bfceun2kjB+5NuVdybL0CTANBgkqhkiG9w0BAQsFAAOCAgEAMz+Z6RvWJJIDkrGe
+xqMrncJ1pyl7U6h2TocMAy/zPHdrRJYjyVGaUSXCqQxZlJOkZWWQ+tn1MuMp8u/+
+13br3UaJbtknTBjt998+MltzBCDvyGaIy6R8PFT5F8cHv674wrkaQf8sPvcBmq7O
+Ma+RCGTvDOR6EiXgjYu/laLWOvw2Qi38A6RqEUQ8hrGcG6kS1bwHOQC3/TrYXEMk
+1KLR9fU5f2/zdjraE0x4KhIgGoYl1akqJ7qLQVB8px4AiHtnSuKnnlAPXkaA26Zp
+pCobhaPTFtSdZnHsxCeZTVKPyuiRpoPGcO74xLw8QukBJT2Dnt4uZbGrkJFjb1Wf
+AoqXpFThhop7jPeozaQPtPmQK8NUre7n0X6rPCf0JCDHoWKuDuQRvQswpWuxuIEZ
+WEpax2xuMCjiBKqSAV+xG41s7pIFCcd+YD9X3sLFtmBDX6X1pke4OR7Ir0YsTR+r
+QBR3POZN08nFPwOhs/jObTnyMdStuHRX1xKMc6ShcZJ0m2MW9IWYmtFJ6eAr63MQ
+uYafsC6QyhO/nK2sJGV9DfV4CAwC8F+vG9l+aElER2Y4jZE/Gg2A6f9fwoQVkmqJ
+mN1tn1UnxZjn+S7736nP3OP86swnVe59hvbGPCS0q3Ytv9v7BVz6XylbnoNX0qEm
+ekoRJi5yAXKCkT5ECdqgxfSOaqg=
+-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/cfg/pki_funcs.sh
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/cfg/pki_funcs.sh
@ -0,0 +1,294 @@
+#!/bin/bash
+#
+# all main functions to generate a PKI certificate chain
+# 
+
+#
+# Set the CA variables
+#
+pki_func_init() {
+  if [[ -n $1 ]] || [[ -n $2 ]] || [[ -n $3 ]]; then
+    FQ_CA_CERT=$1
+    FQ_CA_KEYS=$2
+    CNF_PATH=$3
+    APP_INIT=1
+  else
+    APP_INIT=0
+  fi
+}
+
+#
+# print text wrapped in a block
+#
+echo_block() {
+  echo
+  echo "***** ***** ***** *****"
+  echo $1
+  echo "***** ***** ***** *****"
+}
+
+# 
+# Grab the latest serial # from the file, auto-increment
+# 
+get_serial() {
+  SERIAL=`head "cfg/SERIAL"`
+  if [[ -z $SERIAL ]]; then
+    SERIAL=11111
+    echo_block "WARN: no file 'SERIAL' found, using default 11111 as the serial # for CA"
+  fi
+}
+
+# ***** ***** ***** ***** *****
+# 
+# CERTIFICATE AUTHORITY (CA)
+# 
+# ***** ***** ***** ***** *****
+# This function will generate a CA Intermediate
+# IN: UNIQ_ID_CA, SERIAL
+#
+gen_ca() {
+  UNIQ_ID_CA=$1
+  SERIAL=$2
+
+  echo_block "Create CA (${UNIQ_ID_CA})"
+
+  # encrypt the key
+  #openssl genrsa -aes256 -out ca.keys.pem 4096
+  #openssl genrsa -aes256 -password "pass:password" -out ca.keys.pem 4096 
+
+  # key un-protected
+  openssl genrsa -out "ca_${UNIQ_ID_CA}.keys.pem" 4096
+  # 
+  # Create Certificate   (valid for 10 years, after the entire chain of trust expires)
+  openssl req -config $CNF_PATH/ca.cnf -new -x509 -sha256 -days 3650 -extensions v3_ca \
+              -subj "/C=OO/O=ACME/CN=root.${UNIQ_ID_CA}" -set_serial ${SERIAL} \
+              -key ca_${UNIQ_ID_CA}.keys.pem -out ca_${UNIQ_ID_CA}.crt.pem
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in ca_${UNIQ_ID_CA}.crt.pem > ca_${UNIQ_ID_CA}_cert.info.txt
+}
+
+#
+# Create CA Intermediate PKI
+# 
+# 
+
+#
+# Generate a PKI chain
+#   - the certificate chain is unique based on the serial #
+#   - generate a new CA I
+#   - generate server certificates
+#   - generate client certificates
+#
+# INPUT:  BASE SERIAL #, LOOP NUM
+# 
+# Requires: FQ_CA_CERT, FQ_CA_KEYS
+# 
+ca-i_gen_pki() {
+  CDD=`pwd`
+  ORG_URL=$1
+  SERIAL_O=$2
+  NUM_CERTS=$(($3-1))
+
+  # create unique directory
+  UNIQ_ID_CAI="${SERIAL_O}.${ORG_URL}" 
+  mkdir -p "distribution/ca_i_${UNIQ_ID_CAI}"
+  cd "distribution/ca_i_${UNIQ_ID_CAI}"
+
+  # Create CA Intermediate
+  ca-i_gen_cert $ORG_URL $SERIAL_O
+
+  # create directories, copy files, before generating client/server
+  ca-i_create_shell
+
+  __ca-i_gen_client
+
+  __ca-i_gen_server
+
+  # return to last path
+  cd $CDD
+}
+
+# 
+# Client Certificates
+# 
+__ca-i_gen_client() {
+  # create directories
+  mkdir -p clients/data
+  mkdir -p clients/distro
+  mkdir -p clients/docs
+  cd clients
+  for NUM in $(seq 0 $NUM_CERTS)
+  do
+    gen_client $ORG_URL $((SERIAL_O+NUM))
+  done
+  cd ..
+}
+
+# 
+# Server Certificates
+# 
+__ca-i_gen_server() {
+  # create directories
+  mkdir -p servers/data
+  mkdir -p servers/distro
+  mkdir -p servers/docs
+  cd servers
+  for NUM in $(seq 0 $NUM_CERTS)
+  do
+    gen_server $ORG_URL $((SERIAL_O+NUM))
+  done
+  cd ..
+}
+
+# This function will generate a CA Intermediate
+# 
+# Requires:  CNF file, CA cert, CA key
+# 
+# IN: UNIQ_ID_CA, SERIAL
+#
+ca-i_gen_cert() {
+  ORG_URL=$1 
+  SERIAL=$2
+
+  UNIQ_ID="${SERIAL}.${ORG_URL}"
+
+  echo_block "Create CA Intermediate  (${UNIQ_ID})"
+
+  openssl genrsa -out "ca_i_${UNIQ_ID}.keys.pem" 4096
+
+  # Create Cert Signing Request (CSR)
+  openssl req -config "${CNF_PATH}/ca.cnf" -new -sha256 \
+              -subj "/C=OO/O=ACME/OU=ACME Intermediate/CN=${UNIQ_ID}" \
+              -key "ca_i_${UNIQ_ID}.keys.pem" -out "ca_i_${UNIQ_ID}.csr.pem"
+
+  # Create Certificate   (valid for ~2 years, after the entire chain of trust expires)
+  # CA signs Intermediate
+  openssl x509 -req -days 750 -extfile "${CNF_PATH}/ca.cnf" -extensions v3_ca_i \
+               -CA $FQ_CA_CERT -CAkey $FQ_CA_KEYS -set_serial ${SERIAL} \
+               -in "ca_i_${UNIQ_ID}.csr.pem" -out "ca_i_${UNIQ_ID}.crt.pem"
+
+  # Package the Certificate Authority Certificates for distro  (windoze needs this)
+  openssl pkcs12 -export -password "pass:password" -inkey "ca_i_${UNIQ_ID}.keys.pem" \
+                 -name "CA Intermediate Mobile Provision" -certfile $FQ_CA_CERT \
+                 -in "ca_i_${UNIQ_ID}.crt.pem" -out "ca_i_${UNIQ_ID}.p12"
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in "ca_i_${UNIQ_ID}.crt.pem" > "ca_i_${UNIQ_ID}.crt.info.txt"
+
+  # create certifiate chain
+  cat $FQ_CA_CERT "ca_i_${UNIQ_ID}.crt.pem" > "ca_cert-chain_${UNIQ_ID}.crts.pem"
+}
+
+#
+# Copies all applcations to the Lifecycle package
+#   organize the ca-i directory
+#   order matters:  move these files last because they were copied above
+#
+ca-i_create_shell() {
+
+  DEST_DIR="${CDD}/distribution/ca_i_${UNIQ_ID_CAI}"
+
+  # client
+  mkdir -p clients/cfg
+  cp $CDD/res/libs/gen_client.sh  $DEST_DIR/clients/
+  cp $CDD/res/libs/pki_funcs.sh   $DEST_DIR/clients/cfg
+  cp $CDD/res/docs/README_C       $DEST_DIR/clients/README
+  cp $CDD/res/docs/SERIAL         $DEST_DIR/clients/cfg/
+  cp "${CDD}/cfg/${ORG_URL}.cnf"  $DEST_DIR/clients/cfg/
+  # generated files
+  cp $DEST_DIR/ca_i*.crt.pem      $DEST_DIR/clients/cfg/ca-i.crt.pem
+  cp $DEST_DIR/ca_i*.keys.pem     $DEST_DIR/clients/cfg/ca-i.keys.pem
+  cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/clients/cfg/ca_cert-chain.crts.pem
+
+  # server
+  mkdir -p servers/cfg
+  cp $CDD/res/libs/gen_server.sh  $DEST_DIR/servers/
+  cp $CDD/res/libs/pki_funcs.sh   $DEST_DIR/servers/cfg/
+  cp $CDD/res/docs/README_S       $DEST_DIR/servers/README
+  cp $CDD/res/docs/SERIAL         $DEST_DIR/servers/cfg/
+  cp "${CDD}/cfg/${ORG_URL}.cnf"  $DEST_DIR/servers/cfg/
+  # generated files
+  cp $DEST_DIR/ca_i*.crt.pem      $DEST_DIR/servers/cfg/ca-i.crt.pem
+  cp $DEST_DIR/ca_i*.keys.pem     $DEST_DIR/servers/cfg/ca-i.keys.pem
+  cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/servers/cfg/ca_cert-chain.crts.pem
+
+  # CA-I
+  mkdir -p ca-i/data
+  mkdir -p ca-i/docs
+  mkdir -p ca-i/distro
+  cp $CDD/res/docs/README_CAI       $DEST_DIR/README
+  cp $CDD/ca_*/ca_*.crt.pem         $DEST_DIR/ca-i/data/
+  cp $CDD/ca_*/ca_*.info.txt        $DEST_DIR/ca-i/docs/
+  # generated files
+  mv $DEST_DIR/ca_i*.pem            $DEST_DIR/ca-i/data/
+  mv $DEST_DIR/ca_i*.info.txt       $DEST_DIR/ca-i/docs/
+  mv $DEST_DIR/ca_i*.p12            $DEST_DIR/ca-i/distro
+  mv $DEST_DIR/ca_cert-chain*.pem   $DEST_DIR/ca-i/distro
+}
+
+#
+# Generate a Client Certificate
