Makefile to generate new SSL certificates
Change-Id: I20d438282bb952aea65e86485707bd79b218eddc
diff --git a/pki/.gitignore b/pki/.gitignore
new file mode 100644
index 0000000..2a1c9a6
--- /dev/null
+++ b/pki/.gitignore
@@ -0,0 +1,2 @@
+root_ca
+voltha.csr
diff --git a/pki/Makefile b/pki/Makefile
new file mode 100644
index 0000000..d3d9a18
--- /dev/null
+++ b/pki/Makefile
@@ -0,0 +1,97 @@
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# VOLTHA pki makefile
+# Configuration is also given in voltha.cnf
+
+SHELL = bash -eu -o pipefail
+
+# parameters
+
+KEY_SIZE ?= 2048
+EXPIRATION_DAYS ?= 366
+
+
+# utility/validation targets
+
+help:
+ @echo "Usually you want to run 'make voltha.crt'"
+
+validate:
+ openssl verify -verbose -purpose sslserver -CAfile voltha-CA.pem voltha.crt
+
+printca: voltha-CA.pem
+ openssl x509 -in voltha-CA.pem -text -noout
+
+printkey: voltha.key
+ openssl rsa -in voltha.key -check
+
+printcsr: voltha.csr
+ openssl req -in voltha.csr -text -noout -verify
+
+printcrt: voltha.crt
+ openssl x509 -in voltha.crt -text -noout
+
+clean:
+ rm -rf root_ca voltha-CA.pem voltha.key voltha.csr voltha.crt
+
+# CA creation
+
+root_ca:
+ mkdir -p root_ca/private root_ca/newcerts
+ chmod 700 root_ca/private
+ echo 1000 > root_ca/serial
+ touch root_ca/index.txt
+
+root_ca/private/ca_root_phrase: root_ca
+ @echo "TestingVOLTHARootCAPassPhrase" > root_ca/private/ca_root_phrase
+
+root_ca/private/ca_key.pem: root_ca root_ca/private/ca_root_phrase
+ @echo "## Creating CA private key"
+ openssl genrsa -aes256 \
+ -passout file:root_ca/private/ca_root_phrase \
+ -out root_ca/private/ca_key.pem $(KEY_SIZE)
+
+voltha-CA.pem: voltha.cnf root_ca/private/ca_key.pem
+ @echo "## Creating self-signed CA public key: voltha-CA.pem"
+ openssl req -config voltha.cnf \
+ -new -x509 -days $(EXPIRATION_DAYS) -sha256 \
+ -extensions v3_ca \
+ -key root_ca/private/ca_key.pem \
+ -passin file:root_ca/private/ca_root_phrase \
+ -subj "/C=US/ST=California/L=Menlo Park/O=ONF/OU=Testing Only/CN=VOLTHA Test Root CA" \
+ -out voltha-CA.pem
+
+# server cert creation
+
+voltha.key:
+ @echo "## Creating server private key: voltha.key"
+ openssl genrsa -out voltha.key $(KEY_SIZE)
+
+voltha.csr: voltha.cnf voltha.key
+ @echo "## Creating signing request voltha.csr from voltha.key"
+ openssl req -config voltha.cnf \
