Public/New-CSR.ps1
|
<#
.SYNOPSIS Create a new certificate signing request (CSR) using the specified parameters. .DESCRIPTION Create a new certificate signing request (CSR) using the specified parameters. .PARAMETER Subject The subject name of the certificate request. .PARAMETER ExtendedKeyUsage The extended key usage of the certificate request. .PARAMETER ExtendedKeyUsageOid The extended key usage OID of the certificate request. .PARAMETER KeyUsage The key usage of the certificate request. .PARAMETER KeyUsageOid The key usage OID of the certificate request. .PARAMETER PrivateKey The private key to use for the certificate request. .PARAMETER HashingAlgorithm The hashing algorithm to use for the certificate request. .PARAMETER IPAddress The IP addresses to add to the Subject Alternative Name extension. .PARAMETER DNSName The DNS names to add to the Subject Alternative Name extension. .PARAMETER Email The email addresses to add to the Subject Alternative Name extension. .PARAMETER URI The URIs to add to the Subject Alternative Name extension. .PARAMETER UPN The User Principal Names to add to the Subject Alternative Name extension. .PARAMETER ValidityPeriod The validity period of the certificate request. .PARAMETER ValidityPeriodUnits The units for the validity period of the certificate request. .PARAMETER Raw Return the raw certificate request object instead of the base64 encoded string. .EXAMPLE New-CSR -Subject 'CN=Test' -PrivateKey $PrivateKey Create a new certificate signing request for the subject 'CN=Test' using the specified private key. .EXAMPLE New-CSR -Subject 'CN=Test' -PrivateKey $PrivateKey -ExtendedKeyUsage 'ClientAuth', 'ServerAuth' -KeyUsage 'DigitalSignature', 'KeyEncipherment' -IPAddress '10.11.0.11' Create a new certificate signing request for the subject 'CN=Test' using the specified private key with the specified extended key usage, key usage and IP address. #> Function New-CSR { Param( [Parameter(Mandatory)] [String]$Subject, [ValidateSet( 'ClientAuth', 'ServerAuth', 'CodeSigning', 'EmailProtection', 'TimeStamping', 'OCSPSigning', 'SmartCardLogon', 'EncryptFileSystem', 'IPSecIKE', 'PSecIKEIntermediate', 'KDCAuth', 'IpSecurityUser' )] [String[]]$ExtendedKeyUsage, [String[]]$ExtendedKeyUsageOid, [ValidateSet( 'DigitalSignature', 'NonRepudiation', 'KeyEncipherment', 'DataEncipherment', 'KeyAgreement', 'KeyCertSign', 'CRLSign', 'EncipherOnly', 'DecipherOnly' )] [String[]]$KeyUsage, [String[]]$KeyUsageOid, [Parameter(Mandatory)] $PrivateKey, [ValidateSet( 'SHA256', 'SHA384', 'SHA512' )] [String]$HashingAlgorithm = 'SHA256', [String[]]$IPAddress, [String[]]$DNSName, [String[]]$Email, [String[]]$URI, [String[]]$UPN, [ValidityPeriod]$ValidityPeriod = [ValidityPeriod]::Days, [Int]$ValidityPeriodUnits, [Switch]$Raw ) Write-Verbose "$($MyInvocation.MyCommand): Creating certificate request for $Subject" If ($PrivateKey.SignatureAlgorithm -in ('RSA', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1')) { $UsedAlgorithm = 