+# IN: UNIQ_ID, UNIQ_ID_CAI, SERIAL
+#
+gen_client() {
+  ORG_URL=$1 
+  SERIAL=$2
+
+  UNIQ_ID="${SERIAL}.${ORG_URL}"
+  CERT_CHAIN="cfg/ca_cert-chain.crts.pem"
+
+  echo_block "Generate Client Certificates  (${UNIQ_ID})"
+
+  openssl genrsa -out "data/client_${UNIQ_ID}.keys.pem" 4096
+
+  openssl req -new -key "data/client_${UNIQ_ID}.keys.pem" \
+              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=client_${UNIQ_ID}" \
+              -out "data/client_${UNIQ_ID}.csr.pem"
+  # CA Intermediate signs Client
+  openssl x509 -req -days 365 \
+               -CA "cfg/ca-i.crt.pem" -CAkey "cfg/ca-i.keys.pem" -set_serial ${SERIAL} \
+               -in "data/client_${UNIQ_ID}.csr.pem" -out "data/client_${UNIQ_ID}.crt.pem"
+
+  # Package the Certificates
+  openssl pkcs12 -export -password "pass:password" -inkey "data/client_${UNIQ_ID}.keys.pem" \
+                 -name "Client ${UNIQ_ID} VPN Certificate" -certfile $CERT_CHAIN -caname "client_${UNIQ_ID}@acme.xyz" \
+                 -in "data/client_${UNIQ_ID}.crt.pem" -out "distro/client_${UNIQ_ID}.p12"
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in "data/client_${UNIQ_ID}.crt.pem" > "docs/client_${UNIQ_ID}.info.txt"
+}
+
+#
+# Generate a Server Certificate
+# IN: UNIQ_ID, UNIQ_ID_CA, SERIAL
+#
+gen_server() {
+  ORG_URL=$1 
+  SERIAL=$2
+
+  UNIQ_ID="${SERIAL}.${ORG_URL}"
+  CERT_CHAIN="cfg/ca_cert-chain.crts.pem"
+
+  echo_block "Generate Server Certificates  (${UNIQ_ID})"
+
+  openssl genrsa -out "data/server_${UNIQ_ID}.keys.pem" 4096
+
+  openssl req -new -config "cfg/${ORG_URL}.cnf" -key "data/server_${UNIQ_ID}.keys.pem" \
+              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=${UNIQ_ID}" \
+              -out "data/server_${UNIQ_ID}.csr.pem"
+
+  # CA Intermediate signs Server
+  openssl x509 -req -days 365 -extfile "cfg/${ORG_URL}.cnf" -extensions v3_server \
+               -CA "cfg/ca-i.crt.pem" -CAkey "cfg/ca-i.keys.pem" -set_serial ${SERIAL} \
+               -in "data/server_${UNIQ_ID}.csr.pem" -out "data/server_${UNIQ_ID}.crt.pem"
+
+  # Package the Certificates
+  openssl pkcs12 -export -password "pass:password" -inkey "data/server_${UNIQ_ID}.keys.pem" \
+                 -name "Server ${UNIQ_ID} VPN Certificate" -certfile $CERT_CHAIN -caname "server_${UNIQ_ID}@acme.xyz" \
+                 -in "data/server_${UNIQ_ID}.crt.pem" -out "distro/server_${UNIQ_ID}.p12"
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in "data/server_${UNIQ_ID}.crt.pem" > "docs/server_${UNIQ_ID}.crt.info.txt" 
+}
+
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/cfg/skunkworks.acme.xyz.cnf
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_10001.skunkworks.acme.xyz/servers/cfg/skunkworks.acme.xyz.cnf
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1001.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1001.skunkworks.acme.xyz.crt.pem
@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFLjCCAxYCAgPpMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAk9PMQ0wCwYD
+VQQKDARBQ01FMRowGAYDVQQLDBFBQ01FIEludGVybWVkaWF0ZTEhMB8GA1UEAwwY
+MTAwMS5za3Vua3dvcmtzLmFjbWUueHl6MB4XDTE4MDgyNTE4MDYxNFoXDTE5MDgy
+NTE4MDYxNFowXjELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxFjAUBgNVBAsM
+DUFDTUUgU3RhbmRhcmQxKDAmBgNVBAMMH2NsaWVudF8xMDAxLnNrdW5rd29ya3Mu
+YWNtZS54eXowggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDZrGTT6I2Y
+XFru4Q7eLeLLqR2Qac+tt4AYX9MD2fpI3dq3siGqWzq/Xe6D5abfvvGm09hR7ZM2
+jY8v1mHzh3RK53My5CjXEM+8hPMuU95V/mZHh42MogatpORZBB0eSmv9RcswX8L5
+fBWVRo9YdhfO8l19LwvK/+9z88DNDK8Mqtn5Y5bGTYI8PmblpOSS9KomIwkVZ0MF
+7s0zR7OcWUQXM+n6NHoO6bICU+NrysSRyuDL67ZvaOzdC2Tx/5LnTlzJS00NzswB
+xbYfsvxl90+co1gKT5h1m60TyW1WNXknU0zfazw8lQ13UUpQ1Bluf8vS7grlP5dg
+oJkHk+8FUHRCiVQfZt6xn6h1mgWwT7/oBBX4yF/dUondGOOCPk93hrFu+t99qiGm
+9EkkECZezBRyoFoaqc4rf7vEBfD5JWZ2UnecoZoCnNdyUtrsJGDXt5io3zlP7m9E
+a2Ws1RdG8SNwqZ42+YMkmMNLOKoa8bAbUrh2aIelaDfG8a/7tm13CJjZQ20jkjPB
+Ceu/1ABVdkZ340PbALp25aw3FgyYS2ixA1CUwML89wN/vvzosLKXckCUeV6YTBsr
+EM/hoQydId9h+jZkDoIFPEGjyVP2jQ2tWcUnDdBUkV+J3ZL8NfCUmPcNkwiSN50W
+PPP7TcXvmxCH4oae/LQyZsXOyFjTAB8t7QIDAQABMA0GCSqGSIb3DQEBCwUAA4IC
+AQA+HoBcwrpqJkaLEpOFra0utjgZGaY/WUe0KTlrly+Jw1P/pwJHejDcEw4/PCpi
+13PL2+dxJxPNyWDM2G0cEPSxWAVeWc6Usvu7qg0C9yih+B02ethrNv7tLc3joa2A
+V1n3gzGwr5xaDYGqlE6C3RVRjEuWQySIrK8wYwgm/TPLGPTP5WeDZvQ5P6JGQdM9
+N9AQI4aA9i8HQqo7OtfZ/6dk2avv0lRucBNvhBqhhJEB57Rm0N5io9nlKzp5zdQP
+ADO7BhH5A0MqSPg5Z52eLCzrUg2gi64EFh7bqOoVzxy/FCajA5qamhEYxTPazZak
+2OwB2xeS4b6ZBKKMvF9tX7SdzDr5S8PW31ZOTSjJ79P284MYIO/MTq4c/pBH/hqI
+WSEbSTcFLK6fsThd8PqmeFhowA4XIVFhCJBJIKoyCIifBo4tLYK+KlQb1vJ+5G6d
+nLEGiMuKqE3S0N5ICbDWD0JsuBeBzsYMPbvxXf7DngyLteZChkkom8YHyNt3lzdk
+kXOSgTOtQ2PvN9ykw++pnvg4UVveYQToFvjLQIeG0VD1eh5KKImnBn5aE/FuJxt2
+QgrByX4Icpt8EjNv52ZLQL+kaSrp3xI1MSluvVas8LZ8E1y7ETrflfHZlzBOZ0H7
+3+6vZht3BmjAh62wfHvsg4UtfXOE50XMmGM4qgkAdAJHqA==
+-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1001.skunkworks.acme.xyz.csr.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1001.skunkworks.acme.xyz.csr.pem
@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEozCCAosCAQAwXjELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxFjAUBgNV
+BAsMDUFDTUUgU3RhbmRhcmQxKDAmBgNVBAMMH2NsaWVudF8xMDAxLnNrdW5rd29y
+a3MuYWNtZS54eXowggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDZrGTT
+6I2YXFru4Q7eLeLLqR2Qac+tt4AYX9MD2fpI3dq3siGqWzq/Xe6D5abfvvGm09hR
+7ZM2jY8v1mHzh3RK53My5CjXEM+8hPMuU95V/mZHh42MogatpORZBB0eSmv9Rcsw
+X8L5fBWVRo9YdhfO8l19LwvK/+9z88DNDK8Mqtn5Y5bGTYI8PmblpOSS9KomIwkV
+Z0MF7s0zR7OcWUQXM+n6NHoO6bICU+NrysSRyuDL67ZvaOzdC2Tx/5LnTlzJS00N
+zswBxbYfsvxl90+co1gKT5h1m60TyW1WNXknU0zfazw8lQ13UUpQ1Bluf8vS7grl
+P5dgoJkHk+8FUHRCiVQfZt6xn6h1mgWwT7/oBBX4yF/dUondGOOCPk93hrFu+t99
+qiGm9EkkECZezBRyoFoaqc4rf7vEBfD5JWZ2UnecoZoCnNdyUtrsJGDXt5io3zlP
+7m9Ea2Ws1RdG8SNwqZ42+YMkmMNLOKoa8bAbUrh2aIelaDfG8a/7tm13CJjZQ20j
+kjPBCeu/1ABVdkZ340PbALp25aw3FgyYS2ixA1CUwML89wN/vvzosLKXckCUeV6Y
+TBsrEM/hoQydId9h+jZkDoIFPEGjyVP2jQ2tWcUnDdBUkV+J3ZL8NfCUmPcNkwiS
+N50WPPP7TcXvmxCH4oae/LQyZsXOyFjTAB8t7QIDAQABoAAwDQYJKoZIhvcNAQEL
+BQADggIBAGv81Zk6GU2MzbTFnX/WU9HiprpBB6ob49v4bjqL+3tYtrHnfCYvSmGW
+myVmIj6RHUVpx5x4O8Lc0jk+/S0rhXdw7Nt5L/sRVttjEAIE/yWihtcpvvBqMmGg
+bqK5cswcgdXXEM5C+4TTneWsaHbos8dar0mbuMABKPsCuOM4DXG6rlxtanLI72K+
+9J3u2xZtx7bs+1Jy9Maig+ezfWQNFa1/XgyRJzQ9Xba2ObIuUKKayt+TyEaPtwlx
+X9QWmYofYoQW+wCUgsItw6nppqNrTJiXghqinZdTAYoBHrXaMZ7xs08QywNLmMg0
+eS9Mmsu+nhl0mdcW8LnY3tVL4/71E71+cjPBPhW6PTUbt6W5z85ZIoYziud85J1c
+jEUfZJ+plCyXM1LiJX1ITl9uCQl3ELOYOrlbWQ2zaQCNS5yPZwSeD4P/zXwQfzMH
+4lDZe8EKRnyrpJJyktNBplJ9SOqGGUCCxSN2MftA3FJ8zf6lJPjgXSDASFoma+b6
+4zTi890quLftEwIgOQMnvcHOA+HW3Aaj06orsUN59hf9s/99mM3iox8JD6qkUkJA
+fHKJSgNSCKAdcPX2Sa7Kx9jxJ3g0cDauagclESZogKFWhoZ+XmFyW8Ys5BYKGQf3
+0c2TMo9AWHDwFtlTfTbejJIMyPTSbzlmfXzK9lqdMKD4slXVOHSB
+-----END CERTIFICATE REQUEST-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1001.skunkworks.acme.xyz.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1001.skunkworks.acme.xyz.keys.pem
@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEA2axk0+iNmFxa7uEO3i3iy6kdkGnPrbeAGF/TA9n6SN3at7Ih
+qls6v13ug+Wm377xptPYUe2TNo2PL9Zh84d0SudzMuQo1xDPvITzLlPeVf5mR4eN
+jKIGraTkWQQdHkpr/UXLMF/C+XwVlUaPWHYXzvJdfS8Lyv/vc/PAzQyvDKrZ+WOW
+xk2CPD5m5aTkkvSqJiMJFWdDBe7NM0eznFlEFzPp+jR6DumyAlPja8rEkcrgy+u2
+b2js3Qtk8f+S505cyUtNDc7MAcW2H7L8ZfdPnKNYCk+YdZutE8ltVjV5J1NM32s8
+PJUNd1FKUNQZbn/L0u4K5T+XYKCZB5PvBVB0QolUH2besZ+odZoFsE+/6AQV+Mhf
