openSSL命令、PKI、CA、SSL证书原理
相关学习资料
http://baike.baidu.com/view/7615.htm?fr=aladdin
http://www.ibm.com/developerworks/cn/security/se-pkiusing/index.html?ca=drs
http://www.ibm.com/developerworks/cn/security/s-pki/
http://en.wikipedia.org/wiki/X.509
http://zh.wikipedia.org/wiki/PKCS
http://blog.csdn.net/rztyfx/article/details/6919220
http://weekend.blog.163.com/blog/static/7468958201131591422649/
http://linux.chinaunix.net/techdoc/beginner/2009/06/29/1120721.shtml
http://www.360doc.com/content/12/0414/19/3725126_203594495.shtml
http://blog.sina.com.cn/s/blog_436fe8b10100r5p3.html
http://blog.csdn.net/allwtg/article/details/4982507
http://rhythm-zju.blog.163.com/blog/static/310042008015115718637/
http://www.mike.org.cn/articles/ubuntu-config-apache-https/
目录
. PKI、CA简介
. SSL证书
. SSL证书生成、openSSL学习
. CA中心搭建、SSL证书生成过程
1. PKI、CA简介
PKI(Public Key Infrastructure)即"公钥基础设施",是一种遵循既定标准的密钥管理平台,它能够为所有网络应用提供加密和数字签名等密码服务及所必需的密钥和证书管理体系,简单来说,PKI就是利用公钥理论和技术建立的提供安全服务的基础设施。PKI技术是信息安全技术的核心,也是电子商务的关键和基础技术。
PKI是Public Key Infrastructure的缩写,是指用公钥概念和技术来实施和提供安全服务的具有普适性的安全基础设施。这个定义涵盖的内容比较宽,原则上说,任何以公钥技术为基础的安全基础设施都是PKI。当然,没有好的非对称算法和好的密钥管理就不可能提供完善的安全服务,也就不能叫做PKI。也就是说,该定义中已经隐含了必须具有的密钥管理功能。
PKI既不是一个协议,也不是一个软件,它是一个标准,在这个标准之下发展出的为了实现安全基础服务目的的技术统称为PKI
PKI主要由以下组件组成
. 认证中心CA(证书签发)
CA是PKI的"核心",即数字证书的申请及签发机关,CA必须具备权威性的特征,它负责管理PKI结构下的所有用户(包括各种应用程序)的证书,把用户的公钥和用户的其他信息捆绑在一起,在网上
验证用户的身份,CA还要负责用户证书的黑名单登记和黑名单发布 . X.500目录服务器(证书保存)
X.500目录服务器用于"发布"用户的证书和黑名单信息,用户可通过标准的LDAP协议查询自己或其他人的证书和下载黑名单信息。 . 具有高强度密码算法(SSL)的安全WWW服务器(即配置了HTTPS的apache)
Secure socket layer(SSL)协议最初由Netscape 企业发展,现已成为网络用来鉴别网站和网页浏览者身份,以及在浏览器使用者及网页服务器之间进行加密通讯的全球化标准。 . Web(安全通信平台)
Web有Web Client端和Web Server端两部分,分别安装在客户端和服务器端,通过具有高强度密码算法的SSL 协议保证客户端和服务器端数据的机密性、完整性、身份验证。 . 自开发安全应用系统 自开发安全应用系统是指各行业自开发的各种具体应用系统,例如银行、证券的应用系统等。完整的PKI包括:
) 认证政策的制定,包括
1.1) 遵循的技术标准
1.2) 各CA 之间的上下级或同级关系
1.3) 安全策略
1.4) 安全程度
1.5) 服务对象
1.6) 管理原则和框架等
) 认证规则
) 运作制度的制定
) 所涉及的各方法律关系内容
) 技术的实现等
认证中心CA作为PKI的核心部分,CA实现了PKI 中一些很重要的功能