+ -new -sha256 -key voltha.key \
+ -subj "/C=US/ST=California/L=Menlo Park/O=ONF/OU=Testing Only/CN=VOLTHA Server" \
+ -out voltha.csr
+
+voltha.crt: voltha-CA.pem voltha.cnf voltha.key voltha.csr
+ @echo "## Signing voltha.csr to create signed public key: voltha.crt"
+ openssl ca -config voltha.cnf \
+ -batch -days $(EXPIRATION_DAYS) -md sha256 \
+ -passin file:root_ca/private/ca_root_phrase \
+ -extensions server_cert \
+ -in voltha.csr \
+ -out voltha.crt
+
diff --git a/pki/voltha-CA.pem b/pki/voltha-CA.pem
old mode 100755
new mode 100644
index a36ae71..a71091b
--- a/pki/voltha-CA.pem
+++ b/pki/voltha-CA.pem
@@ -1,24 +1,23 @@
-----BEGIN CERTIFICATE-----
-MIIEATCCAumgAwIBAgIJALW5KdiecoNnMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD
-VQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UEBwwJU29tZS1DaXR5
-MREwDwYDVQQKDAhJQ2VydGlmeTEaMBgGA1UECwwRSUNlcnRpZnkgU2VjdXJpdHkx
-DTALBgNVBAMMBEFCQ0QxIDAeBgkqhkiG9w0BCQEWEWFiY2RASUNlcnRpZnkuY29t
-MB4XDTE3MDcwNjE3MDMzMloXDTE4MDcwNjE3MDMzMlowgZYxCzAJBgNVBAYTAlVT
-MRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxETAPBgNV
-BAoMCElDZXJ0aWZ5MRowGAYDVQQLDBFJQ2VydGlmeSBTZWN1cml0eTENMAsGA1UE
-AwwEQUJDRDEgMB4GCSqGSIb3DQEJARYRYWJjZEBJQ2VydGlmeS5jb20wggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWXdtOUprhRYsx/iFp2Q3ICsDsr2bi
-k7Bf6Z7DZzN+k8xXFrFEcmM2Smaw5xFPCtc9bjV9wyosjHwkrNhEJSkyPbX5EUvI
-m19pgytirjx4Va8MRj5RGrVe8M0ifpwBTLvehPpEoLGXp6DJ0u4Py1/9xIdqbeWS
-PhCHIR/lnEjuGODNPMbGWoay4DPGmoFIeMm2CViV3kxMH347iPfqFFJHXmqAbfDI
-qjFUL6A2v2jTpqv8WQlWbZGafIuRHlsMFkfJe8KvppOxMqUFLCONfewJDR8saK6d
-JfGr6xQ3gN2kk4KWPq2EYazNJNPiXRv8yrgSJznOC/ujtBCqftHrOehxAgMBAAGj
-UDBOMB0GA1UdDgQWBBQdzUTQpHAOGDuS+lY/dvaZEXDrBjAfBgNVHSMEGDAWgBQd
-zUTQpHAOGDuS+lY/dvaZEXDrBjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
-A4IBAQBpPS6uTTGwap4y3OSXD0CsccX0wyzEw4O07uaDI0QIbJNiOQXCMUWuGRos
-UCqgKAnb3+ccUi2OVWO0kh7N0JuIpnvfH9+eZO/3ucyhs9SQ5BOBzINSVnb2LBh3
-x4yK8IDRhz81gdBmVgB/vjQ58eMDBBwV1is/DVlohZFeNsQ8t/33VLMAAdHFIewW
-ieVDWZrITyKHvsl7YGXFXy2R/Q9felHPY+p7NlhHP38MgXYdbpAllO7YOCvtj9q/
-5TWsgWgOQaBJFW2s/3dlvWiNNbgwKxdO85rNDTdZzKn7sIeMsK499YHBPYwWXp++
-Jctzc86PVAOz+HDtDHs1t/ix8wM/
+MIID2jCCAsKgAwIBAgIJAPp3/HUhTzcGMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQHDApNZW5sbyBQYXJr
+MQwwCgYDVQQKDANPTkYxFTATBgNVBAsMDFRlc3RpbmcgT25seTEcMBoGA1UEAwwT
+Vk9MVEhBIFRlc3QgUm9vdCBDQTAeFw0xODA3MTAxODQwMDVaFw0xOTA3MTExODQw
+MDVaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQH
+DApNZW5sbyBQYXJrMQwwCgYDVQQKDANPTkYxFTATBgNVBAsMDFRlc3RpbmcgT25s
+eTEcMBoGA1UEAwwTVk9MVEhBIFRlc3QgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMEawmybBpHIWVLGm9gqnfg4IpNNczCAeOB2w5UqsqIR
+mHMSa/f+wjDRztHhp+6FQfqN1ycWmrUAPyfYn63laRPM2VlnNOa0g8iS0uif2AaY
+3ms7PbjDNug2jtj/P7PNikHrd6cW/lWEXPhgGSWscNtlFvAjVwTs9pO6nELtw6XW
+wEgF40XB8UnwatD3J61G0TfcDlJMg0qMiTsnQzgrb6hUSI7IRSUKypFRii5lXts1
+Zt3VYz2yViMDat18ICz+oiVE3EL6YfTebM27m9UhhQn4BnBxwU18zcACz1SHGOPg
++hGFbO5NsXnVabvyNNuHabb4lDCYwcL8xGaPeqtm3jsCAwEAAaNjMGEwHQYDVR0O
+BBYEFBbNGGwDeW6Zmz9tF/QhGiExBmpnMB8GA1UdIwQYMBaAFBbNGGwDeW6Zmz9t
+F/QhGiExBmpnMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqG
+SIb3DQEBCwUAA4IBAQByQh5RKK5j01jjeBkCV0eonlMMWMKDIemKQLN6zlU3wvTV
+7++F1FT3IOhM3Oe/kS3JF7mG/jIhQuiycbIvmth/eUdPNJpePTHSilYVHLPXVMl2
+YUfkMyj5aRZCzSdzPfWEkJu/PceyBJP7vjnpOYOraqf6lU6sXBuTLVWRZADEQ9b4
+0oKa59pzOxFdtdDU5Pfnj/Vzaxsw8bpt/JINQb6VIqd71TASAdsuoQZXdYy7rvkl
+29M1gv2bTLxU7jE+5jIgfPtOde6cJeeuSNhKqaFJxTrbZFj4ZgQ4zXsr6QzO/hbV
+kLN8QechIcnf6F4tOTWEiPhs3yIE/947tFT3ZLcx
-----END CERTIFICATE-----
diff --git a/pki/voltha.cnf b/pki/voltha.cnf
new file mode 100644
index 0000000..7552010
--- /dev/null
+++ b/pki/voltha.cnf
@@ -0,0 +1,89 @@
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[ ca ]
+default_ca = CA_default
+
+[ CA_default ]
+dir = ./root_ca
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+
+private_key = $dir/private/ca_key.pem
+certificate = voltha-CA.pem
+
+# Make new requests easier to sign - allow two subjects with same name
+# (Or revoke the old certificate first.)
+unique_subject = no
+preserve = no
+
+# for CA that signs client certs
+policy = policy_loose
+
+[ policy_loose ]
+# Allow the to sign more types of certs
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ req ]
+default_bits = 2048
+default_days = 366
+default_md = sha256
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name
+localityName = Locality Name
+0.organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+commonName = Common Name
+emailAddress = Email Address
+
+# Defaults DN
+countryName_default = US
+stateOrProvinceName_default = California
+localityName_default = Menlo Park
+0.organizationName_default = ONF
+organizationalUnitName_default = Testing Only
+commonName = VOLTHA Testing