+3VKJ3Rjjgj5Pd4axbvrffaohpvRJJBAmXswUcqBaGqnOK3+7xAXw+SVmdlJ3nKGa
+ApzXclLa7CRg17eYqN85T+5vRGtlrNUXRvEjcKmeNvmDJJjDSziqGvGwG1K4dmiH
+pWg3xvGv+7ZtdwiY2UNtI5IzwQnrv9QAVXZGd+ND2wC6duWsNxYMmEtosQNQlMDC
+/PcDf7786LCyl3JAlHlemEwbKxDP4aEMnSHfYfo2ZA6CBTxBo8lT9o0NrVnFJw3Q
+VJFfid2S/DXwlJj3DZMIkjedFjzz+03F75sQh+KGnvy0MmbFzshY0wAfLe0CAwEA
+AQKCAgBxzcgJYpRlDCQesFvtnV/tysVCM4/46u91zuOsJ9LLNfKcB+3B+2CDnMCP
+BQpyAIqnBisa6nMFGo26HQOpJzCN2ORJvy/7ATcbAQeDOSYNH6ypyR0gYbXMI2Gf
+iJ8Qryg2ir7o06hEd7NxECrxvQxFjkGCqY4o3BZ9MPukOPVsUgcUdBToKK3mgVma
+xtMaYgBzX+3n2s0X1PpDzUEChUksOGAkCDuogFYpEWLdgG21K7TL6LjBFsJ/7u0f
+Nb9R+MK+uuWRIA0jQHjINkFFn/xDRWCjorPMk0TA0S+xcZJ4StXw+ECa4tWzpFk
+IQAK3ZXa+cmIge7K/iwD4jwdMysUhz/LXRTDOyMzjF2W3BWNLhjoPcZaozMcK0LL
+JxR3OmvHsRXDm5neab57exEigZtPinmChfqekV45OaIBjlNaZTHj216Wa+my9k1p
+jJBAp4ZOs6Cqt6QgyfSaeBOeE+Uh8uOPnbCWXa2rJCOodDzkU2/HUsa3qiZOnpB1
+JvVhI0BsC2uaq8UFy8T5t8NT83HKKfn19QKTSe9R51BEpk/khwg+QgtyygXiu5SF
+6f0qhA881q7VYYKZI3gBkBqaO2wj/EExxv6M3VgKFQnyNlHmQwJFlE7r1NTXan5q
+g2pOlKuHJ3HDV28VLMtQXZplVJdNBm9Q0HId96j9iPe67j9HoQKCAQEA+GODoy4b
+6l/CEuzgkfoFeqcYeFwWb12Yl0bqcQoZiJiMqp9nF8IwAqOU6GhFOeLmmacoixXX
+aTdJ5B2tEGMl/3bJ56IuSxBvyHVk4SIfBm3HrvkQ6DrsoM0qBG4CYIfKmdhJsidg
+qIW9IUKxM4Spxqx26LGMZO286haXhQGqlOSD2Nvbfq7Wjx860XS27IMFnlZ4ie1+
+kEyS9aZCyF4HbvcVb/1qIF3Akkei2OFFwjDtueYRy70z+D7knCJI5GQfLgkN3K0O
+8326zrIm+DgkY6WZdJafWTOQwGaLiDT5mwCePV1S/Mo3gs3GFJtubCZ+6ZRrJ9X3
+GHsXF1oZGUDVwwKCAQEA4Ffu7fJzR9rKuOC41iBtxsXLwth/3hv0bNGugDqPq7XE
+gtX1kWAqtWupYhrDa5kAmLZQvdovTIPM20VvtAcDojpQr0+AFUm86DwMW7zcBLxB
+pQxv2uEEyJVAE1IEBACO/WHZ50382oNr44gS1hkW7nWX1ke0WghI/fugoEcZMYas
+eWS03U8cNBGiQy4cAc0HEkUwYiz12WN/YKM2FTVCEFbT7zZirokzTJJa9BEAY8eu
+HYXxjI9+6Rl32SG4MT2U3EbQXZT6YR2C6WNLuWIkcwqCX0YFC7JtMc+T/V8vLCZn
+EGMkYjHfLSU2iAsaUxnXBUlLcWMOGwQWxdDaQM7CjwKCAQEAsiqnhMgRLAet7OdO
+mkbt4TG0YrkjOpS3XGN4zMaC1DEgTU7zot4ek/YEXMRWS5RO9o4pjcKH9ie7b849
+klCcM+dgIi9550wN8osKZlaUTIc4QXDUSM/jZeBkMDM8r0MX90xmaEzIj3kG1bHB
+64NQSHry/CxG2SqSZJL58mTkl9JmJIpnojIFIzoydYWzpGjDAfVilwTs0NKsY1nz
+80dHK7g9/0uV8UtuUz7hN5I2+HkiPEMkJrE7cuiiEMCi6nhKyTmjYNQdslhQQ+0T
+N5Ec9mX/kIAYPqU7P1hPr1JAX7rAndLjJn8QW4alDN9fEQMqr1UM4nNqRi50n1F
+HZEdAwKCAQEAmMPoJEnLrGtVTg1gcBcHCarY9KZedA2PJKan8BNwj9mnpfwySzsz
+fQFFJPq7JL0cAj99DnlqXG6hrnCtdFs7QROuwIk0toyc+Wn+LQjEmprPQu6A07k
+5f2T81QO/favZ+VA75wQiW+igP7A7N+K2PhkW3raWdB4e9Lj7yBbDHmLauJjsqvT
+JbW4S4zTb3qAzTUmHERHaS+ypkidZFWu1dd6W9Mp4XX147dpjfchz9BCRUJXWILC
+RdKc5NNsTMOFYXYrHv56fLUO1wRRpTwqW9gVLPFOMEfgyWFzgb5WLfc8iVEpjmAt
+e91yQ7NjyqC25ZeicuSjz0u6ghuU8zqYCwKCAQEA5Nx2Wjj+bfIdWGxmdRz5ZfmU
+xLQH9xazN7bKlbBLkgXnbkdA5m52uJ5fPiWkxuhX26kRFtErRWS5Tm4bU+XT0b+5
+dV6lU9MRAusIrruGWU6MK8t47N3EZYPfzi6Q3huBxuwfMcwRsOfHsdPLVtncf630
+TnvhPojF8Ym45LGAaeGvDgbotWBXLN3syI/csw/hoQ30vShSSh2WTj+TYztGObsl
+fSe/v3Dm9SdcxYuuDkNRSaWU5y+O+fQjssb/8dKDOzmhq6hHIOZxrH0VP1vOHQBx
+wv/jZkwWTMiDdCFSi+7DyciWXNogQyH38q/wuqOV2cxhfXYsgtGmGwBTJtE+Bg==
+-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1002.skunkworks.acme.xyz.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1002.skunkworks.acme.xyz.crt.pem
@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFLjCCAxYCAgPqMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAk9PMQ0wCwYD
+VQQKDARBQ01FMRowGAYDVQQLDBFBQ01FIEludGVybWVkaWF0ZTEhMB8GA1UEAwwY
+MTAwMS5za3Vua3dvcmtzLmFjbWUueHl6MB4XDTE4MDgyNTE4MDYxNVoXDTE5MDgy
+NTE4MDYxNVowXjELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxFjAUBgNVBAsM
+DUFDTUUgU3RhbmRhcmQxKDAmBgNVBAMMH2NsaWVudF8xMDAyLnNrdW5rd29ya3Mu
+YWNtZS54eXowggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1Ykhpfl0U
+Pij3eQtYJlc4rx/fDzNu+E/EbrmulQbKaSXmbCQCuaxKMmFD5+MmlYZYGkkg8zOG
+uGKoCEuEbM4W08GO+08Jhc89Pu55iv+6QArCJxvNvohOvCveO85CTF06iBBKd89n
+K3rOwiCVYVyIDRH9RijPJnxOtc7O4fVL1srzzN993r2v3+RtyvnyDFTjgdB90osU
+VEcfoteLMdQ+Lt7Sf4lp3gIBOGdZy7z1TikFzTC2Cg1TBkXJSXAqb3A1h+fBKNZQ
+fkA4hRPH0TJPv7Gz1tDvOqqKrxLjdNTZOMvY2nkbVeaHlReEdQoidokz33B+hAoD
+idqQc14+9p5TU6IHa8L/iB2ExWv3fc2VZb769KPkOPZPheJWJsU5fb431FLjCslM
+WYTLsEz5+Ixgs60e7KBWop/CyFWXtGuleVD4jr9clT6m7H+FdbFLEaUjsQdbxT3Q
+ro3EWejlujNthYMoBAskDPLqWWc+nnV9W5vfJUenZ7W1KMnXm7pTtoaFmGTZYX3o
+A1ahwVtURQDVtptQqxTaozH8ktM1bliFImUUOWufaMQGjvncHk2g2dLDf7ZUNxSC
+H+gF7QYzGFRXMIQG3DHXUmHPKOXpdef7BUo3fzFloJfQhjprm2EnqUUyIRXUG11K
+37bUBlEd3QxDO9z3PsrDYDb2gDAzD8DFeQIDAQABMA0GCSqGSIb3DQEBCwUAA4IC
+AQAC6nSG6osvM8CkcNdVA9QgSUNAa2qZa+zdEKUInOSWmroXX+UeWIMNp9ESf2f/
+Y/u47Wv2lT7FW0TZYhRQpJ3DzXXqA0JyAdiUImS+jh3N2X1XBWt1+ovk770/pN5
+TXtOhx66oRjxrOFMqYMpasw6SdKCbSMXJ0McpC0LjdNfmuPAciHN71fCXAz1CwGN
+hTOiO9p0MmFUQMnWiK6TxeP4tkBVOMkhbyOq0XqpsyaJTT8V1XntTnCeGKqXannb
+BCkB1WSvwSutL3iO9mY10bI0DahtES/ArtjoCzAwAo9RS7LlbtBgj9z69vG2r35O
+XqqofWrTVHrwCS8c+0mT/DvEVTvuyKw4UUhv1AiIH7PYg7EFw56XBXAZRCiST60E
+l5OU40dUddkTEGmpq0YO4rDgvECNXYz0AE+WaoZda1JaUpha3sl4dtI7Q8EHr8BT
+V06yu51OZvrk9lw8IBO2s5bpHLGt8+UGHmnd33ewTwt1JRm8QVX8fhhqdmD8B2B/
+6vUnEO4D+PKrCPCFbRNrDbmcQgbjJXJv8N/HCvytCkX5UXFIP9+3+t5TOJFIpNJa
+5AW5i7/k5zt4XeNh0z2TCQZ2YSMVchhWnUet8s3k3gcDw5pnCFvp/0ApUz6hZXko
+0j2sUe0jjtKtkKg1o3dN/exKlBS1H4Ipz6LtuFctodOL1Q==
+-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1002.skunkworks.acme.xyz.csr.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1002.skunkworks.acme.xyz.csr.pem
@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEozCCAosCAQAwXjELMAkGA1UEBhMCT08xDTALBgNVBAoMBEFDTUUxFjAUBgNV
+BAsMDUFDTUUgU3RhbmRhcmQxKDAmBgNVBAMMH2NsaWVudF8xMDAyLnNrdW5rd29y
+a3MuYWNtZS54eXowggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1Ykhp
+fl0UPij3eQtYJlc4rx/fDzNu+E/EbrmulQbKaSXmbCQCuaxKMmFD5+MmlYZYGkkg
+8zOGuGKoCEuEbM4W08GO+08Jhc89Pu55iv+6QArCJxvNvohOvCveO85CTF06iBBK
+d89nK3rOwiCVYVyIDRH9RijPJnxOtc7O4fVL1srzzN993r2v3+RtyvnyDFTjgdB9
+0osUVEcfoteLMdQ+Lt7Sf4lp3gIBOGdZy7z1TikFzTC2Cg1TBkXJSXAqb3A1h+fB
+KNZQfkA4hRPH0TJPv7Gz1tDvOqqKrxLjdNTZOMvY2nkbVeaHlReEdQoidokz33B+
+hAoDidqQc14+9p5TU6IHa8L/iB2ExWv3fc2VZb769KPkOPZPheJWJsU5fb431FLj
+CslMWYTLsEz5+Ixgs60e7KBWop/CyFWXtGuleVD4jr9clT6m7H+FdbFLEaUjsQdb
+xT3Qro3EWejlujNthYMoBAskDPLqWWc+nnV9W5vfJUenZ7W1KMnXm7pTtoaFmGTZ
+YX3oA1ahwVtURQDVtptQqxTaozH8ktM1bliFImUUOWufaMQGjvncHk2g2dLDf7ZU
+NxSCH+gF7QYzGFRXMIQG3DHXUmHPKOXpdef7BUo3fzFloJfQhjprm2EnqUUyIRXU
+G11K37bUBlEd3QxDO9z3PsrDYDb2gDAzD8DFeQIDAQABoAAwDQYJKoZIhvcNAQEL
+BQADggIBAMulboj68B61IiTW7TqmtGd75fnSmfMabl6BdPtQXrVA7Xq35cwRirwW
+Y/wHmKwGjUsLNnD1QInW/w1Ji/d8Uvu2W0uWhfMUsqscHeIQ1T+tjqNzHgrN2MBQ
+LPghlajSi0ltbk0v0H/fdpEjFiJN1D5evuWiv9FNSnK8NF44aJN4rzlnXRk3cZED
+k9Z/jnvu/oxl7Uy6i/O9Qk6C9ZYVPh1lcY5OylGQSjgk0jH1v1HBPtpQqTGR0+WU
+ysEtg7SneH3FAPyO/LG6eaXck06g2DLzDXOpshTYFYym6xN2s/1qDczsIuUSQeXw
+DrDPqQNUejU0HAjIuvMJJbxYzkCI33KcizJQLsnZGOxInrQMJdXaCnqJgFyEjtxc
+CmakF3x/QJxzVjT92T1chK9Qv8JfzyNSqfpv36vik090YRkuT4/LxkRzxnGba0Lx
+Ph9EvPo4mhGttwiOAV5a6uUf6CuM5K/wSGwUgNuEfB/3JEngumybxBbgYAt2VM3o
+yT7kYwwBxVK3+ZwiWuKVMNzqc4E6SBQgxN5r6Y3qtvMB/8Z+/jNs95nxKL8H5URO
+lyC0Es2FB8VBiTQLmGh/fmc5cA6p1sBwdqSIHkJf3DDOD0F+T48cKB3MJJCRSY0E
+t4qPwYY8VDs3bSNQIeWrIP8S1oEKq0YIb4brFgmLt5zknc+x/IfC
+-----END CERTIFICATE REQUEST-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1002.skunkworks.acme.xyz.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/data/client_1002.skunkworks.acme.xyz.keys.pem
@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEA9WJIaX5dFD4o93kLWCZXOK8f3w8zbvhPxG65rpUGymkl5mwk
+ArmsSjJhQ+fjJpWGWBpJIPMzhrhiqAhLhGzOFtPBjvtPCYXPPT7ueYr/ukAKwicb
+zb6ITrwr3jvOQkxdOogQSnfPZyt6zsIglWFciA0R/UYozyZ8TrXOzuH1S9bK88zf
+fd69r9/kbcr58gxU44HQfdKLFFRHH6LXizHUPi7e0n+Jad4CAThnWcu89U4pBc0w
+tgoNUwZFyUlwKm9wNYfnwSjWUH5AOIUTx9EyT7+xs9bQ7zqqiq8S43TU2TjL2Np5