. 接收验证最终用户数字证书的申请
. 确定是否接受最终用户数字证书的申请-证书的审批
. 向申请者颁发、拒绝颁发数字证书-证书的发放
. 接收、处理最终用户的数字证书更新请求-证书的更新
. 接收最终用户数字证书的查询、撤销
. 产生和发布证书废止列表(CRL)
. 数字证书的归档
. 密钥归档
. 历史数据归档
在这么多功能中,CA的核心功能就是"发放"和"管理"数字证书,同时这也是PKI的核心
典型CA框架模型
. 安全服务器:
安全服务器面向普通用户,用于提供:
) 证书申请
) 浏览
) 证书撤消列表
) 证书下载等安全服务
安全服务器与用户的的通信采取安全信道方式(如SSL的方式,不需要对用户进行身份认证)。用户首先得到安全服务器的证书(该证书由CA颁发),然后用户与服务器之间的所有通信,包括用户填
写的申请信息以及浏览器生成的公钥均以安全服务器的密钥进行加密传输,只有安全服务器利用自己的私钥解密才能得到明文,这样可以防止其他人通过窃听得到明文。从而保证了证书申请和传输
过程中的信息安全性。 . CA服务器
CA服务器是整个证书机构的核心,负责:
) 证书的签发
1.1) 产生自身的私钥和公钥(密钥长度至少为1024位)
1.2) 然后生成根数字证书,并且将数字证书传输给安全服务器
) CA还负责为操作员、安全服务器以及注册机构服务器生成数字证书。安全服务器的数字证书和私钥也需要传输给安全服务器
CA服务器是整个结构中最为重要的部分,存有CA的私钥以及发行证书的脚本文件,出于安全的考虑,应将CA服务器与其他服务器隔离,任何通信采用人工干预的方式,确保认证中心的安全。 . 注册机构RA
登记中心服务器面向登记中心操作员,在CA体系结构中起承上启下的作用
) 一方面向CA转发安全服务器传输过来的证书申请请求
) 另一方面向LDAP服务器和安全服务器转发CA颁发的数字证书和证书撤消列表。 . LDAP服务器
LDAP服务器提供目录浏览服务,负责将注册机构服务器传输过来的用户信息以及数字证书加入到服务器上。这样其他用户通过访问LDAP服务器就能够得到其他用户的数字证书。 . 数据库服务器:数据库服务器是认证机构中的核心部分,用于:
) 认证机构中数据(如密钥和用户信息等)
) 日志合统计信息的存储和管理
实际的的数据库系统应采用多种措施,如磁盘阵列、双机备份和多处理器等方式,以维护数据库系统的安全性、稳定性、可伸缩性和高性能。
我们知道,PKI的目的是使用公钥机制加密技术来保护通信的安全,而公钥算法涉及到很多的加密参数,同时PKI机制中还有对用户身份的识别的功能,为了满足这些需求,"证书"的出现就很自然了,证书从本质上来说就是一个ASCII文本文件,它只是将整个公钥机制中需要的各种数据都捆绑打包到了一起,统一管理、分发
2. SSL证书
"SSL证书"这个词是一个相对较大的概念,有很多种格式的SSL证书,整个PKI体系中有很多格式标准。PKI的标准规定了PKI的设计、实施和运营,规定了PKI各种角色的"游戏规则"。如果两个PKI应用程序之间要想进行交互,只有相互理解对方的数据含义,交互才能正常进行,标准的作用就是提供了数据语法和语义的共同约定
. X.509标准
PKI中最重要的标准,它定义了公钥证书的基本结构。
X.509是国际电信联盟-电信(ITU-T)部分标准和国际标准化组织(ISO)的证书格式标准。作为ITU-ISO目录服务系列标准的一部分,X.509是定义了公钥证书结构的基本标准。1988年首次发布,
1993年和1996年两次修订。当前使用的版本是X. V3,它加入了扩展字段支持,这极大地增进了证书的灵活性。X. V3证书包括一组按预定义顺序排列的强制字段,还有可选扩展字段
,即使在强制字段中,X.509证书也允许很大的灵活性,因为它为大多数字段提供了多种编码方案。X. V4版已经推出。
X.509标准在PKI中起到了举足轻重的作用,PKI由小变大,由原来网络封闭环境到分布式开放环境,X.509起了很大作用,可以说X.509标准是PKI的雏形。PKI是在X.509标准基础上发展起来的
) SSL公钥证书
) 证书废除列表CRL(Certificate revocation lists 证书黑名单) . PKCS标准(公钥加密标准 Public Key Cryptography Standards, PKCS)
它定义了"数据通信协议"的主要标准。这些标准定义了如何恰当地格式化私钥或者公钥,之所以需要定义PKCS标准,是因为证书的产生并不是在本地用的,往往需要在网络中进行传输,因此需要
有一个良好的规范来定义和保证证书在网络中的正常传输