+emailAddress_default = do-not-reply@opencord.org
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:TRUE
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+basicConstraints = CA:FALSE
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = 'DNS:voltha.dns'
+
diff --git a/pki/voltha.crt b/pki/voltha.crt
old mode 100755
new mode 100644
index ed5e70e..efeef03
--- a/pki/voltha.crt
+++ b/pki/voltha.crt
@@ -1,22 +1,92 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=ONF, OU=Testing Only, CN=VOLTHA Test Root CA
+ Validity
+ Not Before: Jul 10 18:40:05 2018 GMT
+ Not After : Jul 11 18:40:05 2019 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=ONF, OU=Testing Only, CN=VOLTHA Server
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c6:90:b9:38:0e:d5:38:bd:20:54:8f:82:56:2b:
+ 54:da:16:6f:a2:84:63:99:f8:4b:8c:24:be:c6:17:
+ ee:ce:b1:e4:27:4c:4f:e0:7b:b9:1c:0c:a7:9d:45:
+ 37:39:1d:b0:41:fb:96:49:f4:02:1c:66:87:3a:87:
+ e6:59:fc:9d:4d:fb:73:74:50:8a:39:25:5c:7e:8f:
+ b4:de:3e:d5:10:5e:91:53:da:6a:3e:57:db:18:d8:
+ da:c6:33:90:ee:0a:6d:4d:e2:e9:cb:1b:21:c8:59:
+ 3e:e6:b2:bd:ee:d2:95:70:f7:0e:98:4e:bc:04:6b:
+ 5b:4f:63:0b:25:d8:0e:4f:10:f8:30:92:19:a8:1b:
+ a1:3a:be:51:73:24:bc:0f:f0:4c:26:8f:df:2a:a8:
+ cc:d8:38:7e:ad:d0:f5:cc:e9:e9:76:d8:3e:ff:55:
+ 94:23:69:74:8f:d2:00:51:c5:d6:56:61:09:0f:5e:
+ 70:4c:5f:5e:d6:a4:47:58:ff:73:40:c5:5e:e0:14:
+ 73:6c:8b:4d:54:e2:fc:d7:94:60:64:9b:db:2a:d6:
+ 38:a0:d3:ae:2e:47:d3:74:3c:0f:c0:fe:c6:af:af:
+ a0:08:1f:20:a8:3a:a7:74:58:af:94:35:66:4b:7c:
+ 97:26:1b:03:23:0f:3d:0a:9d:ea:9b:06:d4:96:ca:
+ 5c:4d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ F9:71:CB:9B:DC:B0:AB:C3:70:04:1B:9E:63:D0:21:01:CE:35:FF:19
+ X509v3 Authority Key Identifier:
+ keyid:16:CD:18:6C:03:79:6E:99:9B:3F:6D:17:F4:21:1A:21:31:06:6A:67
+ DirName:/C=US/ST=California/L=Menlo Park/O=ONF/OU=Testing Only/CN=VOLTHA Test Root CA
+ serial:FA:77:FC:75:21:4F:37:06
+
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Alternative Name:
+ DNS:voltha.dns
+ Signature Algorithm: sha256WithRSAEncryption
+ 12:3e:b8:73:d1:ab:77:ec:7a:b0:d8:8e:94:8e:3c:fd:ff:b0:
+ 25:bf:e8:51:d7:b9:ae:55:03:28:cb:a2:9b:fb:86:9c:35:55:
+ 2b:c8:0c:c6:a9:b4:41:a3:12:d3:26:c9:33:93:4a:a1:7c:ad:
+ 06:eb:d5:d0:a4:63:e1:ad:7f:76:d7:7b:2b:44:ab:43:2b:26:
+ 84:a2:d6:5d:68:fc:bb:1b:15:3e:63:32:34:e8:1a:a4:d9:81:
+ 4b:28:17:e8:f7:1d:3a:d5:cb:37:87:77:04:3f:96:6d:17:e6:
+ 1e:90:0e:a8:6c:01:58:84:d4:1a:b4:9f:51:79:9c:03:23:1b:
+ b6:97:0c:28:a4:af:67:0b:da:b2:fa:6e:41:49:00:8a:36:11:
+ f8:80:50:61:03:c3:b5:df:f7:e5:ea:4b:9c:3f:68:68:e0:f8:
+ 78:f1:1d:ff:0b:23:45:2a:d6:19:a8:f6:b9:19:25:e0:46:ce:
+ 8b:56:ca:e5:da:2a:35:65:b8:e2:8d:6d:46:1e:9f:f3:4b:4d:
+ 7a:c0:f5:48:71:42:f6:95:f9:e5:c9:61:8f:7a:96:63:88:64:
+ 68:55:3e:d6:c6:c0:e2:cd:c9:03:93:87:4e:6f:c4:b4:fb:c3:
+ c4:ec:93:ad:88:28:17:fc:77:b8:a2:99:f6:26:ca:6f:36:2d:
+ 26:4f:d3:44
-----BEGIN CERTIFICATE-----
-MIIDpjCCAo4CCQC8Ii1FHMd/NjANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMC
-VVMxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTERMA8G
-A1UECgwISUNlcnRpZnkxGjAYBgNVBAsMEUlDZXJ0aWZ5IFNlY3VyaXR5MQ0wCwYD
-VQQDDARBQkNEMSAwHgYJKoZIhvcNAQkBFhFhYmNkQElDZXJ0aWZ5LmNvbTAeFw0x
-NzA3MDYxNzExMjJaFw0xODA3MDYxNzExMjJaMIGSMQswCQYDVQQGEwJVUzETMBEG
-A1UECAwKU29tZS1TdGF0ZTESMBAGA1UEBwwJU29tZS1DaXR5MREwDwYDVQQKDAhT
-b21lLU9yZzEWMBQGA1UECwwNU29tZS1PcmctVW5pdDENMAsGA1UEAwwEQUJDRDEg
-MB4GCSqGSIb3DQEJARYRYWJjZEBTb21lLU9yZy5Db20wggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCxrvQHxtVRWPqu4Dx05HeOUzmYGWZXpTnN7tfF/H7i
-iSFhOq9ZIHtiGowaiQUCCuxWAtP6IfM2w3etCtwL/JxgjD9mSlTuALm0Xv3xdQK4
-bEngemY93DcSvm49bDFv7CIJk0bvW0PwuFriOLcS3A7ARWUA6oBFskKPng51XM8V
-eh32mBLH+O6/MSLtB9Ig8FU7BtnZq/djdJNm5ikwG4Of0oUAy1hOa48Ena3uHRBX
-HjBk+v+ffzbDxBaMZ0xyML86cuVUl1maG03VVvgX66qvMHN3OcSjm+TSJRYIcm6v
-Dn6X+jg6UOZLM0Hh9CWo+IO10kPXjflC2lmExkaz6bUBAgMBAAEwDQYJKoZIhvcN
-AQELBQADggEBAIKnUDMh5Rh02zwZ5LVOFbffgM04BhMCJumW4Z+3bng33mhkboAp
-fMA46/6rwb6GWqqH0BXwhfrr637NNuOqwvlfT2PARLXLJgp97Kyl1qcBkA5YBX+L
-QLQZ1lVmn0MkngYd7G8mBgnXhSnRJbD3H7L5QpJRLtqspVcAh001hnlPe4P5OF/x
-/GJTmivvPRvX6GB8mMMp70LhMcq/Iy1wdl/6ILXKj9c3RbHxl901ZpXbjzEaSqVt
-g023PkDz+RDJAh1Z6k/ZsuoqUO/vcmK+hlTZhEGTSW48dwnuG6ih17ZKvLoD9zUP
-aw8FmD4Sg/YH5F+ICscW9p5ErjSXLItn9B4=
+MIIEhTCCA22gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwejELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCkNhbGlmb3JuaWExEzARBgNVBAcMCk1lbmxvIFBhcmsxDDAKBgNV
+BAoMA09ORjEVMBMGA1UECwwMVGVzdGluZyBPbmx5MRwwGgYDVQQDDBNWT0xUSEEg
+VGVzdCBSb290IENBMB4XDTE4MDcxMDE4NDAwNVoXDTE5MDcxMTE4NDAwNVowdDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEzARBgNVBAcMCk1lbmxv
+IFBhcmsxDDAKBgNVBAoMA09ORjEVMBMGA1UECwwMVGVzdGluZyBPbmx5MRYwFAYD