'RSA' $Request = [System.Security.Cryptography.X509Certificates.CertificateRequest]::new($Subject, $PrivateKey, [System.Security.Cryptography.HashAlgorithmName]::$HashingAlgorithm, [System.Security.Cryptography.RSASignaturePadding]::Pkcs1) } ElseIf ($PrivateKey.SignatureAlgorithm -eq 'ECDSA') { $UsedAlgorithm = 'ECDSA' $Request = [System.Security.Cryptography.X509Certificates.CertificateRequest]::new($Subject, $PrivateKey, [System.Security.Cryptography.HashAlgorithmName]::$HashingAlgorithm) } Else { throw "$($MyInvocation.MyCommand): Unsupported signature algorithm $($PrivateKey.SignatureAlgorithm)" } If ($KeyUsage) { $KeyUsage | ForEach-Object { Write-Verbose "$($MyInvocation.MyCommand): Adding Key Usage $_" $KeyUsageDefinition = $constant_KUDefinition[$_] If($KeyUsageDefinition.KeyTypes -notcontains $UsedAlgorithm) { Write-Verbose "$($MyInvocation.MyCommand): Key usage $_ is not supported for algorithm $UsedAlgorithm" } Else { $Extension = New-Object System.Security.Cryptography.X509Certificates.X509KeyUsageExtension $Oid = $constant_KUDefinition[$_].Oid $Extension.Oid = $Oid $Request.CertificateExtensions.Add($Extension) } } } If ($ExtendedKeyUsage -or $ExtendedKeyUsageOid) { $OidCollection = New-Object System.Security.Cryptography.OidCollection If ($ExtendedKeyUsage) { $ExtendedKeyUsage | ForEach-Object { Write-Verbose "$($MyInvocation.MyCommand): Adding Extended Key Usage $_" $Oid = New-Object System.Security.Cryptography.Oid $constant_EKUDefinition[$_] $OidCollection.Add($Oid) | Out-Null } } If ($ExtendedKeyUsageOid) { $ExtendedKeyUsageOid | ForEach-Object { Write-Verbose "$($MyInvocation.MyCommand): Adding Extended Key Usage OID $_" $Oid = New-Object System.Security.Cryptography.Oid $_ $OidCollection.Add($Oid) | Out-Null } } $EKUExtension = New-Object System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension $OidCollection, $true $Request.CertificateExtensions.Add($EKUExtension) } If ($IPAddress -or $DNSName -or $Email -or $URI -or $UPN) { $SANBuilder = New-Object System.Security.Cryptography.X509Certificates.SubjectAlternativeNameBuilder If($IPAddress) { $IPAddress | ForEach-Object { Write-Verbose "$($MyInvocation.MyCommand): Adding IP address $_ to Subject Alternative Name extension" $SANBuilder.AddIpAddress($_) } } If($DNSName) { $DNSName | ForEach-Object { Write-Verbose "$($MyInvocation.MyCommand): Adding DNS name $_ to Subject Alternative Name extension" $SANBuilder.AddDnsName($_) } } If($Email) { $Email | ForEach-Object { Write-Verbose "$($MyInvocation.MyCommand): Adding email address $_ to Subject Alternative Name extension" $SANBuilder.AddEmailAddress($_) } } If($URI) { $URI | ForEach-Object { Write-Verbose "$($MyInvocation.MyCommand): Adding URI $_ to Subject Alternative Name extension" $SANBuilder.AddUri($_) } } If($UPN) { $UPN | ForEach-Object { Write-Verbose "$($MyInvocation.MyCommand): Adding User Principal Name $_ to Subject Alternative Name extension" $SANBuilder.AddUserPrincipalName($_) } } $SANExtension = $SANBuilder.Build() $Request.CertificateExtensions.Add($SANExtension) } If (($PSVersionTable.PSEdition -ne 'Core') -and $ValidityPeriodUnits) { Write-Error "$($MyInvocation.MyCommand): The certificate validity cannot be defined in Windows PowerShell" Return } If($ValidityPeriodUnits) { # Make sure we have the correct case for the ValidityPeriod $ValidityPeriod = (Get-Culture).TextInfo.ToTitleCase($ValidityPeriod.ToString()) $ValidityPeriodObject = New-AsnEncodedEnrollmentKeyValuePair -Name "ValidityPeriod" -Value $ValidityPeriod $ValidityPeriodUnitsObject = New-AsnEncodedEnrollmentKeyValuePair -Name "ValidityPeriodUnits" -Value $ValidityPeriodUnits $Request.OtherRequestAttributes.Add($ValidityPeriodObject) $Request.OtherRequestAttributes.Add($ValidityPeriodUnitsObject) } If($Raw) { Return $Request } Else { Return [System.Convert]::ToBase64String($Request.CreateSigningRequest()) } } # SIG # Begin signature block # MIIv6wYJKoZIhvcNAQcCoIIv3DCCL9gCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAE4JZmeYjXqOTc # dd96sIFmRWVyHxVGI/PUMiNdpI1IcaCCFA4wggVyMIIDWqADAgECAhB2U/6sdUZI # k/Xl10pIOk74MA0GCSqGSIb3DQEBDAUAMFMxCzAJBgNVBAYTAkJFMRkwFwYDVQQK # ExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQDEyBHbG9iYWxTaWduIENvZGUgU2ln # bmluZyBSb290IFI0NTAeFw0yMDAzMTgwMDAwMDBaFw00NTAzMTgwMDAwMDBaMFMx # CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQD # EyBHbG9iYWxTaWduIENvZGUgU2lnbmluZyBSb290IFI0NTCCAiIwDQYJKoZIhvcN # AQEBBQADggIPADCCAgoCggIBALYtxTDdeuirkD0DcrA6S5kWYbLl/6VnHTcc5X7s # k4OqhPWjQ5uYRYq4Y1ddmwCIBCXp+GiSS4LYS8lKA/Oof2qPimEnvaFE0P31PyLC # o0+RjbMFsiiCkV37WYgFC5cGwpj4LKczJO5QOkHM8KCwex1N0qhYOJbp3/kbkbuL # ECzSx0Mdogl0oYCve+YzCgxZa4689Ktal3t/rlX7hPCA/oRM1+K6vcR1oW+9YRB0 # RLKYB+J0q/9o3GwmPukf5eAEh60w0wyNA3xVuBZwXCR4ICXrZ2eIq7pONJhrcBHe # OMrUvqHAnOHfHgIB2DvhZ0OEts/8dLcvhKO/ugk3PWdssUVcGWGrQYP1rB3rdw1G # R3POv72Vle2dK4gQ/vpY6KdX4bPPqFrpByWbEsSegHI9k9yMlN87ROYmgPzSwwPw # jAzSRdYu54+YnuYE7kJuZ35CFnFi5wT5YMZkobacgSFOK8ZtaJSGxpl0c2cxepHy # 1Ix5bnymu35Gb03FhRIrz5oiRAiohTfOB2FXBhcSJMDEMXOhmDVXR34QOkXZLaRR # kJipoAc3xGUaqhxrFnf3p5fsPxkwmW8x++pAsufSxPrJ0PBQdnRZ+o1tFzK++Ol+ # A/Tnh3Wa1EqRLIUDEwIrQoDyiWo2z8hMoM6e+MuNrRan097VmxinxpI68YJj8S4O # JGTfAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0G # A1UdDgQWBBQfAL9GgAr8eDm3pbRD2VZQu86WOzANBgkqhkiG9w0BAQwFAAOCAgEA # Xiu6dJc0RF92SChAhJPuAW7pobPWgCXme+S8CZE9D/x2rdfUMCC7j2DQkdYc8pzv # eBorlDICwSSWUlIC0PPR/PKbOW6Z4R+OQ0F9mh5byV2ahPwm5ofzdHImraQb2T07 # alKgPAkeLx57szO0Rcf3rLGvk2Ctdq64shV464Nq6//bRqsk5e4C+pAfWcAvXda3 # XaRcELdyU/hBTsz6eBolSsr+hWJDYcO0N6qB0vTWOg+9jVl+MEfeK2vnIVAzX9Rn # m9S4Z588J5kD/4VDjnMSyiDN6GHVsWbcF9Y5bQ/bzyM3oYKJThxrP9agzaoHnT5C # JqrXDO76R78aUn7RdYHTyYpiF21PiKAhoCY+r23ZYjAf6Zgorm6N1Y5McmaTgI0q # 41XHYGeQQlZcIlEPs9xOOe5N3dkdeBBUO27Ql28DtR6yI3PGErKaZND8lYUkqP/f # obDckUCu3wkzq7ndkrfxzJF0O2nrZ5cbkL/nx6BvcbtXv7ePWu16QGoWzYCELS/h # AtQklEOzFfwMKxv9cW/8y7x1Fzpeg9LJsy8b1ZyNf1T+fn7kVqOHp53hWVKUQY9t # W76GlZr/GnbdQNJRSnC0HzNjI3c/7CceWeQIh+00gkoPP/6gHcH1Z3NFhnj0qinp # J4fGGdvGExTDOUmHTaCX4GUT9Z13Vunas1jHOvLAzYIwggboMIIE0KADAgECAhB3 # vQ4Ft1kLth1HYVMeP3XtMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAkJFMRkw # FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQDEyBHbG9iYWxTaWduIENv # ZGUgU2lnbmluZyBSb290IFI0NTAeFw0yMDA3MjgwMDAwMDBaFw0zMDA3MjgwMDAw # MDBaMFwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTIw # MAYDVQQDEylHbG9iYWxTaWduIEdDQyBSNDUgRVYgQ29kZVNpZ25pbmcgQ0EgMjAy # MDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMsg75ceuQEyQ6BbqYoj # /SBerjgSi8os1P9B2BpV1BlTt/2jF+d6OVzA984Ro/ml7QH6tbqT76+T3PjisxlM # g7BKRFAEeIQQaqTWlpCOgfh8qy+1o1cz0lh7lA5tD6WRJiqzg09ysYp7ZJLQ8LRV # X5YLEeWatSyyEc8lG31RK5gfSaNf+BOeNbgDAtqkEy+FSu/EL3AOwdTMMxLsvUCV # 0xHK5s2zBZzIU+tS13hMUQGSgt4T8weOdLqEgJ/SpBUO6K/r94n233Hw0b6nskEz # IHXMsdXtHQcZxOsmd/KrbReTSam35sOQnMa47MzJe5pexcUkk2NvfhCLYc+YVaMk # oog28vmfvpMusgafJsAMAVYS4bKKnw4e3JiLLs/a4ok0ph8moKiueG3soYgVPMLq # 7rfYrWGlr3A2onmO3A1zwPHkLKuU7FgGOTZI1jta6CLOdA6vLPEV2tG0leis1Ult # 5a/dm2tjIF2OfjuyQ9hiOpTlzbSYszcZJBJyc6sEsAnchebUIgTvQCodLm3HadNu # twFsDeCXpxbmJouI9wNEhl9iZ0y1pzeoVdwDNoxuz202JvEOj7A9ccDhMqeC5LYy # AjIwfLWTyCH9PIjmaWP47nXJi8Kr77o6/elev7YR8b7wPcoyPm593g9+m5XEEofn # GrhO7izB36Fl6CSDySrC/blTAgMBAAGjggGtMIIBqTAOBgNVHQ8BAf8EBAMCAYYw # EwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4E # FgQUJZ3Q/FkJhmPF7POxEztXHAOSNhEwHwYDVR0jBBgwFoAUHwC/RoAK/Hg5t6W0 # Q9lWULvOljswgZMGCCsGAQUFBwEBBIGGMIGDMDkGCCsGAQUFBzABhi1odHRwOi8v # b2NzcC5nbG9iYWxzaWduLmNvbS9jb2Rlc2lnbmluZ3Jvb3RyNDUwRgYIKwYBBQUH # MAKGOmh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2NvZGVzaWdu # aW5ncm9vdHI0NS5jcnQwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC5nbG9i # YWxzaWduLmNvbS9jb2Rlc2lnbmluZ3Jvb3RyNDUuY3JsMFUGA1UdIAROMEwwQQYJ # KwYBBAGgMgECMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24u # Y29tL3JlcG9zaXRvcnkvMAcGBWeBDAEDMA0GCSqGSIb3DQEBCwUAA4ICAQAldaAJ # yTm6t6E5iS8Yn6vW6x1L6JR8DQdomxyd73G2F2prAk+zP4ZFh8xlm0zjWAYCImbV # YQLFY4/UovG2XiULd5bpzXFAM4gp7O7zom28TbU+BkvJczPKCBQtPUzosLp1pnQt # pFg6bBNJ+KUVChSWhbFqaDQlQq+WVvQQ+iR98StywRbha+vmqZjHPlr00Bid/XSX # hndGKj0jfShziq7vKxuav2xTpxSePIdxwF6OyPvTKpIz6ldNXgdeysEYrIEtGiH6 # bs+XYXvfcXo6ymP31TBENzL+u0OF3Lr8psozGSt3bdvLBfB+X3Uuora/Nao2Y8nO # ZNm9/Lws80lWAMgSK8YnuzevV+/Ezx4pxPTiLc4qYc9X7fUKQOL1GNYe6ZAvytOH # X5OKSBoRHeU3hZ8uZmKaXoFOlaxVV0PcU4slfjxhD4oLuvU/pteO9wRWXiG7n9dq # cYC/lt5yA9jYIivzJxZPOOhRQAyuku++PX33gMZMNleElaeEFUgwDlInCI2Oor0i # xxnJpsoOqHo222q6YV8RJJWk4o5o7hmpSZle0LQ0vdb5QMcQlzFSOTUpEYck08T7 # qWPLd0jV+mL8JOAEek7Q5G7ezp44UCb0IXFl1wkl1MkHAHq4x/N36MXU4lXQ0x72 # f1LiSY25EXIMiEQmM2YBRN/kMw4h3mKJSAfa9TCCB6gwggWQoAMCAQICDF3VjaKN # us83AvC1UTANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQ # R2xvYmFsU2lnbiBudi1zYTEyMDAGA1UEAxMpR2xvYmFsU2lnbiBHQ0MgUjQ1IEVW # IENvZGVTaWduaW5nIENBIDIwMjAwHhcNMjUxMTI3MTcwNDI2WhcNMjcxMTI4MTcw # NDI2WjCCAQwxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRIwEAYDVQQF # EwlIUkIgMTIzODExEzARBgsrBgEEAYI3PAIBAxMCREUxFzAVBgsrBgEEAYI3PAIB # AhMGSGVzc2VuMSIwIAYLKwYBBAGCNzwCAQETEU9mZmVuYmFjaCBhbSBNYWluMQsw # CQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFPZmZlbmJhY2gg # YW0gTWFpbjEZMBcGA1UECQwQS2Fpc2Vyc3RyYcOfZSAzOTEXMBUGA1UEChMOZ2x1 # ZWNra2FuamEgQUcxFzAVBgNVBAMTDmdsdWVja2thbmphIEFHMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAkQoXi0dUFVttodx+Ydj1O6EZZqgDdlSGDA/6 # x1UCkMrWNVEW+LdbUGU8KW7fUcKPCAcDJNrXfXxZeBht2G4pPvhaMz/kBdSK6bI1 # sqo1WSN//beapdUefQpq/wgnUneq13tEJQAke6EWdLyidObcogBSp9wCXBbMWsTO # utgCONjyu8AilmzRY+94lO7VwUA2LGGPX8FRAEt5AMzifsEo2lIEKiDou2H8HUUC # PibiChiuT3oGIDYYnCA/RzS44E0cAuAzlD3NQNCeIDzfoFiUD8mAC1gYU6i8yIej # jUGl8+kpbpBYjgzwbsiCBn0rDhrlpJ3MHkZCrp82kzWK0l7c3ukNvdlGcU4tKdXk # AHgpJecdYUDvz9iaYFvYEivF+Jg+Tc8ZnzsP5/q3KKw4g0QiJ+MXgvwJx8OSvAKW # tkwkLxgE9oxufs3Y8xsmwyWqxWDBcyzzvs6yISnUaeTtGmyB8BsEbahDFrxHhV6U # nwxNpJ+iM+j08J1tNIW0AXjY6ojGOIC8IIL+EiK34MXJ6Jxy22mntMnc6ztK6c7H # IKiRHIPX4jXtg7IYRS/k5muuIt/xKzN7qtF9xJbaZi8jRE6fgWDwszLJUMHSLthh # yKTsUEvuqZ79WnSHErg26EPQYirAY/IFt7Z7+3SDW2WI8uG2qY6hkpE0hm+/F3uS # M+s98jUCAwEAAaOCAbYwggGyMA4GA1UdDwEB/wQEAwIHgDCBnwYIKwYBBQUHAQEE # gZIwgY8wTAYIKwYBBQUHMAKGQGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20v # Y2FjZXJ0L2dzZ2NjcjQ1ZXZjb2Rlc2lnbmNhMjAyMC5jcnQwPwYIKwYBBQUHMAGG # M2h0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjQ1ZXZjb2Rlc2lnbmNh # MjAyMDBVBgNVHSAETjBMMEEGCSsGAQQBoDIBAjA0MDIGCCsGAQUFBwIBFiZodHRw # czovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAHBgVngQwBAzAJBgNV # HRMEAjAAMEcGA1UdHwRAMD4wPKA6oDiGNmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5j # b20vZ3NnY2NyNDVldmNvZGVzaWduY2EyMDIwLmNybDATBgNVHSUEDDAKBggrBgEF # BQcDAzAfBgNVHSMEGDAWgBQlndD8WQmGY8Xs87ETO1ccA5I2ETAdBgNVHQ4EFgQU # q/cn5ijjtp0mG1yoiF02hg4dx4IwDQYJKoZIhvcNAQELBQADggIBAJ1TZv/rvy2w # jANcL/kb6rTk+/6L7l49UghLghUKFVfrdEEc+21iexA7zlkvhM0TrhdiFU7TjDky # InPctzsDlqwUhawEx4PT8ZkZkZzm25YWaqtZH44st/Fz59KiG+85NUdRd+0cL3Y8 # NR66z3xfI6K3W/nrIcE6RHm/opOM+L02Hd2MBligLnoFYcTvR3NPCA21A6+IOaYM # n5YZzNKFXWry8ZHpWjnE4u9mxHYpS1zu2aIkwL8mfYM5moYoh0PAcp9XA5Sm4KrV # LeIzZ3HIy4EzLCbFBP+OGFpkqq8pTtmYItG+g1rYEg5a8egrY83zJMHazaTFBgRI # MNXCgeMZhC8O6NsAtbj3FSbiYKg1hNwZzHYL+uL3jcPZjuUoOpmvXu67xWs4ZfdT # Mluy5E7FyWwtnOjr/04EXWyKATYMDIkd47Wqam/ZB7umF5T5YPnmTlv18ArEXuVQ # EEpS/cN90DtRz2OGruu+V9bg3fk6NKDJLve8detDOTTBN0C/bFGxI5YLHmwVAdaq # pz3t14ShRjVcxP7aN0bEL3YOuQvjnjQGe29H6n/MPf8UG4WYMd+a8qIP4HROLJq0 # YJylzYBglqoQeQC/OG+PtWTvL9oByPVYNc+llAuap/xmWSLZgAqPbi+PAfow69Lg # bppHUCnJhNkXD/mJ4qB0KvPG+bzL19dEMYIbMzCCGy8CAQEwbDBcMQswCQYDVQQG # EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEyMDAGA1UEAxMpR2xvYmFs # U2lnbiBHQ0MgUjQ1IEVWIENvZGVTaWduaW5nIENBIDIwMjACDF3VjaKNus83AvC1 # UTANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkG # CSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEE # AYI3AgEVMC8GCSqGSIb3DQEJBDEiBCCi0wfI0Pg97EDwlBYsUUq6TpGIU5gpxabM # ITvLxmso7DANBgkqhkiG9w0BAQEFAASCAgBD8DBY2c7Awq2gkqNyVetr+iJjYmbj # 4QyfSWGX+2qQe52LQKL9z4mlIowV/Y4ivIAEHQjK4NLo+sSyeRxN2FG9i6atGGn3 # qxf5AOrUpvZ84fLFuNYTOBNxu8yakFd5IC6ExC3Icijt9Dk6yvlJ/cGyebA2MsQ1 # OKl5C6Zu+728t2qpP4HURxK8KTTz9avldVKXf8f4tTajTHObUTISGAiqMZpxVmWw # THxrb2/VJfHa7GYkyDrCn3Z8moMM3H/rLVWmZ5sfXIOHFLol4SnqkG1saVwua9GY # CPsJo8DRjV24Cz8BIqFNWZTjFrfDvLdrj8L1mEx98swvVRkDZq7o/vpQ0PHVOOPt # LQrCEc9IWUMNdBcR8iwsHj8CauzLZOPAKtMF6AJC8urNY8pLAsQfwVD+JN1eX6r6 # 8QRyslCg+4sYO2po5Pc2D85fFexwZUCymjfmKybf+Ex20RXdjQ7iiC9Si2ySpI43 # +x+8+5MaDKbZGSmykeTojZtg96QdmrGq0uAevrboY29GH7VzMDe6t6h0YIHcIWj5 # /oF66TDQpjLogTFgYqwW8c/wlg+cqIUwVNGylmbseYH2h6fZyPxjnv3roRf9CnLj # O2pWTATzNTtcW0W99tpLEDtswrV9oUeqGqy7D50GCVLTASEfrUDpPLSbhPhFR2sN # DMW9H7seK0tYJKGCGBEwghgNBgorBgEEAYI3AwMBMYIX/TCCF/kGCSqGSIb3DQEH # AqCCF+owghfmAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFiBgsqhkiG9w0BCRABBKCC # AVEEggFNMIIBSQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCBImGJf # +AHGH7WZ0UdYx655j5Wq2c2QSEXWChhYmcKg8AIGaR9QOjkAGBMyMDI1MTIwMzA4 # MDc0My4wMTRaMASAAgH0oIHhpIHeMIHbMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRp # b25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046N0EwMC0wNUUwLUQ5NDcxNTAz # BgNVBAMTLE1pY3Jvc29mdCBQdWJsaWMgUlNBIFRpbWUgU3RhbXBpbmcgQXV0aG9y # aXR5oIIPITCCB4IwggVqoAMCAQICEzMAAAAF5c8P/2YuyYcAAAAAAAUwDQYJKoZI # hvcNAQEMBQAwdzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjFIMEYGA1UEAxM/TWljcm9zb2Z0IElkZW50aXR5IFZlcmlmaWNhdGlv # biBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDIwMB4XDTIwMTExOTIwMzIz # MVoXDTM1MTExOTIwNDIzMVowYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0Eg # VGltZXN0YW1waW5nIENBIDIwMjAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK # AoICAQCefOdSY/3gxZ8FfWO1BiKjHB7X55cz0RMFvWVGR3eRwV1wb3+yq0OXDEqh # UhxqoNv6iYWKjkMcLhEFxvJAeNcLAyT+XdM5i2CgGPGcb95WJLiw7HzLiBKrxmDj # 1EQB/mG5eEiRBEp7dDGzxKCnTYocDOcRr9KxqHydajmEkzXHOeRGwU+7qt8Md5l4 # bVZrXAhK+WSk5CihNQsWbzT1nRliVDwunuLkX1hyIWXIArCfrKM3+RHh+Sq5RZ8a # Yyik2r8HxT+l2hmRllBvE2Wok6IEaAJanHr24qoqFM9WLeBUSudz+qL51HwDYyID # PSQ3SeHtKog0ZubDk4hELQSxnfVYXdTGncaBnB60QrEuazvcob9n4yR65pUNBCF5 # qeA4QwYnilBkfnmeAjRN3LVuLr0g0FXkqfYdUmj1fFFhH8k8YBozrEaXnsSL3kdT # D01X+4LfIWOuFzTzuoslBrBILfHNj8RfOxPgjuwNvE6YzauXi4orp4Sm6tF245Da # FOSYbWFK5ZgG6cUY2/bUq3g3bQAqZt65KcaewEJ3ZyNEobv35Nf6xN6FrA6jF944 # 7+NHvCjeWLCQZ3M8lgeCcnnhTFtyQX3XgCoc6IRXvFOcPVrr3D9RPHCMS6Ckg8wg # gTrtIVnY8yjbvGOUsAdZbeXUIQAWMs0d3cRDv09SvwVRd61evQIDAQABo4ICGzCC # AhcwDgYDVR0PAQH/BAQDAgGGMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRr # aSg6NS9IY0DPe9ivSek+2T3bITBUBgNVHSAETTBLMEkGBFUdIAAwQTA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9z # aXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQBgjcUAgQMHgoA # UwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUyH7SaoUqG8oZ # mAQHJ89QEE9oqKIwgYQGA1UdHwR9MHsweaB3oHWGc2h0dHA6Ly93d3cubWljcm9z # b2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMElkZW50aXR5JTIwVmVyaWZp # Y2F0aW9uJTIwUm9vdCUyMENlcnRpZmljYXRlJTIwQXV0aG9yaXR5JTIwMjAyMC5j # cmwwgZQGCCsGAQUFBwEBBIGHMIGEMIGBBggrBgEFBQcwAoZ1aHR0cDovL3d3dy5t # aWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBJZGVudGl0eSUy # MFZlcmlmaWNhdGlvbiUyMFJvb3QlMjBDZXJ0aWZpY2F0ZSUyMEF1dGhvcml0eSUy # MDIwMjAuY3J0MA0GCSqGSIb3DQEBDAUAA4ICAQBfiHbHfm21WhV150x4aPpO4dhE # mSUVpbixNDmv6TvuIHv1xIs174bNGO/ilWMm+Jx5boAXrJxagRhHQtiFprSjMktT # liL4sKZyt2i+SXncM23gRezzsoOiBhv14YSd1Klnlkzvgs29XNjT+c8hIfPRe9rv # VCMPiH7zPZcw5nNjthDQ+zD563I1nUJ6y59TbXWsuyUsqw7wXZoGzZwijWT5oc6G # vD3HDokJY401uhnj3ubBhbkR83RbfMvmzdp3he2bvIUztSOuFzRqrLfEvsPkVHYn # vH1wtYyrt5vShiKheGpXa2AWpsod4OJyT4/y0dggWi8g/tgbhmQlZqDUf3UqUQsZ # aLdIu/XSjgoZqDjamzCPJtOLi2hBwL+KsCh0Nbwc21f5xvPSwym0Ukr4o5sCcMUc # Sy6TEP7uMV8RX0eH/4JLEpGyae6Ki8JYg5v4fsNGif1OXHJ2IWG+7zyjTDfkmQ1s # nFOTgyEX8qBpefQbF0fx6URrYiarjmBprwP6ZObwtZXJ23jK3Fg/9uqM3j0P01nz # VygTppBabzxPAh/hHhhls6kwo3QLJ6No803jUsZcd4JQxiYHHc+Q/wAMcPUnYKv/ # q2O444LO1+n6j01z5mggCSlRwD9faBIySAcA9S8h22hIAcRQqIGEjolCK9F6nK9Z # yX4lhthsGHumaABdWzCCB5cwggV/oAMCAQICEzMAAABYZc3rP6HX/NIAAAAAAFgw # DQYJKoZIhvcNAQEMBQAwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0EgVGlt # ZXN0YW1waW5nIENBIDIwMjAwHhcNMjUxMDIzMjA0NjU1WhcNMjYxMDIyMjA0NjU1 # WjCB2zELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UE # CxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVs # ZCBUU1MgRVNOOjdBMDAtMDVFMC1EOTQ3MTUwMwYDVQQDEyxNaWNyb3NvZnQgUHVi # bGljIFJTQSBUaW1lIFN0YW1waW5nIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEB # BQADggIPADCCAgoCggIBAJ14NKR2kOz1QJZZ/h2WayRXC6Cm3pIVtci/kDQVIBRV # LI2SCmqqjeKCCbCTN6bNKyTUju53QjUbmQ19loLq9wJO+3l65aAV6mZjumVV3gzU # Qi5XVuANPzX48ye115HRIY6/NYIVxKUe8wvsG2jTfrD0scywGQXomwxT+18LOcF9 # GbSLDdWtvl6uW71qd5ETMrcLJE47p0YHi2S/7Qadt+yVXUTxQEPY2ESqQqlAaP79 # cYwS0Qldz2pSo5xn29zDeFO41cqonxR0oXJ1uQhEUaAZlGurMoA8xUq/Ht4Pd0zz # SxVIr1BNBpi321+XHg9RrdRXGesfyS1QE85OfgVh2zMcCSFZFT06kkjI0OikynXJ # 6t6R9HOABSaf4Jb3KatFPX82SIyRhr3aYrIZUZe+0ULVIUo8R7wp9ywv8akEMDh0 # kA7BoejV9g9EX7EshLUwAcgGnvtsNRwckw03JpUzSxLkC3go9YDQXSFo9FjmMg7Y # 40P/Ik1mOnstb2/ah5YyI+R4CJ3U+T/TGJNlYNnu4SlGTQTWwP4bIAbLqGfiF/PV # r4xDfWmxfdUuDiVbop5irCzvzC255e4pLg9HTeqANGHsMg0J3LNdrDPRzrbu9kAP # 02ZXn71vK/cbTFwGKEJXBo7JPFuFHO3H6lamyD43aHPGcQcy3F3Fcj+KeXMi8L5D # AgMBAAGjggHLMIIBxzAdBgNVHQ4EFgQUco1NxXq+FcVyfoYz3ESZ8Z0SCbAwHwYD # VR0jBBgwFoAUa2koOjUvSGNAz3vYr0npPtk92yEwbAYDVR0fBGUwYzBhoF+gXYZb # aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIw # UHVibGljJTIwUlNBJTIwVGltZXN0YW1waW5nJTIwQ0ElMjAyMDIwLmNybDB5Bggr # BgEFBQcBAQRtMGswaQYIKwYBBQUHMAKGXWh0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwUHVibGljJTIwUlNBJTIwVGltZXN0 # YW1waW5nJTIwQ0ElMjAyMDIwLmNydDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQM # MAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDBmBgNVHSAEXzBdMFEGDCsGAQQB # gjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v # cGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQQCMA0GCSqGSIb3DQEB # DAUAA4ICAQB768SIlRdYh3F78ayUwg/HjrWz1Gyvcfi8+9ImHoYfhtFKDjHDH9OE # A+rUD03meR4RhE5HJ9K2gyeTaX20QbihB99a8W2Sve6NdikQzSdzbuHj2lCKR/03 # Fs/Dy1TghAssEsWxIBBttJMsnRnOOnOfdbV86X5CQ3JI6GK8qWnq3XkC0UB/S2qE # 2GX3QMzKPg8tDtQ8xSZBeWJ7JgDPJbfa9TbV3RY3WxTAm1eXWruuJldtrNfOgPFJ # ovpdt/flHtHGyUCMpFoSJYYVocUIKJLKh8+5KdhhWQAHskk5iDkDlslzgPCQPEyE # icp9yQzoErb+fNz91dEEgC0+iVwwltuhVdtPFRiTM5L9Ettojk2Sf6Gpk6ZPEcw/ # KFk/KX23tav5P28T4l2EW86bPemuWDpKO59FXaOtQziYS/5oZNNWN+PIKur4Rv1U # 3HRh4dawpMDjNOQd+QGWavQLT6X0cyYp6x88xkcfq+nw93HGDDzDF/zcHdoq866Y # de9n0HEn9XzML8CIZnx+BliSfpn9RwOrl6ADlQcnJILl75Y/ID4u09hEukVPPkLL # H6kzUySo7AYXlilr9luBElXp9i+5Qs+4u/RYQPtJKdMlyZ2MHc1ktKL0yDVCyDZs # 1cjHElJuVrlX/GGd93ALndjqa+jdfkbi2Q2rw744noZSOXR/hhMuejGCB0Mwggc/ # AgEBMHgwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh # dGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0EgVGltZXN0YW1waW5n # IENBIDIwMjACEzMAAABYZc3rP6HX/NIAAAAAAFgwDQYJYIZIAWUDBAIBBQCgggSc # MBEGCyqGSIb3DQEJEAIPMQIFADAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQw # HAYJKoZIhvcNAQkFMQ8XDTI1MTIwMzA4MDc0M1owLwYJKoZIhvcNAQkEMSIEIC0u # aqV/yKHQI3oBNid9tvS0WXofpIr9qICMregBlH7dMIG5BgsqhkiG9w0BCRACLzGB # qTCBpjCBozCBoAQgxSJUu7IH0PsAKNXFm1s/ljevVQXbOfIW62p/dfWi6HEwfDBl # pGMwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0EgVGltZXN0YW1waW5nIENB # IDIwMjACEzMAAABYZc3rP6HX/NIAAAAAAFgwggNeBgsqhkiG9w0BCRACEjGCA00w # ggNJoYIDRTCCA0EwggIpAgEBMIIBCaGB4aSB3jCB2zELMAkGA1UEBhMCVVMxEzAR # BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2Eg # T3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjdBMDAtMDVFMC1E # OTQ3MTUwMwYDVQQDEyxNaWNyb3NvZnQgUHVibGljIFJTQSBUaW1lIFN0YW1waW5n # IEF1dGhvcml0eaIjCgEBMAcGBSsOAwIaAxUAnWR5G9unq3BdjutrwnWVH1ErxFyg # ZzBlpGMwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh # dGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0EgVGltZXN0YW1waW5n # IENBIDIwMjAwDQYJKoZIhvcNAQELBQACBQDs2kkvMCIYDzIwMjUxMjAzMDUyOTE5 # WhgPMjAyNTEyMDQwNTI5MTlaMHQwOgYKKwYBBAGEWQoEATEsMCowCgIFAOzaSS8C # AQAwBwIBAAICKXQwBwIBAAICEyEwCgIFAOzbmq8CAQAwNgYKKwYBBAGEWQoEAjEo # MCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG # 9w0BAQsFAAOCAQEAMetx0hUdFAk27orPWhn/gSYNjq34uj4nIsJcFPD7lOtyZCu9 # 6WM8GA0E4SlteVy2QLOM1DqmLtFAJ/UdErZ4KRxzOHUlEAjVoMr+C6F7X0VZS2Qx # fX0m9IG9GF1RxoOmNuG3hTQbij17lRzpZesvwZynm9sZQkMPwvA1nPcH9FX/pDnt # X0wGXNpH7lLXTC49mZgyLsBs0BGSxB6CcTDiW5S8+zfqacHOIwCpZEOgF1xIrLOb # X6FC5fTWnlLrH1IEPKaimtrTmpGyg/V4RltYQbkd9NrHQ1NrpUdYqU2GcbfiCb11 # ODsF97z8nrSCG5iHFAg9rHsplveqO1p/b/LC0TANBgkqhkiG9w0BAQEFAASCAgBs # KyXGpaMI5cSjN5k5NR0ohWAfRj5yQUCubR/KAo5uEoE1ua9QoE2lD3fUyjft/GSM # 8j5MrRWbEsoW8q1PTybQsLNLi4/xLYZTye0G6/VufkMuOoJxuA1rb+68pxC7LZq7 # UzGHiZ6uLNwPzQFkKCIarcXZuJWYTHJ6i4k1mHQGE9Fxcu2a0aKwrtuFEf10YY4h # HmopyeInBGHc+dysOWnCez90ehXLkunmgBd1t/N2mViVBvl6OBjuvZdrSkqwmZpC # HjLjoyu1qkGb1sJ48XhGrRop9zJxevSI2u3k9EbL0pAKpwJplRUzftM26zALlPuK # 81NxtqEiq17tHyt0mY96wpMUxCizM42X44JFW3zMbGcTN6ZMk+kjGWzfq/4CBxWR # o4/22al5SEB918+Tw7V8m3piYRyoqptgdO6wveVqB/PPCyst8XhtCDx0OKi1Fwik # wXBU1E+My57eD896JOly+6oBIUxGdwYDIWrmO94Y0LgPjw7QDLKC6z0qAElSmApV # lWD8IssU8vFAfp5udF62a6fWTxq5J1eKkcYZM2TXQQRmGTYZQW4y4RRoQ/KLUPTu # QrfT02IYwQvcxLHSIX9rG8ZjdkzS02eutzO08Q9fKDTgsrdTUDHhcxe2ZB/yw6Su # WMaZzNaMka0lNzBonBgnhN+/UvIuawqVjPCZ4Kh/tg== # SIG # End signature block |