http://zh.wikipedia.org/wiki/PKCS
) PKCS#
PKCS#7是由RSA安全体系在公钥加密系统中交换数字证书产生的一种加密标准,PKCS#7为"密码信封封装标准",描述了密码操作(例如数字签名和数字信封)的数据的通用语法。该语法允许
递归,例如一个数字信封可以嵌套在另一个数字信封里面,或者一个实体可以在一个已经封装的数据上签名。该语法同时允许添加任意属性,比如签名时间等。
该标准和保密增强邮件(PEM)是兼容的,如果以PEM兼容形式构建,那么被签名后的数据和签名后又封装的数据内容可以很容易地被转化成PEM格式。
这是一种将数据加密和签名(enveloping)的技术标准,它描述
1.1) 数字证书的语法
1.2) 其他加密消息
1.3) 数据加密
1.4) 数字签名的方法
1.5) 也包含了算法
常见的文件后缀有:
1.1) .P7B
1.2) .p7c
1.3) .SPC
文件中包含:
) 证书
) CRL列表信息
) 没有私钥(注意)
) PKCS#
它定义了一个用于保存私钥和对应公钥证书的文件格式,并由对称密钥加密保护。PKCS#12通常采用PFX,P12作为文件扩展名。PKCS#12文件可以存放多个证书,并由密码保护,通常用于
WINDOWS IIS,也能够被当作Java Keysotre文件使用,用于Tomcat,Resign,Weblogic,Jboss等,不能被用于Apache.
常见的文件后缀有:
2.1) .PFX
2.2) .p12
文件中包含:
) 证书(公钥)
) 私钥(受密码保护(可选))
) 完整的证书链信息 . X.500和目录服务标准
规定了证书撤销列表存储
0x1: SSL公钥证书
. 证书版本号(Version)
版本号指明X.509证书的格式版本,现在的值可以为:
) : v1
) : v2
) : v3
也为将来的版本进行了预定义 . 证书序列号(Serial Number)
序列号指定由CA分配给证书的唯一的"数字型标识符"。当证书被取消时,实际上是将此证书的序列号放入由CA签发的CRL中,这也是序列号唯一的原因。 . 签名算法标识符(Signature Algorithm)
签名算法标识用来指定由CA签发证书时所使用的"签名算法"。算法标识符用来指定CA签发证书时所使用的:
) 公开密钥算法
) hash算法
example: sha1WithRSAEncryption
须向国际知名标准组织(如ISO)注册 . 签发机构名(Issuer)
此域用来标识签发证书的CA的X. DN(DN-Distinguished Name)名字。包括:
) 国家(C)
) 省市(ST)
) 地区(L)
) 组织机构(O)
) 单位部门(OU)
) 通用名(CN)
) 邮箱地址 . 有效期(Validity)
指定证书的有效期,包括:
) 证书开始生效的日期时间
) 证书失效的日期和时间
每次使用证书时,需要检查证书是否在有效期内。 . 证书用户名(Subject)
指定证书持有者的X.500唯一名字。包括:
) 国家(C)
) 省市(ST)
) 地区(L)
) 组织机构(O)
) 单位部门(OU)
) 通用名(CN)
) 邮箱地址 . 证书持有者公开密钥信息(subject PublicKey Info)
证书持有者公开密钥信息域包含两个重要信息:
) 证书持有者的公开密钥的值
) 公开密钥使用的算法标识符。此标识符包含公开密钥算法和hash算法。
. 扩展项(extension)
X. V3证书是在v2的基础上一标准形式或普通形式增加了扩展项,以使证书能够附带额外信息。标准扩展是指由X. V3版本定义的对V2版本增加的具有广泛应用前景的扩展项,任何人都
可以向一些权威机构,如ISO,来注册一些其他扩展,如果这些扩展项应用广泛,也许以后会成为标准扩展项。 . 签发者唯一标识符(Issuer Unique Identifier)
签发者唯一标识符在第2版加入证书定义中。此域用在当同一个X.500名字用于多个认证机构时,用一比特字符串来唯一标识签发者的X.500名字。可选。 . 证书持有者唯一标识符(Subject Unique Identifier)
持有证书者唯一标识符在第2版的标准中加入X.509证书定义。此域用在当同一个X.500名字用于多个证书持有者时,用一比特字符串来唯一标识证书持有者的X.500名字。可选。 . 签名算法(Signature Algorithm)
证书签发机构对证书上述内容的签名算法