+VQQDDA1WT0xUSEEgU2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAxpC5OA7VOL0gVI+CVitU2hZvooRjmfhLjCS+xhfuzrHkJ0xP4Hu5HAynnUU3
+OR2wQfuWSfQCHGaHOofmWfydTftzdFCKOSVcfo+03j7VEF6RU9pqPlfbGNjaxjOQ
+7gptTeLpyxshyFk+5rK97tKVcPcOmE68BGtbT2MLJdgOTxD4MJIZqBuhOr5RcyS8
+D/BMJo/fKqjM2Dh+rdD1zOnpdtg+/1WUI2l0j9IAUcXWVmEJD15wTF9e1qRHWP9z
+QMVe4BRzbItNVOL815RgZJvbKtY4oNOuLkfTdDwPwP7Gr6+gCB8gqDqndFivlDVm
+S3yXJhsDIw89Cp3qmwbUlspcTQIDAQABo4IBGTCCARUwHQYDVR0OBBYEFPlxy5vc
+sKvDcAQbnmPQIQHONf8ZMIGsBgNVHSMEgaQwgaGAFBbNGGwDeW6Zmz9tF/QhGiEx
+BmpnoX6kfDB6MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTETMBEG
+A1UEBwwKTWVubG8gUGFyazEMMAoGA1UECgwDT05GMRUwEwYDVQQLDAxUZXN0aW5n
+IE9ubHkxHDAaBgNVBAMME1ZPTFRIQSBUZXN0IFJvb3QgQ0GCCQD6d/x1IU83BjAJ
+BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAV
+BgNVHREEDjAMggp2b2x0aGEuZG5zMA0GCSqGSIb3DQEBCwUAA4IBAQASPrhz0at3
+7Hqw2I6Ujjz9/7Alv+hR17muVQMoy6Kb+4acNVUryAzGqbRBoxLTJskzk0qhfK0G
+69XQpGPhrX9213srRKtDKyaEotZdaPy7GxU+YzI06Bqk2YFLKBfo9x061cs3h3cE
+P5ZtF+YekA6obAFYhNQatJ9ReZwDIxu2lwwopK9nC9qy+m5BSQCKNhH4gFBhA8O1
+3/fl6kucP2ho4Ph48R3/CyNFKtYZqPa5GSXgRs6LVsrl2io1ZbjijW1GHp/zS016
+wPVIcUL2lfnlyWGPepZjiGRoVT7WxsDizckDk4dOb8S0+8PE7JOtiCgX/He4opn2
+JspvNi0mT9NE
-----END CERTIFICATE-----
diff --git a/pki/voltha.key b/pki/voltha.key
old mode 100755
new mode 100644
index e1bab13..614efa1
--- a/pki/voltha.key
+++ b/pki/voltha.key
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAsa70B8bVUVj6ruA8dOR3jlM5mBlmV6U5ze7Xxfx+4okhYTqv
-WSB7YhqMGokFAgrsVgLT+iHzNsN3rQrcC/ycYIw/ZkpU7gC5tF798XUCuGxJ4Hpm
-Pdw3Er5uPWwxb+wiCZNG71tD8Lha4ji3EtwOwEVlAOqARbJCj54OdVzPFXod9pgS
-x/juvzEi7QfSIPBVOwbZ2av3Y3STZuYpMBuDn9KFAMtYTmuPBJ2t7h0QVx4wZPr/
-n382w8QWjGdMcjC/OnLlVJdZmhtN1Vb4F+uqrzBzdznEo5vk0iUWCHJurw5+l/o4
-OlDmSzNB4fQlqPiDtdJD1435QtpZhMZGs+m1AQIDAQABAoIBAFZeJGBjVe1kwvWe
-KcToCPU1nxk/v2968M4Y+ulSAps67O7GB9Xa5B6bqN59G+ISTS7B0SgUuJQ2D0Yd
-sThiYeDMS0T9fKrzz1DNm8Jyjg/3EzH6TRhkoqCJ0CwrGxy8Ow9Md36BblTkR8kO
-qG6SaNks4hu/4Pn/3DrTKVQC+OYG1mjJiyLmHKjgf3tk4oaX3PdRO7radY/0MRKD
-NMFcSaor1hp5ptlMnYdB1aK91JMkYhPFfgefuQD92n3hBmHn8y8cuXwc50b6cHUb
-AgtRJCOs5Iqx+x+L9smwk3GbV19PSxglJ7tGEaDfjt3gaGv4UnpXtJsCr/NpAdMF
-NvQIQcECgYEA3eYQKHYtJ1MR/Yst0Nw4GO2V+wP1ch9U/4gs7o+n53bu6nN8x4AF
-kOOyr7S0ABTTcDJzlCAhqm4UuEEC9XxpEGC6sAZB4U/QDzcVGyR9OjksALxrsAh2
-Gl/iGwzAqd0xFRRe5r505RNecxrGmxNglBLxRw29fqt0jExTJqkKUa8CgYEAzP1f
-gpXN1v0Ndq1KyPzCwBonCrYpVoIl/5CkV0NaMQB4n8XiKcqDYd/cvu1Dlp2jr2qo