+G1Xmh5UXhHUKInaJM99wfoQKA4nakHNePvaeU1OiB2vC/4gdhMVr933NlWW++vSj
+5Dj2T4XiVibFOX2+N9RS4wrJTFmEy7BM+fiMYLOtHuygVqKfwshVl7RrpXlQ+I6/
+XJU+pux/hXWxSxGlI7EHW8U90K6NxFno5bozbYWDKAQLJAzy6llnPp51fVub3yVH
+p2e1tSjJ15u6U7aGhZhk2WF96ANWocFbVEUA1babUKsU2qMx/JLTNW5YhSJlFDlr
+n2jEBo753B5NoNnSw3+2VDcUgh/oBe0GMxhUVzCEBtwx11Jhzyjl6XXn+wVKN38x
+ZaCX0IY6a5thJ6lFMiEV1BtdSt+21AZRHd0MQzvc9z7Kw2A29oAwMw/AxXkCAwEA
+AQKCAgA3v1lmJiAtXiXeezB5mVRNe3PJMGHl/yHYJbOnlxHQ4GyM2dqgh+A9hw6T
+59WySVwZHfepNbdqDu/S7veBIVr80qTxv+Rn7G91oZt6H3sTrEMFcu8dIgFDqfpp
+ZbrpUwIHLyxMTsXe0YD4AiB274SfICELImpZDYxGMYXHeIxK64R2OQA5T2ZW043I
+58k7FVQfz7k3LKMOPkteQ5emdu6aJfnXZsQoOhjIgDDytJe8P0KQn9pGMShvyUgH
+f9isu16JutOLDaUK6nPao1koFz3P4mQT0GTtRK3EDhxDcqJ8qyucm53R+QUDnnqW
+TCS+SaHIGCYth//iZ+ow0RUDRvIW2E0smrMCrgdbADH9SEb/VJAbpe+8Mn6+bqh5
+/CXnc5HVi7uHDSoQqqBB5toe5mVVUVJVy87XaFTwrWpFdSIH+OFxdhYqC+Bl2GDH
+3x5RtbkSCLfHUXFSumTbCt2XTgvHLMn7vQaCgPS62akUJuYktWYhCpx1ydjxiVHg
+b0AiXJXHuQGN3Fo9jZVxpsuaJtgyCzbcJyecy+lvocQxFKBgmFVRHQvUlO3jbYsr
+Ly0okR0qlB8bOGWUF88FWI0DeLXK3M5tJ30IhovAnxNAeA84SDOyhWLUyw8vIaoU
+Ai+6XjNSYwTiZMTLMDZRrt9cXzF57rZT6wORiHn3RgBtaZ5mAQKCAQEA/1jMnXKK
+pmqJhSdL5SMB/Nj9sCB7cu9tRwjMoH0iLDTqCVSUwt3OHl7qB66OOBMLDdpOKak7
+mW9QKetXGj8IX6EmaWKvV/7dOqZ4hvquKzAfiGHxAIC3MIN63Osq0KqsmLUgh+Fi
+vXNa08H1X/EpGrFwTX/sr9jEx5C/QuFO70PPYlwwtHYcMWbDfMn8xqRGVSJOowv+
+eZq4QTL6+2ixssRfGql9Zb0nYnI+WhdF6785vnvz3lUeiTMmlOwGXpu1EzCP0e7E
+QUMlRiUG6vBPE7L9cVWVICaFoWw4I+UP5+xw2FdbrlM/7xm6LTi9aX4g2Knmc8BZ
+qdOGWEM+snpbQQKCAQEA9gL1uRYg2rfCxty9/T7ueemusNQL3vWE6PwnmDMWR1pG
+zW8D+WSyIKdKeIbwNGz1upmF+5uy+bVxQR8vm5NlomNsKOkQCOLXqPcMsYi+FW9C
+re++5PvAT/whBMKu7zCHJM14T62fjQf/YP1ODxLoXqWUviKtoNy53t5z/QXDjK20
+QTAanxoF+Q2cETSHrjBkD/DcPSr006JzZGv+8apKO9L1JNz2NLWJ2bJL1OJvqUDz
+1hKMpY5lKfQBez2KzE2kmO2TGhyPVZ2RpTOTety0q8RDKlwuWRGjvL11tdWYPxu0
+4alzzoaCl5eVYgbVtEr5CG2rNKeJ4agqm3B7E+l0OQKCAQBRYGVlUBmry4wkKU/g
+qHV7tVO0C8YL7Q3wc3dzNi3r1Lk5XAFE0RddSnZfGFwutrLxKT97u3lI/taXZW8O
+6EOs5litgUvMSWcLx/3lVoKnNOD3v+7kcCDxjxVazn+InLwAtsi1RTkIk3jAv7GJ
+b/vfi+j0ae5uZDDiQNkTYWacjgnLmQHUoUd+3vcyD9VFIRlhDFvvTmU9L/fEn5Cp
+CsaG6Fo+zwEtqUih8TK512zrIrguYqZnlszygKCtGUM2Z30frnxHNUbKXbHFVwuL
+WCZ7arGmqtWpt10jArApkFivWwTjjYOkXNelRZe1zb1fn1isdAkDnqt0mfrYqiWT
+D7eBAoIBAA9wdh1sjxlK6RVz6xSGq47JJKaCWFBg1juM/6skoaROvRzNd9FiCW/V
+L+5Kga64m99fHTKCPgQ/5+CvZVx9Lqa3WKVkoxX7ro8zGf/WVh+gQO4Lms5iIlqi
+tyvGUBZA1Gpx3rgZbGb8doGOxCRcCmtONvyLzpvG3n9nNJ5Pi0s755EjxLfxeSh9
+Oys1QcKj1NPPSPMpy/2wN0+5G2HtTwVcIvhySZ1bO1CHSQ0OPPXBVsw7k8ocGqs8
+Xg9u+FQEF21lk5LS8gfsgKR+jSXrzgbtpU12RY5fdgg1V7rWsdxcD8kNym/Or0l2
+QPDK/wR2pBRsVY9TaGraE/p3X7ILN7kCggEBAPCFDtMjVNE08Pilxy1nU76Ys2GI
+LLvpYklHDrfbOKGXXxmr3Gmo1SXjlAvQ+w2YpiAdJn3SdHEmzYqgsacnfa+CiXvm
+R6AuiILnP7wz4We/j5KAhVDNtI3LFwi1b5op8EUKZu7zBbUYLj37S4PZd2LlFFB6
+8tmHG21yFsJZfuGuDdy2l0kVOHVT3IcbyV9NZFoYYE3QCTlj9O5MYgpJMrmqGEpA
+ki74I00kx3cOh9a92Eh//H4HuM+vuscVInw/hxO+z9b09dHq+4AWoa3hllm6b8lT
+6ALcdG1m/ADdm1sANtjTPBJPqKqSv6kWCsFI8SsUwtAAmnjeDv0i6Mluppo=
+-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/distro/client_1001.skunkworks.acme.xyz.p12
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/distro/client_1001.skunkworks.acme.xyz.p12
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/distro/client_1002.skunkworks.acme.xyz.p12
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/distro/client_1002.skunkworks.acme.xyz.p12
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/docs/client_1001.skunkworks.acme.xyz.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/docs/client_1001.skunkworks.acme.xyz.info.txt
@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1001 (0x3e9)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=OO, O=ACME, OU=ACME Intermediate, CN=1001.skunkworks.acme.xyz
+        Validity
+            Not Before: Aug 25 18:06:14 2018 GMT
+            Not After : Aug 25 18:06:14 2019 GMT
+        Subject: C=OO, O=ACME, OU=ACME Standard, CN=client_1001.skunkworks.acme.xyz
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d9:ac:64:d3:e8:8d:98:5c:5a:ee:e1:0e:de:2d:
+                    e2:cb:a9:1d:90:69:cf:ad:b7:80:18:5f:d3:03:d9:
+                    fa:48:dd:da:b7:b2:21:aa:5b:3a:bf:5d:ee:83:e5:
+                    a6:df:be:f1:a6:d3:d8:51:ed:93:36:8d:8f:2f:d6:
+                    61:f3:87:74:4a:e7:73:32:e4:28:d7:10:cf:bc:84:
+                    f3:2e:53:de:55:fe:66:47:87:8d:8c:a2:06:ad:a4:
+                    e4:59:04:1d:1e:4a:6b:fd:45:cb:30:5f:c2:f9:7c:
+                    15:95:46:8f:58:76:17:ce:f2:5d:7d:2f:0b:ca:ff:
+                    ef:73:f3:c0:cd:0c:af:0c:aa:d9:f9:63:96:c6:4d:
+                    82:3c:3e:66:e5:a4:e4:92:f4:aa:26:23:09:15:67:
+                    43:05:ee:cd:33:47:b3:9c:59:44:17:33:e9:fa:34:
+                    7a:0e:e9:b2:02:53:e3:6b:ca:c4:91:ca:e0:cb:eb:
+                    b6:6f:68:ec:dd:0b:64:f1:ff:92:e7:4e:5c:c9:4b:
+                    4d:0d:ce:cc:01:c5:b6:1f:b2:fc:65:f7:4f:9c:a3:
+                    58:0a:4f:98:75:9b:ad:13:c9:6d:56:35:79:27:53:
+                    4c:df:6b:3c:3c:95:0d:77:51:4a:50:d4:19:6e:7f:
+                    cb:d2:ee:0a:e5:3f:97:60:a0:99:07:93:ef:05:50:
+                    74:42:89:54:1f:66:de:b1:9f:a8:75:9a:05:b0:4f:
+                    bf:e8:04:15:f8:c8:5f:dd:52:89:dd:18:e3:82:3e:
+                    4f:77:86:b1:6e:fa:df:7d:aa:21:a6:f4:49:24:10:
+                    26:5e:cc:14:72:a0:5a:1a:a9:ce:2b:7f:bb:c4:05:
+                    f0:f9:25:66:76:52:77:9c:a1:9a:02:9c:d7:72:52:
+                    da:ec:24:60:d7:b7:98:a8:df:39:4f:ee:6f:44:6b:
+                    65:ac:d5:17:46:f1:23:70:a9:9e:36:f9:83:24:98:
+                    c3:4b:38:aa:1a:f1:b0:1b:52:b8:76:68:87:a5:68:
+                    37:c6:f1:af:fb:b6:6d:77:08:98:d9:43:6d:23:92:
+                    33:c1:09:eb:bf:d4:00:55:76:46:77:e3:43:db:00:
+                    ba:76:e5:ac:37:16:0c:98:4b:68:b1:03:50:94:c0:
+                    c2:fc:f7:03:7f:be:fc:e8:b0:b2:97:72:40:94:79:
+                    5e:98:4c:1b:2b:10:cf:e1:a1:0c:9d:21:df:61:fa:
+                    36:64:0e:82:05:3c:41:a3:c9:53:f6:8d:0d:ad:59:
+                    c5:27:0d:d0:54:91:5f:89:dd:92:fc:35:f0:94:98:
+                    f7:0d:93:08:92:37:9d:16:3c:f3:fb:4d:c5:ef:9b:
+                    10:87:e2:86:9e:fc:b4:32:66:c5:ce:c8:58:d3:00:
+                    1f:2d:ed
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha256WithRSAEncryption
+         3e:1e:80:5c:c2:ba:6a:26:46:8b:12:93:85:ad:ad:2e:b6:38:
+         19:19:a6:3f:59:47:b4:29:39:6b:97:2f:89:c3:53:ff:a7:02:
+         47:7a:30:dc:13:0e:3f:3c:2a:62:d7:73:cb:db:e7:71:27:13:
+         cd:c9:60:cc:d8:6d:1c:10:f4:b1:58:05:5e:59:ce:94:b2:fb:
+         bb:aa:0d:02:f7:28:a1:f8:1d:36:7a:d8:6b:36:fe:ed:2d:cd:
+         e3:a1:ad:80:57:59:f7:83:31:b0:af:9c:5a:0d:81:aa:94:4e:
+         82:dd:15:51:8c:4b:96:43:24:88:ac:af:30:63:08:26:fd:33:
+         cb:18:f4:cf:e5:67:83:66:f4:39:3f:a2:46:41:d3:3d:37:d0:
+         10:23:86:80:f6:2f:07:42:aa:3b:3a:d7:d9:ff:a7:64:d9:ab:
+         ef:d2:54:6e:70:13:6f:84:1a:a1:84:91:01:e7:b4:66:d0:de:
+         62:a3:d9:e5:2b:3a:79:cd:d4:0f:00:33:bb:06:11:f9:03:43:
+         2a:48:f8:39:67:9d:9e:2c:2c:eb:52:0d:a0:8b:ae:04:16:1e:
+         db:a8:ea:15:cf:1c:bf:14:26:a3:03:9a:9a:9a:11:18:c5:33:
+         da:cd:96:a4:d8:ec:01:db:17:92:e1:be:99:04:a2:8c:bc:5f:
+         6d:5f:b4:9d:cc:3a:f9:4b:c3:d6:df:56:4e:4d:28:c9:ef:d3:
+         f6:f3:83:18:20:ef:cc:4e:ae:1c:fe:90:47:fe:1a:88:59:21:
+         1b:49:37:05:2c:ae:9f:b1:38:5d:f0:fa:a6:78:58:68:c0:0e:
+         17:21:51:61:08:90:49:20:aa:32:08:88:9f:06:8e:2d:2d:82:
+         be:2a:54:1b:d6:f2:7e:e4:6e:9d:9c:b1:06:88:cb:8a:a8:4d:
+         d2:d0:de:48:09:b0:d6:0f:42:6c:b8:17:81:ce:c6:0c:3d:bb:
+         f1:5d:fe:c3:9e:0c:8b:b5:e6:42:86:49:28:9b:c6:07:c8:db:
+         77:97:37:64:91:73:92:81:33:ad:43:63:ef:37:dc:a4:c3:ef:
+         a9:9e:f8:38:51:5b:de:61:04:e8:16:f8:cb:40:87:86:d1:50:
+         f5:7a:1e:4a:28:89:a7:06:7e:5a:13:f1:6e:27:1b:76:42:0a:
+         c1:c9:7e:08:72:9b:7c:12:33:6f:e7:66:4b:40:bf:a4:69:2a:
+         e9:df:12:35:31:29:6e:bd:56:ac:f0:b6:7c:13:5c:bb:11:3a:
+         df:95:f1:d9:97:30:4e:67:41:fb:df:ee:af:66:1b:77:06:68:
+         c0:87:ad:b0:7c:7b:ec:83:85:2d:7d:73:84:e7:45:cc:98:63:
+         38:aa:09:00:74:02:47:a8
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/docs/client_1002.skunkworks.acme.xyz.info.txt
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/docs/client_1002.skunkworks.acme.xyz.info.txt
@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1002 (0x3ea)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=OO, O=ACME, OU=ACME Intermediate, CN=1001.skunkworks.acme.xyz
+        Validity
+            Not Before: Aug 25 18:06:15 2018 GMT
+            Not After : Aug 25 18:06:15 2019 GMT
+        Subject: C=OO, O=ACME, OU=ACME Standard, CN=client_1002.skunkworks.acme.xyz
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:f5:62:48:69:7e:5d:14:3e:28:f7:79:0b:58:26:
+                    57:38:af:1f:df:0f:33:6e:f8:4f:c4:6e:b9:ae:95:
+                    06:ca:69:25:e6:6c:24:02:b9:ac:4a:32:61:43:e7:
+                    e3:26:95:86:58:1a:49:20:f3:33:86:b8:62:a8:08:
+                    4b:84:6c:ce:16:d3:c1:8e:fb:4f:09:85:cf:3d:3e:
+                    ee:79:8a:ff:ba:40:0a:c2:27:1b:cd:be:88:4e:bc:
+                    2b:de:3b:ce:42:4c:5d:3a:88:10:4a:77:cf:67:2b:
+                    7a:ce:c2:20:95:61:5c:88:0d:11:fd:46:28:cf:26:
+                    7c:4e:b5:ce:ce:e1:f5:4b:d6:ca:f3:cc:df:7d:de:
+                    bd:af:df:e4:6d:ca:f9:f2:0c:54:e3:81:d0:7d:d2:
+                    8b:14:54:47:1f:a2:d7:8b:31:d4:3e:2e:de:d2:7f:
+                    89:69:de:02:01:38:67:59:cb:bc:f5:4e:29:05:cd:
+                    30:b6:0a:0d:53:06:45:c9:49:70:2a:6f:70:35:87:
+                    e7:c1:28:d6:50:7e:40:38:85:13:c7:d1:32:4f:bf:
+                    b1:b3:d6:d0:ef:3a:aa:8a:af:12:e3:74:d4:d9:38:
+                    cb:d8:da:79:1b:55:e6:87:95:17:84:75:0a:22:76:
+                    89:33:df:70:7e:84:0a:03:89:da:90:73:5e:3e:f6:
+                    9e:53:53:a2:07:6b:c2:ff:88:1d:84:c5:6b:f7:7d:
+                    cd:95:65:be:fa:f4:a3:e4:38:f6:4f:85:e2:56:26:
+                    c5:39:7d:be:37:d4:52:e3:0a:c9:4c:59:84:cb:b0:
+                    4c:f9:f8:8c:60:b3:ad:1e:ec:a0:56:a2:9f:c2:c8:
+                    55:97:b4:6b:a5:79:50:f8:8e:bf:5c:95:3e:a6:ec:
+                    7f:85:75:b1:4b:11:a5:23:b1:07:5b:c5:3d:d0:ae:
+                    8d:c4:59:e8:e5:ba:33:6d:85:83:28:04:0b:24:0c:
+                    f2:ea:59:67:3e:9e:75:7d:5b:9b:df:25:47:a7:67:
+                    b5:b5:28:c9:d7:9b:ba:53:b6:86:85:98:64:d9:61:
+                    7d:e8:03:56:a1:c1:5b:54:45:00:d5:b6:9b:50:ab:
+                    14:da:a3:31:fc:92:d3:35:6e:58:85:22:65:14:39:
+                    6b:9f:68:c4:06:8e:f9:dc:1e:4d:a0:d9:d2:c3:7f:
+                    b6:54:37:14:82:1f:e8:05:ed:06:33:18:54:57:30:
+                    84:06:dc:31:d7:52:61:cf:28:e5:e9:75:e7:fb:05:
+                    4a:37:7f:31:65:a0:97:d0:86:3a:6b:9b:61:27:a9:
+                    45:32:21:15:d4:1b:5d:4a:df:b6:d4:06:51:1d:dd:
+                    0c:43:3b:dc:f7:3e:ca:c3:60:36:f6:80:30:33:0f:
+                    c0:c5:79
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha256WithRSAEncryption
+         02:ea:74:86:ea:8b:2f:33:c0:a4:70:d7:55:03:d4:20:49:43:
+         40:6b:6a:99:6b:ec:dd:10:a5:08:9c:e4:96:9a:ba:17:5f:e5:
+         1e:58:83:0d:a7:d1:12:7f:67:ff:f9:8f:ee:e3:b5:af:da:54:
+         fb:15:6d:13:65:88:51:42:92:77:0f:35:d7:a8:0d:09:c8:07:
+         62:50:89:92:fa:38:77:37:65:f5:5c:15:ad:d7:ea:2f:93:be:
+         f4:fe:93:79:4d:7b:4e:87:1e:ba:a1:18:f1:ac:e1:4c:a9:83:
+         29:6a:cc:3a:49:d2:82:6d:23:17:27:43:1c:a4:2d:0b:8d:d3:
+         5f:9a:e3:c0:72:21:cd:ef:57:c2:5c:0c:f5:0b:01:8d:85:33:
+         a2:3b:da:74:32:61:54:40:c9:d6:88:ae:93:c5:e3:f8:b6:40:
+         55:38:c9:21:6f:23:aa:d1:7a:a9:b3:26:89:4d:3f:15:d5:79:
+         ed:4e:70:9e:18:aa:97:6a:79:db:04:29:01:d5:64:af:c1:2b:
+         ad:2f:78:8e:f6:66:35:d1:b2:34:0d:a8:6d:11:2f:c0:ae:d8:
+         e8:0b:30:30:02:8f:51:4b:b2:e5:6e:d0:60:8f:dc:fa:f6:f1:
+         b6:af:7e:4e:5e:aa:a8:7d:6a:d3:54:7a:f0:09:2f:1c:fb:49:
+         93:fc:3b:c4:55:3b:ee:c8:ac:38:51:48:6f:d4:08:88:1f:b3:
+         d8:83:b1:05:c3:9e:97:05:70:19:44:28:92:4f:ad:04:97:93:
+         94:e3:47:54:75:d9:13:10:69:a9:ab:46:0e:e2:b0:e0:bc:40:
+         8d:5d:8c:f4:00:4f:96:6a:86:5d:6b:52:5a:52:98:5a:de:c9:
+         78:76:d2:3b:43:c1:07:af:c0:53:57:4e:b2:bb:9d:4e:66:fa:
+         e4:f6:5c:3c:20:13:b6:b3:96:e9:1c:b1:ad:f3:e5:06:1e:69:
+         dd:df:77:b0:4f:0b:75:25:19:bc:41:55:fc:7e:18:6a:76:60:
+         fc:07:60:7f:ea:f5:27:10:ee:03:f8:f2:ab:08:f0:85:6d:13:
+         6b:0d:b9:9c:42:06:e3:25:72:6f:f0:df:c7:0a:fc:ad:0a:45:
+         f9:51:71:48:3f:df:b7:fa:de:53:38:91:48:a4:d2:5a:e4:05:
+         b9:8b:bf:e4:e7:3b:78:5d:e3:61:d3:3d:93:09:06:76:61:23:
+         15:72:18:56:9d:47:ad:f2:cd:e4:de:07:03:c3:9a:67:08:5b:
+         e9:ff:40:29:53:3e:a1:65:79:28:d2:3d:ac:51:ed:23:8e:d2:
+         ad:90:a8:35:a3:77:4d:fd:ec:4a:94:14:b5:1f:82:29:cf:a2:
+         ed:b8:57:2d:a1:d3:8b:d5
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/gen_client.sh
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/clients/gen_client.sh
@ -0,0 +1,56 @@
+#!/bin/bash
+#
+# Create Client Certificates
+# 
+# 
+# This function will generate a Client cert
+# IN: UNIQ_ID, SERIAL
+#
+
+# source this file to include the functions
+. cfg/pki_funcs.sh
+
+PARAM1=$1
+PARAM2=$2
+PARAM3=$3
+
+
+usage() {
+  echo
+  echo "Generate a new Client certificate"
+  echo
+  echo
+  echo "Generate a new certificate"
+  echo "  usage:   gen_client.sh  <Org URL> <Serial #>"
+  echo
+  echo "  example: gen_client.sh  skunkworks.acme.xyz \\"
+  echo "                          10052 \\"
+  echo
+  exit 1
+}
+
+
+main() {
+  if [[ ! -f cfg/ca-i.crt.pem ]] || [[ ! -f cfg/ca-i.keys.pem ]]; then
+    echo_block "ERROR: file cfg/ca-i.crt.pem cfg/ca-i.keys.pem is missing"
+    usage
+  fi
+  if [[ ! -f cfg/SERIAL ]]; then
+    echo_block "ERROR: file cfg/SERIAL is missing"
+    usage
+  fi
+
+  if [[ -n $PARAM1 ]] && [[ -n $PARAM2 ]]; then
+    UNIQ_ID="${PARAM2}.${PARAM1}"
+    if [[ -f "distro/client_${UNIQ_ID}.p12" ]]; then
+      echo_block "ERROR: certifate  <<distro/client_${UNIQ_ID}.p12>>  already exists"
+      usage
+    fi
+
+    gen_client $PARAM1 $PARAM2
+  else
+    usage
+  fi
+}
+
+main
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/README
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/README
@ -0,0 +1,21 @@
+
+      ============================
+        SERVER GENERATION
+          Version 3.1
+      ============================
+
+
+-------------
+  INTRO
+-------------
+
+This application will generate new server certificates to be used with a VPN service.