example: sha1WithRSAEncryption . 签名值(Issuer's Signature)
证书签发机构对证书上述内容的签名值
example:
Certificate:
Data:
Version: (0x2)
Serial Number:
b7::fc::f2::ec:1e
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ZH, ST=JS, L=WX, O=JN, OU=IOT, CN=LittleHann/emailAddress=@qq.com
Validity
Not Before: May :: GMT
Not After : May :: GMT
Subject: C=ZH, ST=JS, L=WX, O=JN, OU=IOT, CN=LittleHann/emailAddress=@qq.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: ( bit)
Modulus ( bit):
:c3:f2:9b:b8::3f:9e:c0:be:1d::a8::c0:
:::bb::2e:::af:da::bc:f3:f5::
f8::4d:a8:ad:::a4:bf:0a:::8d:5f::
c0:b1::a2:ae:e7:be:1e:6a:a7:d8:4a::f1:8f:
:f4:b3::::a6:fa:ed:8f:9a::::ca:
dc::::d9:::1c:5f:4f:5b:1d:2c:ca:3d:
:8b:bc::0b:0f:::6f::c7:0b:c4:::
cc::2a:4b::c6::fe:d3::a9:3f:d9:c0:1f:
:::5a::fe:::
Exponent: (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
:::9F:7C::9C::FD::::D0:2C:::0F::1D:
X509v3 Authority Key Identifier:
keyid::::9F:7C::9C::FD::::D0:2C:::0F::1D:
DirName:/C=ZH/ST=JS/L=WX/O=JN/OU=IOT/CN=LittleHann/emailAddress=@qq.com
serial:B7::FC::F2::EC:1E X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
a1:6b:be::ba:2c:6f::c4::2d::0d:d7::0a:6a:c4:
6d:6f:1c::b4:0f:af:af:be:f9:f1:3e:9c:1b:d7:0a:e2:7b:
2b:::d5:7e:::1a::a3::7f:c3:2a::7a:f5:b1:
dd:c9:c5:fc:f1::f6::f6::ce:8a::4a:4e:1d:8f:9e:
2c:9f:8a:5c:d5::5a:0a:3e:f5::4b:2f:3d:ae:bf:::
::4a:::::5a::6e:b1:ec:7f:9d:4b:f6:d8::
ee:7a::5a:bc:d6:4b:5b:c4:0d::e3::cb:b2::::
:af
0x2: 证书废除列表CRL
证书废除列表CRL(Certificate revocation lists)为应用程序和其它系统提供了一种检验证书有效性的方式。任何一个证书废除以后,证书机构CA会通过发布CRL的方式来通知各个相关方
. CRL的版本号
) : 表示X. V1 标准
) : 表示X. V2 标准
) : 表示X. V3标准
目前常用的是V3标准 . 签名算法:包含:
) 算法标识
) 算法参数
用于指定证书签发机构用来对CRL内容进行签名的算法。 . 证书签发机构名:签发机构的DN名,由
) 国家(C)
) 省市(ST)
) 地区(L)
) 组织机构(O)
) 单位部门(OU)
) 通用名(CN)
) 邮箱地址 . 此次签发时间:此次CRL签发时间,遵循ITU-T X. V2标准的CA在2049年之前把这个域编码为UTCTime类型,在2050或2050年之后年之前把这个域编码为GeneralizedTime类型。 . 下次签发时间:下次CRL签发时间,遵循ITU-T X. V2标准的CA在2049年之前把这个域编码为UTCTime类型,在2050或2050年之后年之前把这个域编码为GeneralizedTime类型。 . 用户公钥信息,其中包括:
) 废除的证书序列号: 要废除的由同一个CA签发的证书的一个唯一标识号,同一机构签发的证书不会有相同的序列号
) 证书废除时间 . 签名算法:对CRL内容进行签名的签名算法。 . 签名值:证书签发机构对CRL内容的签名值。
example:
Certificate Request:
Data:
Version: (0x0)
Subject: C=zh, ST=wx, L=js, O=jn, OU=iot, CN=littleHANN/emailAddress=@qq.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: ( bit)
Modulus ( bit):
:be:2c:a4:fc:9f:f7:b3:2a:6b:c8:2f:ec:8d::
ba::ed:8e:c1::e0:6b:5d:::ff:a1::3f:
:d5::7f::b6:::a7:1e:7f:::3b:c9:
cd::7c:9a:cc::c9:2f::f5::8d:2b::d9:
:0c:a8:6f:::1e::::5c::a4:2c::
:0e:b0::e5:::ae:6e:c6:0c:f7:b5:ef::
9b:c8:d3:af:5a::9b::1d:e3:bd:c5:7e::9e:
fc:de::fd:2a:fc:f6:::ca:::f4::0f:
e7:d6:b7::d4::3e:e2:::::::6d:
da::7c:d9:bf:5b:::f1:ba:4e:e9:::1e:
7c:fe:2d:b3:ec:::2b:4d:ce:::9f:0a:ec:
1e:fe:ee:::e5:::cd:8f:3d::d7:d9:c5:
b3:dc:c6:d7:d2:df:e6:ba:3a:a3:da::dd::cf:
6b:e4::df::::da::e2:4b::d3:::
:0e:ab:a3:bc::c9:c3:::9d:e5:f0:be::
d4:b5:d4:::::6e::::ab::3e::
:1f::::fd:b5:::b1::f0:a7::a5:
:2f
Exponent: (0x10001)
Attributes:
a0:
Signature Algorithm: sha1WithRSAEncryption
:1a:::7d::::7f::::::8a:d4:4a::
ec:ad:c9:f7:3b::::f4:d0:9b:de:ab:0e:4e::7c::
be:::::6b:1e:d0::::b2:b6:a6::5e:8a:c1:
:::df:a7:c2:b0:::bd::::9a:::::
:e7:::7b:c8::9d:fa:5d:::3a::::::
a7::3d:4b:c6:2f:ac:0c:::8c:1a:bd:::2b:7a::
4d:::c5:::9e::6b:f9:c8:dd:8f:de:5c::c7:3d:
:6a:a3:6b:e5:::2f:dd::d8:a5::be::fb::e1:
e2:cc::1e::2e:e5:2f::d9:4c:f8:d5::1d::ed::
:a2:3d::2e::2f::d3::b7:5c:::::d3:0e:
5e::::0f:4f::3c:bf:::5c:b7::::9e:bb:
:ac:f8:cc:c3:::f7:a7::b3:6c:fe:fe:::::
dc::8d:a2::e0:2e:::de:9f::c6:7e:f0::1d:0f:
8a:f3:bc:5c:2c:5c:0b:db:d9:7d::::a9::f4::1f:
7d::f4:
3. SSL证书生成、openSSL学习
OpenSSL是一个强大的安全套接字层密码库,整个软件包大概可以分成三个主要的功能部分
. 密码算法库
. 常用的密钥和证书封装管理功能
. SSL通信API接口
. 丰富的应用程序供测试或其它目的使用
使用openSSL开发套件,我们可以完成以下功能
. 建立 RSA、DH、DSA key 参数
. 建立 X. 证书、证书签名请求(CSR)和CRLs(证书回收列表)
. 计算消息摘要
. 使用各种 Cipher加密/解密
. SSL/TLS 客户端以及服务器的测试
. 处理S/MIME 或者加密邮件
openssl提供了很多不同的命令,每个子命令有很多的选项和参数,我们来逐一学习一下
. openssl list-standard-commands(标准命令)
) asn1parse: asn1parse用于解释用ANS.1语法书写的语句(ASN一般用于定义语法的构成)