-MWc18OCfludD51SOS8nGzA7Dw1lS5knRTKKHpSO4AaXsP+y88sZK+a4K7iLxxcYU
-cLmYRMtuE1S/r0Ij15IU8RDcF2iF53uC3DUNgE8CgYBKnTKvuFUklP1GqUclpPdE
-ApfdCQ6+aiS1q/+X1DxcS5S4x06c8sJsXvRVusiQAnC6mGxe0ZMgcNWMw2eQTl4x
-wKTlzaTXc3P9ucLiFpn5OwI92R3I2n+EDNvFxrr+Iz9+3BOxOTerU6D9yXIg8RoX
-kGsLPmaKsnKFPqDzLgInRwKBgQCSnV5krfStogyxJzzoCDDa6VmnRabHYwr+gVup
-tliZ17ZuwEAEl/3kURM308eVwGZEnspxm1pvUJmUexCMMmQcPNNdO+o0nHy4jW+P
-mmfea2++bghNqGt0UPNrJVpX/NJkHEqeXYBVJBM07Fa1aV7tXmRwDxj7/RxY9nQg
-QCnJ7QKBgHdVm+yJJYbeJP98SH8tCiWOIxtGZKugrXapRaBBwM+CZsV//BGtSFG9
-qg7dcd6uozmJlX7Iy+8DeaxlxXqxBl68l0qGP2qm7rBbtTqZFmPuzwiQYUs5aOlh
-p//TCi2bAFeAbR/V7hk65/MwFO01HbeAKj6VU4NnEaOQPctHDGAP
+MIIEpgIBAAKCAQEAxpC5OA7VOL0gVI+CVitU2hZvooRjmfhLjCS+xhfuzrHkJ0xP
+4Hu5HAynnUU3OR2wQfuWSfQCHGaHOofmWfydTftzdFCKOSVcfo+03j7VEF6RU9pq
+PlfbGNjaxjOQ7gptTeLpyxshyFk+5rK97tKVcPcOmE68BGtbT2MLJdgOTxD4MJIZ
+qBuhOr5RcyS8D/BMJo/fKqjM2Dh+rdD1zOnpdtg+/1WUI2l0j9IAUcXWVmEJD15w
+TF9e1qRHWP9zQMVe4BRzbItNVOL815RgZJvbKtY4oNOuLkfTdDwPwP7Gr6+gCB8g
+qDqndFivlDVmS3yXJhsDIw89Cp3qmwbUlspcTQIDAQABAoIBAQCjM4YYbhCP7too
+xj8A5eJ60V/1ukxG2430ZKssE7WiyxFTv2QThH0Tcc898wq9dgpNYSQYKmalwxs4
+X0RUB82er6IoIp5I880+9Ixa8leaea+GtQkHrpwUov/FUdK343gNQQiZd/ZfPgL2
+CEkVhp1vWI/1XRkppLdK24PpGdhA4KXOKJTXrNCf4p7oJz+rEQrGuWrmHcoQV6Kc
+TrBMFvRRTaL6C2f+Nww8HMtpJjCCgMYNkHLH4sL2SbPiORwBJdXq+ajYfxqL6Swx
+DGUJqBJs8m1DDIAFDiDGhDiwLDBA/as8Ii1+wpayPfa5ulUvh3EkTyku9SXbJxJg
+7SBrzwVhAoGBAOno5coqNebro27vEKLnZX/Ttw1DWfklNuvF1e+O2nlttDL0K27p
+fMK2SAcIPz0RDFpt0kNuzMTkblvXseKZgnnYdVeDM0jIjfSDYyi6aI62UiTIb+m1
+mHljCBXu/V9kxNgcvt7R4rPStVtzvAI+I4kNxibh5O2XYw1MwsPdIDV1AoGBANlR
+UuZA1SKLgUMV5dFuJ7w31QY93AHq+XYbBbXM85IyQr4u05S6tgEQ0kI4odGP9boU
+GP5qoy3hem2c/K8QbZeGYD83zhsguEkq+FBavtqxCCIFJDvtCu+Hg8uQ4YGxTtdx
+Q9G6XBbL/reJ9o5ptRTm6FO/ya5Q1x5g7okV8bh5AoGBAI+g9MjolmSPOLG7limR
+kN+m7vXz72FvGoQ33J/Wxgxd8pJ/H9RhBrzBFQVMaRhkSYOVf9DsTkxwP9uhXJdZ
+z6Zl5dewtmLw00nbC55MqDtJdLMlaKLHYTLYPnTJZUeYJs7VB9bmZiApODdJn554
+7XUQwiXJ+7pwhN/7zHRcaZSpAoGBALhgghguu2YCvFnhk0m7zuSm7grMowPRi3ND
++/VB/Ql1sSDQc9zFCLQgxHNAvzIglNgaQxZf/TBpFEk5nz0ckA62CKS6QRjNCu2x
+ElqCk1jSSFcsy5A4TkXpUM1+j4VMnNq3E1Y2aflBfEvWNqSfVO519nlPx9ooZks0
+7EzMnHfpAoGBAOWg98M+I/FqziskKlB9QWTnFww/lGTTAGgOBHic0BJElzxiTVrx
+ZtnUCwlPi0fWSdrkWRcNYIMtfcDVA2Ifb9xhDHZLzfxznylhKiKrBSqAnQXjpkF7
+GGJLwMEzAjeb45HxydWoHWa0OaB1T9ZngAJs7mxFWYiPpS9ToO62L/IT
-----END RSA PRIVATE KEY-----