+
+
+-------------
+  USAGE
+-------------
+
+./ gen_server.sh  
+
+
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/SERIAL
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/SERIAL
@ -0,0 +1 @@
+1001
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/ca-i.crt.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/ca-i.crt.pem
@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFgDCCA2igAwIBAgICA+kwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCT08x
+DTALBgNVBAoMBEFDTUUxJTAjBgNVBAMMHHJvb3QuMTAxLnNrdW5rd29ya3MuYWNt
+ZS54eXowHhcNMTgwODI1MTgwNjEzWhcNMjAwOTEzMTgwNjEzWjBbMQswCQYDVQQG
+EwJPTzENMAsGA1UECgwEQUNNRTEaMBgGA1UECwwRQUNNRSBJbnRlcm1lZGlhdGUx
+ITAfBgNVBAMMGDEwMDEuc2t1bmt3b3Jrcy5hY21lLnh5ejCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMB/26XCkATLPCrMuieRUyuD06O30YFrxVin1K46
+/Vpfzy35jmXHwOf9SkPqZDlT+rVo1cB62mysEDuJTVgzwp7ReO0VtTiYpyXF2bkx
+kEfugV8mrjTSUmqPz1lEy/2fQtODebkwJiyrutxZ//ZMpcd69s3i6HaNsSCQqtVC
+hicoD/rVcL3hv/fo9cyyoGM9TZR8m2zbgg0+eXGyWXlI585ST3C+kp0gsYEgUrWU
+7LxsbF2ntbz0wyoOciq0106KI+J8lfyTSuBRQQXQIcq4M5/24YzLz1WLzt8dCFFQ
+Oma7tvCNy+z8hTQkBk7Jir4ByDB4HeYEXv/IGtTnyekP+AE+x+KQ22AkFyn7URcr
+2Mkz04ahAPu2/YzKMTxWf+3RDGcpW2C/KoS2u0+YddoLKFEYar9g1RYXnGS/qUE7
+z9xrLGhupd8jI+0FPkZoTb89vBQIux0fqjN3zG+xJ8hcVaBDcGp3e8RL6grOXW+d
+39q5fbha4lV2/PERPt45lvFPDaNcdtB0h3YqKJ5tBi5QpDAMn0V+59Ux9EaqQL/R
+tUn6LO8SB34r/Vignb/RAXHjROiptHGBkiQQJsBsNpH2zRkBWe/WS+HebCq61bOy
+zmcnkE62saKqUv5WT2dVnYA00RcPINCE3TtFiN7olUnfumQsumRYbSuVRq+ORk84
+27uTAgMBAAGjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MB0GA1UdDgQWBBQLAZvP+qDe9PEdskSjByyu7knZDTAfBgNVHSMEGDAWgBSIwfOW
+bfceun2kjB+5NuVdybL0CTANBgkqhkiG9w0BAQsFAAOCAgEAMz+Z6RvWJJIDkrGe
+xqMrncJ1pyl7U6h2TocMAy/zPHdrRJYjyVGaUSXCqQxZlJOkZWWQ+tn1MuMp8u/+
+13br3UaJbtknTBjt998+MltzBCDvyGaIy6R8PFT5F8cHv674wrkaQf8sPvcBmq7O
+Ma+RCGTvDOR6EiXgjYu/laLWOvw2Qi38A6RqEUQ8hrGcG6kS1bwHOQC3/TrYXEMk
+1KLR9fU5f2/zdjraE0x4KhIgGoYl1akqJ7qLQVB8px4AiHtnSuKnnlAPXkaA26Zp
+pCobhaPTFtSdZnHsxCeZTVKPyuiRpoPGcO74xLw8QukBJT2Dnt4uZbGrkJFjb1Wf
+AoqXpFThhop7jPeozaQPtPmQK8NUre7n0X6rPCf0JCDHoWKuDuQRvQswpWuxuIEZ
+WEpax2xuMCjiBKqSAV+xG41s7pIFCcd+YD9X3sLFtmBDX6X1pke4OR7Ir0YsTR+r
+QBR3POZN08nFPwOhs/jObTnyMdStuHRX1xKMc6ShcZJ0m2MW9IWYmtFJ6eAr63MQ
+uYafsC6QyhO/nK2sJGV9DfV4CAwC8F+vG9l+aElER2Y4jZE/Gg2A6f9fwoQVkmqJ
+mN1tn1UnxZjn+S7736nP3OP86swnVe59hvbGPCS0q3Ytv9v7BVz6XylbnoNX0qEm
+ekoRJi5yAXKCkT5ECdqgxfSOaqg=
+-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/ca-i.keys.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/ca-i.keys.pem
@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAwH/bpcKQBMs8Ksy6J5FTK4PTo7fRgWvFWKfUrjr9Wl/PLfmO
+ZcfA5/1KQ+pkOVP6tWjVwHrabKwQO4lNWDPCntF47RW1OJinJcXZuTGQR+6BXyau
+NNJSao/PWUTL/Z9C04N5uTAmLKu63Fn/9kylx3r2zeLodo2xIJCq1UKGJygP+tVw
+veG/9+j1zLKgYz1NlHybbNuCDT55cbJZeUjnzlJPcL6SnSCxgSBStZTsvGxsXae1
+vPTDKg5yKrTXTooj4nyV/JNK4FFBBdAhyrgzn/bhjMvPVYvO3x0IUVA6Zru28I3L
+7PyFNCQGTsmKvgHIMHgd5gRe/8ga1OfJ6Q/4AT7H4pDbYCQXKftRFyvYyTPThqEA
+7b9jMoxPFZ/7dEMZylbYL8qhLa7T5h12gsoURhqv2DVFhecZL+pQTvP3GssaG6l
+3yMj7QU+RmhNvz28FAi7HR+qM3fMb7EnyFxVoENwand7xEvqCs5db53f2rl9uFri
+VXb88RE+3jmW8U8No1x20HSHdioonm0GLlCkMAyfRX7n1TH0RqpAv9G1Sfos7xIH
+fiv9WKCdv9EBceNE6Km0cYGSJBAmwGw2kfbNGQFZ79ZL4d5sKrrVs7LOZyeQTrax
+oqpS/lZPZ1WdgDTRFw8g0ITdO0WI3uiVSd+6ZCy6ZFhtK5VGr45GTzjbu5MCAwEA
+AQKCAgAyXAChX8H/jw+hfsegfFNOygD/DqK/gesx404ven03PGNd+rB3Dgf4aPoZ
+xGMN4FtxRAjPfxRPY8AnYycZ0Qi0Nca193zeXokzx4vK+B1vxASSWPMwHGm1OQQc
+rXPUWOrJnNamTONfwllzNhRRYgHoqtGQUTFReoYBJ/eZLPsdmUx86YPCGSH4gDh1
+obF15N673tFmbBKc1mA9D1R690i1YDEqJKEEfD4TstoQaPJ55L+AzNQtp7a69OaH
+J6JACMGUidVPK1VmU7t4AtgkSYYv7g1ZoSQPlDC9i8HWS+/LWoZkbiQQToumdVo1
+GGK0jJDLpVDlEPWtYrMqSa03zJargAjzrPvCLXF8HotWY+cNesy5oLHH4qJw+jCJ
+45uKmVNPzk6AWP6mgvD8OtqDEg7GJGCRy56FNpjnrbgwE9YrHdrNE7LCsemIeLT0
+329moDj0xydjFXbtuQ8iaGkQANXmsxr9+f5up5Sr52cK08I4s0dp8KsLaKFtrxxm
+tWYacEm++cagjpj+CXkAbftLO7Y7Rd+a1PmcpWhHNpMf+IsUgDWpKvJtODDTZOW
+ES4tk9kakhFZKj6CoAshwb+4yPhIAt9vAFY6XsYdirISNv+K0XxEM0lTo77wnI3n
+e2iHjq7XZFHLM2r00vSBYr14wd/b2KenCbHCda8k5JszIzVo2QKCAQEA9HqNocfZ
+J+/saOFDpHD1iFoElLUUC5KAmdSJbGjOHk0Fs89KZXMBwBkUz/Phyrqd8X3hZmvc
+SzlM9q/kiNzHSNBu6Lv41NaQQ6Gjc8NaFau94csbWvM9SRWADx7W8THTKbVtNd28
+26wftI0aarRfU3HkgYC9fKnCB45oXaDPNBQdjBpbmfAgW33EpvRqiTdhNbj6zCWh
+PNGv8ekMvbeFsCbazJ8+WRxE8o7bQKoiCClubV3+G518mwrBhLcIczvkNRIt/0BN
+sCYjnVrI/1GPoiUj4iayzwTlDbrUhBfl8hk4hgO0aecwxciatKHIIJ0/yT0ajbT8
+wJ8xMMiyNFVr5QKCAQEAyZI3BvH5T+yBtDCm+EflzH//LrFH7TOJyHJCPUgzUfaQ
+wLj5+Sey9ZDvuaPKZ0/34Rwq24NbvGD38RyiHXO3xHTd0VmQ8pMlclHC8pDI7ya7
+1XBp+jLzIvsIEU/n9+pG9MPEi/weEwjnh/bK96MqcpoTi6nFbx8NpJ3t2E9BZYEP
+PggOwzHuwdflh9YGiikvehB7ARWVaHMeYVStmHQFW5xTK3b+92jUwO7mZ2UzqjYn
+XQ3Cy4JqWYE0RWjz65Ba/YhWcQAKit8KbsmqrIiBj2+2DtPJ5liAKzt6FldBfWhq
+9rFmvpuNfn3ruvax2b4MPJ2HpdOrYeHK2Q/mmAZCFwKCAQEAqHEv2EF7ixqxRem+
+0zPI1/M9qL/CWd7MoDBhpsHnEdV7klHGLnO4xwQA5O5hqW4+mD5k6E50b5fBQU4b
+JXkIDVEeuVeZr/tNVmut1HrKPJghscpgxJ9GoG4h10kmSvRLSzdnUW+/SZMkHSAD
+DXXNIA8eo2NyKsxDlTU3DxtW58jcOsWGS1+4y5Cxx14rcPMpFPyoP7PFjcPjd8dc
+MfKaN63tnoIxUPA7SOvIgJs362uwW8Yg6CHv0lrszmXVep/PMgmei3lgjXcZnrcI
+OXGWht8UBCMpm50BvB33gjN9CPr7iMpQqY7SedMnVEELQ/1UD3D8NJp4cra8C6Kb
+tZcNSQKCAQAZF2heJvTf7BLhOUUvltOWN0CusUbA0i+OkhqIwloRE95E/0GusDBo
+vRf6RddGMQAsN3NmS925f2Cd1PChNexkOh/6lWmjqIl6x4663ycEDhBHq2ylxn3Z
+luIUNZwski8u/MeUnVepCuy3UhNF7Du2dFOGiSWYhYcPPNGEoakEV6JsGFiuF6Me
+4h8iX5QE0sekLDUDl4o3rEzV1NKfLaIVG0qHGJL4fUYulg58RG6/+2m+/Z2H874F
+Uj4NfdkPM7L/6F7KRjUJwGXuEJB8Vam7Dy7cfaSeVdnuh8LU0RvH3p2iA8dEZtyg
+KFCVv2u4LR4c1YczLzwgPRkhGAeeWPkVAoIBAQCSeqwSv5oA0XqfShS9DWtYXocI
+ArsIHBsqYpwUgMAqO+A5JVd0WKx7/WNFADshCLrMOUaOBE/hr1jboL6cQCqCRoHC
+A8KRN0IFv8001kA90/hWOiReA47uKNRsj/F8z5DQfkeFpPkFuntH+7iotJ0K077g
+2oRVV56TL6vg3NvqE4sxvG2JOy9u7kXCquv7NJxRlQQRoEtCq0jE/pOAQGZR2bJn
+yclTiVw2CsM+ojyfP7i+0BbSl+xIvGPZ8VBcsue8pMs6U0qHBx8Gp4w06P1pAF48
+NwFa2ODTO1zXRtjWsISurGPUV9eYyotPM6X12oF97qow+QOyITDge78MjeyR
+-----END RSA PRIVATE KEY-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/ca_cert-chain.crts.pem
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/ca_cert-chain.crts.pem
@ -0,0 +1,63 @@
+-----BEGIN CERTIFICATE-----
+MIIFZDCCA0ygAwIBAgIBZTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJPTzEN
+MAsGA1UECgwEQUNNRTElMCMGA1UEAwwccm9vdC4xMDEuc2t1bmt3b3Jrcy5hY21l
+Lnh5ejAeFw0xODA4MjUxODA2MTFaFw0yODA4MjIxODA2MTFaMEMxCzAJBgNVBAYT
+Ak9PMQ0wCwYDVQQKDARBQ01FMSUwIwYDVQQDDBxyb290LjEwMS5za3Vua3dvcmtz
+LmFjbWUueHl6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvIrPlS24
+lgzjr/cuHJHWUyDMLMI6aV68Olu01SuZi0yGRouTUe/XS3qIjXlkySzHUqCDw/mV
+092h1lKRTlYGRZ0fwcSRrYZlySOV9dc1+TxBSAggoWcAG/tEwJ+TZFstogfUi4T+
+06DTiAmkglJ17Yyauf/IJOEwPU8c9U6joNZvPd/Y4taTgnGwliy9BAaOGKAxptZg
+FWGKlXWJw8Ya6ciBYz07yCwwyVOanAYN0NJn9Pl2c4E7R8hSQ7zj8Jvc5o57ou8f
+I5Zdm217G2AxUnsD9KEuYtyKRKDb+DOvGkcvKlJxpx/BuU3QvhC0tw7RFPWIDBzV
+nXD5ApdZLZCweUvHLi7bgA88fJXN9oYrRduhIzRCIOjtmlB6JnAiMwaNQpWy4/+S
+ZqDlky89dw29hUfj701An0QdYMyxH+uUuqfKPWdQREBkP1ARH8WaHXzzyJpX5orj
+ShIsg93HlZ68ILgrY7NpnFah8BJPbJUnp4QDAzIITZ+SYPQA8TBuUwyI2GNPmaPH
+o7nhcb7lIX0BERhsGqZV8nK6RIcEAxwjcgQgR3jcnxnzI0/bsQRFFkS2NkG/Dm3a
+vCJi8NGTaOppGaGs05r012tK5hiNOCJ2vZdo4oUuQgBlk/TtodpwBIyPNPdtNP+X
+AFeElVeC2lkwwah7Tz2t1LrLm6ksencGs2UCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIjB85Zt9x66faSMH7k25V3J
+svQJMB8GA1UdIwQYMBaAFIjB85Zt9x66faSMH7k25V3JsvQJMA0GCSqGSIb3DQEB
+CwUAA4ICAQCeR/j04yiT+RT/IN5g+5tgQ3iIlKqR3Jc/OCWFAB52MQd/Ar1xK+mK
+LykCaMBVv2GLrwol17CChomjChdoap/NilHTBoL0vQ2BYeYfa6Y+rMz0O4p5hM0R
+4IvyOnvi58qW+4mD4AP0Aot+l38DruuyC5eziglz1LfwBuL+2amIFbSBWEssntEV
+tp6WhqgTFiDEFwBpS70ImeweekU6LTZOagA2haYMq3nKtfgZw9bOcNbdhxMqxAn0
+GnmRoGDjvmh6mExsqJsGylke5gh3xRHLtuku9tWYPrM8xQE6rsE3A9pM1h/Abgqt
+wfgQe4v+42btQ2bvuqXM6fwpDmGoIo5TGPiJf97XbQeYFSLmELka+KGekWX0Ol7h
+755yunWyx2yPMq4wwd9uho8QVDFEwivXwMgZ/3WZUVAMxNHXsulw3ajAx5lyF400
+96/a5AuGM6tPlsCmovQtCkTlra6vE2EBiX2r58msIebTsudjfbYr0JuAoetrTOIm
+L38fFEeD6WMQ16DY4KqtErTfu4n3XAVdROayW6hlJmonD7m2H6qbhDsyV0aThmz7
+LJD0tshhNRMJdnaDiiyaTt+0yiiWqkqHLF0pxbovVaqau86M9bMCnHQGRCOmPCRB
+Rzp4RHdQPa45fGBkxJfg38S2xA273RuRP2xXRQBwsqyy9r7ftV0chA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFgDCCA2igAwIBAgICA+kwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCT08x
+DTALBgNVBAoMBEFDTUUxJTAjBgNVBAMMHHJvb3QuMTAxLnNrdW5rd29ya3MuYWNt
+ZS54eXowHhcNMTgwODI1MTgwNjEzWhcNMjAwOTEzMTgwNjEzWjBbMQswCQYDVQQG
+EwJPTzENMAsGA1UECgwEQUNNRTEaMBgGA1UECwwRQUNNRSBJbnRlcm1lZGlhdGUx
+ITAfBgNVBAMMGDEwMDEuc2t1bmt3b3Jrcy5hY21lLnh5ejCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMB/26XCkATLPCrMuieRUyuD06O30YFrxVin1K46
+/Vpfzy35jmXHwOf9SkPqZDlT+rVo1cB62mysEDuJTVgzwp7ReO0VtTiYpyXF2bkx
+kEfugV8mrjTSUmqPz1lEy/2fQtODebkwJiyrutxZ//ZMpcd69s3i6HaNsSCQqtVC
+hicoD/rVcL3hv/fo9cyyoGM9TZR8m2zbgg0+eXGyWXlI585ST3C+kp0gsYEgUrWU
+7LxsbF2ntbz0wyoOciq0106KI+J8lfyTSuBRQQXQIcq4M5/24YzLz1WLzt8dCFFQ
+Oma7tvCNy+z8hTQkBk7Jir4ByDB4HeYEXv/IGtTnyekP+AE+x+KQ22AkFyn7URcr
+2Mkz04ahAPu2/YzKMTxWf+3RDGcpW2C/KoS2u0+YddoLKFEYar9g1RYXnGS/qUE7
+z9xrLGhupd8jI+0FPkZoTb89vBQIux0fqjN3zG+xJ8hcVaBDcGp3e8RL6grOXW+d
+39q5fbha4lV2/PERPt45lvFPDaNcdtB0h3YqKJ5tBi5QpDAMn0V+59Ux9EaqQL/R
+tUn6LO8SB34r/Vignb/RAXHjROiptHGBkiQQJsBsNpH2zRkBWe/WS+HebCq61bOy
+zmcnkE62saKqUv5WT2dVnYA00RcPINCE3TtFiN7olUnfumQsumRYbSuVRq+ORk84
+27uTAgMBAAGjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MB0GA1UdDgQWBBQLAZvP+qDe9PEdskSjByyu7knZDTAfBgNVHSMEGDAWgBSIwfOW
+bfceun2kjB+5NuVdybL0CTANBgkqhkiG9w0BAQsFAAOCAgEAMz+Z6RvWJJIDkrGe
+xqMrncJ1pyl7U6h2TocMAy/zPHdrRJYjyVGaUSXCqQxZlJOkZWWQ+tn1MuMp8u/+
+13br3UaJbtknTBjt998+MltzBCDvyGaIy6R8PFT5F8cHv674wrkaQf8sPvcBmq7O
+Ma+RCGTvDOR6EiXgjYu/laLWOvw2Qi38A6RqEUQ8hrGcG6kS1bwHOQC3/TrYXEMk
+1KLR9fU5f2/zdjraE0x4KhIgGoYl1akqJ7qLQVB8px4AiHtnSuKnnlAPXkaA26Zp
+pCobhaPTFtSdZnHsxCeZTVKPyuiRpoPGcO74xLw8QukBJT2Dnt4uZbGrkJFjb1Wf
+AoqXpFThhop7jPeozaQPtPmQK8NUre7n0X6rPCf0JCDHoWKuDuQRvQswpWuxuIEZ
+WEpax2xuMCjiBKqSAV+xG41s7pIFCcd+YD9X3sLFtmBDX6X1pke4OR7Ir0YsTR+r
+QBR3POZN08nFPwOhs/jObTnyMdStuHRX1xKMc6ShcZJ0m2MW9IWYmtFJ6eAr63MQ
+uYafsC6QyhO/nK2sJGV9DfV4CAwC8F+vG9l+aElER2Y4jZE/Gg2A6f9fwoQVkmqJ
+mN1tn1UnxZjn+S7736nP3OP86swnVe59hvbGPCS0q3Ytv9v7BVz6XylbnoNX0qEm
+ekoRJi5yAXKCkT5ECdqgxfSOaqg=
+-----END CERTIFICATE-----
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/pki_funcs.sh
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/pki_funcs.sh
@ -0,0 +1,294 @@
+#!/bin/bash
+#
+# all main functions to generate a PKI certificate chain
+# 
+
+#
+# Set the CA variables
+#
+pki_func_init() {
+  if [[ -n $1 ]] || [[ -n $2 ]] || [[ -n $3 ]]; then
+    FQ_CA_CERT=$1
+    FQ_CA_KEYS=$2
+    CNF_PATH=$3
+    APP_INIT=1
+  else
+    APP_INIT=0
+  fi
+}
+
+#
+# print text wrapped in a block
+#
+echo_block() {
+  echo
+  echo "***** ***** ***** *****"
+  echo $1
+  echo "***** ***** ***** *****"
+}
+
+# 
+# Grab the latest serial # from the file, auto-increment
+# 
+get_serial() {
+  SERIAL=`head "cfg/SERIAL"`
+  if [[ -z $SERIAL ]]; then
+    SERIAL=11111
+    echo_block "WARN: no file 'SERIAL' found, using default 11111 as the serial # for CA"
+  fi
+}
+
+# ***** ***** ***** ***** *****
+# 
+# CERTIFICATE AUTHORITY (CA)
+# 
+# ***** ***** ***** ***** *****
+# This function will generate a CA Intermediate
+# IN: UNIQ_ID_CA, SERIAL
+#
+gen_ca() {
+  UNIQ_ID_CA=$1
+  SERIAL=$2
+
+  echo_block "Create CA (${UNIQ_ID_CA})"
+
+  # encrypt the key
+  #openssl genrsa -aes256 -out ca.keys.pem 4096
+  #openssl genrsa -aes256 -password "pass:password" -out ca.keys.pem 4096 
+
+  # key un-protected
+  openssl genrsa -out "ca_${UNIQ_ID_CA}.keys.pem" 4096
+  # 
+  # Create Certificate   (valid for 10 years, after the entire chain of trust expires)
+  openssl req -config $CNF_PATH/ca.cnf -new -x509 -sha256 -days 3650 -extensions v3_ca \
+              -subj "/C=OO/O=ACME/CN=root.${UNIQ_ID_CA}" -set_serial ${SERIAL} \
+              -key ca_${UNIQ_ID_CA}.keys.pem -out ca_${UNIQ_ID_CA}.crt.pem
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in ca_${UNIQ_ID_CA}.crt.pem > ca_${UNIQ_ID_CA}_cert.info.txt
+}
+
+#
+# Create CA Intermediate PKI
+# 
+# 
+
+#
+# Generate a PKI chain
+#   - the certificate chain is unique based on the serial #
+#   - generate a new CA I
+#   - generate server certificates
+#   - generate client certificates
+#
+# INPUT:  BASE SERIAL #, LOOP NUM
+# 
+# Requires: FQ_CA_CERT, FQ_CA_KEYS
+# 
+ca-i_gen_pki() {
+  CDD=`pwd`
+  ORG_URL=$1
+  SERIAL_O=$2
+  NUM_CERTS=$(($3-1))
+
+  # create unique directory
+  UNIQ_ID_CAI="${SERIAL_O}.${ORG_URL}" 
+  mkdir -p "distribution/ca_i_${UNIQ_ID_CAI}"
+  cd "distribution/ca_i_${UNIQ_ID_CAI}"
+
+  # Create CA Intermediate
+  ca-i_gen_cert $ORG_URL $SERIAL_O
+
+  # create directories, copy files, before generating client/server
+  ca-i_create_shell
+
+  __ca-i_gen_client
+
+  __ca-i_gen_server
+
+  # return to last path
+  cd $CDD
+}
+
+# 
+# Client Certificates
+# 
+__ca-i_gen_client() {
+  # create directories
+  mkdir -p clients/data
+  mkdir -p clients/distro
+  mkdir -p clients/docs
+  cd clients
+  for NUM in $(seq 0 $NUM_CERTS)
+  do
+    gen_client $ORG_URL $((SERIAL_O+NUM))
+  done
+  cd ..
+}
+
+# 
+# Server Certificates
+# 
+__ca-i_gen_server() {
+  # create directories
+  mkdir -p servers/data
+  mkdir -p servers/distro
+  mkdir -p servers/docs
+  cd servers
+  for NUM in $(seq 0 $NUM_CERTS)
+  do
+    gen_server $ORG_URL $((SERIAL_O+NUM))
+  done
+  cd ..
+}
+
+# This function will generate a CA Intermediate
+# 
+# Requires:  CNF file, CA cert, CA key
+# 
+# IN: UNIQ_ID_CA, SERIAL
+#
+ca-i_gen_cert() {
+  ORG_URL=$1 
+  SERIAL=$2
+
+  UNIQ_ID="${SERIAL}.${ORG_URL}"
+
+  echo_block "Create CA Intermediate  (${UNIQ_ID})"
+
+  openssl genrsa -out "ca_i_${UNIQ_ID}.keys.pem" 4096
+
+  # Create Cert Signing Request (CSR)
+  openssl req -config "${CNF_PATH}/ca.cnf" -new -sha256 \
+              -subj "/C=OO/O=ACME/OU=ACME Intermediate/CN=${UNIQ_ID}" \
+              -key "ca_i_${UNIQ_ID}.keys.pem" -out "ca_i_${UNIQ_ID}.csr.pem"
+
+  # Create Certificate   (valid for ~2 years, after the entire chain of trust expires)
+  # CA signs Intermediate
+  openssl x509 -req -days 750 -extfile "${CNF_PATH}/ca.cnf" -extensions v3_ca_i \
+               -CA $FQ_CA_CERT -CAkey $FQ_CA_KEYS -set_serial ${SERIAL} \
+               -in "ca_i_${UNIQ_ID}.csr.pem" -out "ca_i_${UNIQ_ID}.crt.pem"
+
+  # Package the Certificate Authority Certificates for distro  (windoze needs this)
+  openssl pkcs12 -export -password "pass:password" -inkey "ca_i_${UNIQ_ID}.keys.pem" \
+                 -name "CA Intermediate Mobile Provision" -certfile $FQ_CA_CERT \
+                 -in "ca_i_${UNIQ_ID}.crt.pem" -out "ca_i_${UNIQ_ID}.p12"
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in "ca_i_${UNIQ_ID}.crt.pem" > "ca_i_${UNIQ_ID}.crt.info.txt"
+
+  # create certifiate chain
+  cat $FQ_CA_CERT "ca_i_${UNIQ_ID}.crt.pem" > "ca_cert-chain_${UNIQ_ID}.crts.pem"
+}
+
+#
+# Copies all applcations to the Lifecycle package
+#   organize the ca-i directory
+#   order matters:  move these files last because they were copied above
+#
+ca-i_create_shell() {
+
+  DEST_DIR="${CDD}/distribution/ca_i_${UNIQ_ID_CAI}"
+
+  # client
+  mkdir -p clients/cfg
+  cp $CDD/res/libs/gen_client.sh  $DEST_DIR/clients/
+  cp $CDD/res/libs/pki_funcs.sh   $DEST_DIR/clients/cfg
+  cp $CDD/res/docs/README_C       $DEST_DIR/clients/README
+  cp $CDD/res/docs/SERIAL         $DEST_DIR/clients/cfg/
+  cp "${CDD}/cfg/${ORG_URL}.cnf"  $DEST_DIR/clients/cfg/
+  # generated files
+  cp $DEST_DIR/ca_i*.crt.pem      $DEST_DIR/clients/cfg/ca-i.crt.pem
+  cp $DEST_DIR/ca_i*.keys.pem     $DEST_DIR/clients/cfg/ca-i.keys.pem
+  cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/clients/cfg/ca_cert-chain.crts.pem
+
+  # server
+  mkdir -p servers/cfg
+  cp $CDD/res/libs/gen_server.sh  $DEST_DIR/servers/
+  cp $CDD/res/libs/pki_funcs.sh   $DEST_DIR/servers/cfg/
+  cp $CDD/res/docs/README_S       $DEST_DIR/servers/README
+  cp $CDD/res/docs/SERIAL         $DEST_DIR/servers/cfg/
+  cp "${CDD}/cfg/${ORG_URL}.cnf"  $DEST_DIR/servers/cfg/
+  # generated files
+  cp $DEST_DIR/ca_i*.crt.pem      $DEST_DIR/servers/cfg/ca-i.crt.pem
+  cp $DEST_DIR/ca_i*.keys.pem     $DEST_DIR/servers/cfg/ca-i.keys.pem
+  cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/servers/cfg/ca_cert-chain.crts.pem
+
+  # CA-I
+  mkdir -p ca-i/data
+  mkdir -p ca-i/docs
+  mkdir -p ca-i/distro
+  cp $CDD/res/docs/README_CAI       $DEST_DIR/README
+  cp $CDD/ca_*/ca_*.crt.pem         $DEST_DIR/ca-i/data/
+  cp $CDD/ca_*/ca_*.info.txt        $DEST_DIR/ca-i/docs/
+  # generated files
+  mv $DEST_DIR/ca_i*.pem            $DEST_DIR/ca-i/data/
+  mv $DEST_DIR/ca_i*.info.txt       $DEST_DIR/ca-i/docs/
+  mv $DEST_DIR/ca_i*.p12            $DEST_DIR/ca-i/distro
+  mv $DEST_DIR/ca_cert-chain*.pem   $DEST_DIR/ca-i/distro
+}
+
+#
+# Generate a Client Certificate
+# IN: UNIQ_ID, UNIQ_ID_CAI, SERIAL
+#
+gen_client() {
+  ORG_URL=$1 
+  SERIAL=$2
+
+  UNIQ_ID="${SERIAL}.${ORG_URL}"
+  CERT_CHAIN="cfg/ca_cert-chain.crts.pem"
+
+  echo_block "Generate Client Certificates  (${UNIQ_ID})"
+
+  openssl genrsa -out "data/client_${UNIQ_ID}.keys.pem" 4096
+
+  openssl req -new -key "data/client_${UNIQ_ID}.keys.pem" \
+              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=client_${UNIQ_ID}" \
+              -out "data/client_${UNIQ_ID}.csr.pem"
+  # CA Intermediate signs Client
+  openssl x509 -req -days 365 \
+               -CA "cfg/ca-i.crt.pem" -CAkey "cfg/ca-i.keys.pem" -set_serial ${SERIAL} \
+               -in "data/client_${UNIQ_ID}.csr.pem" -out "data/client_${UNIQ_ID}.crt.pem"
+
+  # Package the Certificates
+  openssl pkcs12 -export -password "pass:password" -inkey "data/client_${UNIQ_ID}.keys.pem" \
+                 -name "Client ${UNIQ_ID} VPN Certificate" -certfile $CERT_CHAIN -caname "client_${UNIQ_ID}@acme.xyz" \
+                 -in "data/client_${UNIQ_ID}.crt.pem" -out "distro/client_${UNIQ_ID}.p12"
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in "data/client_${UNIQ_ID}.crt.pem" > "docs/client_${UNIQ_ID}.info.txt"
+}
+
+#
+# Generate a Server Certificate
+# IN: UNIQ_ID, UNIQ_ID_CA, SERIAL
+#
+gen_server() {
+  ORG_URL=$1 
+  SERIAL=$2
+
+  UNIQ_ID="${SERIAL}.${ORG_URL}"
+  CERT_CHAIN="cfg/ca_cert-chain.crts.pem"
+
+  echo_block "Generate Server Certificates  (${UNIQ_ID})"
+
+  openssl genrsa -out "data/server_${UNIQ_ID}.keys.pem" 4096
+
+  openssl req -new -config "cfg/${ORG_URL}.cnf" -key "data/server_${UNIQ_ID}.keys.pem" \
+              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=${UNIQ_ID}" \
+              -out "data/server_${UNIQ_ID}.csr.pem"
+
+  # CA Intermediate signs Server
+  openssl x509 -req -days 365 -extfile "cfg/${ORG_URL}.cnf" -extensions v3_server \
+               -CA "cfg/ca-i.crt.pem" -CAkey "cfg/ca-i.keys.pem" -set_serial ${SERIAL} \
+               -in "data/server_${UNIQ_ID}.csr.pem" -out "data/server_${UNIQ_ID}.crt.pem"
+
+  # Package the Certificates
+  openssl pkcs12 -export -password "pass:password" -inkey "data/server_${UNIQ_ID}.keys.pem" \
+                 -name "Server ${UNIQ_ID} VPN Certificate" -certfile $CERT_CHAIN -caname "server_${UNIQ_ID}@acme.xyz" \
+                 -in "data/server_${UNIQ_ID}.crt.pem" -out "distro/server_${UNIQ_ID}.p12"
+
+  # verify certificate (output to text file for review)
+  openssl x509 -noout -text -in "data/server_${UNIQ_ID}.crt.pem" > "docs/server_${UNIQ_ID}.crt.info.txt" 
+}
+
--- a/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/skunkworks.acme.xyz.cnf
+++ b/src/sandbox/pki-lifecycles_1976-12-05.11_53_11/distribution/ca_i_1001.skunkworks.acme.xyz/servers/cfg/skunkworks.acme.xyz.cnf
@ -0,0 +1,55 @@
+#
+#
+#  IMPORTANT INFO
+#
+#
+[ v3_server ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "ACME Corp"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+#subjectAltName = IP:192.168.123.129
+
+[ alt_names ]
+DNS.1 = "skunkworks.acme.xyz"
+
+#
+#
+# FORCED TO INCLUDE THIS JUNK
+#
+#
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits        = 4096
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md          = sha256
+
+# Extension to add when the -x509 option is used.
+#x509_extensions     = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName                     = Country Name (2 letter code)
+stateOrProvinceName             = State or Province Name
+localityName                    = Locality Name
+0.organizationName              = Organization Name
+organizationalUnitName          = Organizational Unit Name
+commonName                      = Common Name
+emailAddress                    = Email Address
+
+# Optionally, specify some defaults.
+countryName_default             = US
+stateOrProvinceName_default     = State51
+localityName_default            =
+0.organizationName_default      = ACME R&D
+organizationalUnitName_default  =
+emailAddress_default            =
+
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
JohnE	171bc44728	MOD: updated docs	2018-10-04 12:20:45 -07:00
JohnE	2ec57697cb	MOD: documentation updates	2018-09-17 21:40:34 -07:00
JohnE	da07fd1845	MOD: docs update	2018-09-17 10:38:56 -07:00
JohnE	ab056455ec	NEW: new p12 extractor application, doc updates	2018-09-14 09:29:17 -07:00
JohnE	fdfb893a5f	FIX: fixed the serial # back to 101 as we want to keep it vanilla in the repo	2018-09-10 20:13:47 -07:00
JohnE	5366ef101d	FIN: refactoring complete, serial #s are all coherent, distinguished names (DN) is strong with both CA-I serial #s and client/server serial #s	2018-09-10 19:09:48 -07:00
JohnE	03d003b151	WIP: working to get docs and features in congruent	2018-09-08 13:01:50 -07:00
JohnE	ffd416b5d1	WIP: bugs exist...arrrg	2018-08-29 01:17:34 -07:00
JohnE	23ea416acf	MOD: refactoring to allow for auto-gen of serial #s and fixing unique id	2018-08-28 16:25:19 -07:00
JohnE	fc21e150e5	MOD: updated the sandbox example	2018-08-25 19:49:03 -07:00