) ca: ca用于CA的管理
openssl ca [options]:
2.1) -selfsign
使用对证书请求进行签名的密钥对来签发证书。即"自签名",这种情况发生在生成证书的客户端、签发证书的CA都是同一台机器(也是我们大多数实验中的情况),我们可以使用同一个
密钥对来进行"自签名"
2.2) -in file
需要进行处理的PEM格式的证书
2.3) -out file
处理结束后输出的证书文件
2.4) -cert file
用于签发的根CA证书
2.5) -days arg
指定签发的证书的有效时间
2.6) -keyfile arg
CA的私钥证书文件
2.7) -keyform arg
CA的根私钥证书文件格式:
2.7.) PEM
2.7.) ENGINE
2.8) -key arg
CA的根私钥证书文件的解密密码(如果加密了的话)
2.9) -config file
配置文件
example1: 利用CA证书签署请求证书
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key ) req: X.509证书签发请求(CSR)管理
openssl req [options] <infile >outfile
3.1) -inform arg
输入文件格式
3.1.) DER
3.1.) PEM
3.2) -outform arg
输出文件格式
3.2.) DER
3.2.) PEM
3.3) -in arg
待处理文件
3.4) -out arg
待输出文件
3.5) -passin
用于签名待生成的请求证书的私钥文件的解密密码
3.6) -key file
用于签名待生成的请求证书的私钥文件
3.7) -keyform arg
3.7.) DER
3.7.) NET
3.7.) PEM
3.8) -new
新的请求
3.9) -x509
输出一个X509格式的证书
3.10) -days
X509证书的有效时间
3.11) -newkey rsa:bits
生成一个bits长度的RSA私钥文件,用于签发
3.12) -[digest]
HASH算法
3.12.) md5
3.12.) sha1
3.12.) md2
3.12.) mdc2
3.12.) md4
3.13) -config file
指定openssl配置文件
3.14) -text: text显示格式
example1: 利用CA的RSA密钥创建一个自签署的CA证书(X.509结构)
openssl req -new -x509 -days -key server.key -out ca.crt
example2: 用server.key生成证书签署请求CSR(这个CSR用于之外发送待CA中心等待签发)
openssl req -new -key server.key -out server.csr
example3: 查看CSR的细节
openssl req -noout -text -in server.csr ) genrsa: 生成RSA参数
openssl genrsa [args] [numbits]
[args]
4.1) 对生成的私钥文件是否要使用加密算法进行对称加密:
4.1.) -des: CBC模式的DES加密
4.1.) -des3: CBC模式的3DES加密
4.1.) -aes128: CBC模式的AES128加密
4.1.) -aes192: CBC模式的AES192加密
4.1.) -aes256: CBC模式的AES256加密
4.2) -passout arg: arg为对称加密(des、3des、aes)的密码(使用这个参数就省去了console交互提示输入密码的环节)
4.3) -out file: 输出证书私钥文件
[numbits]: 密钥长度
example: 生成一个1024位的RSA私钥,并用3DES加密(密码为1111),保存为server.key文件
openssl genrsa -out server.key -passout pass: -des3 ) rsa: RSA数据管理
openssl rsa [options] <infile >outfile
5.1) -inform arg
输入密钥文件格式:
5.1.) DER(ASN1)
5.1.) NET
5.1.) PEM(base64编码格式)
5.2) -outform arg
输出密钥文件格式
5.2.) DER
5.2.) NET
5.2.) PEM
5.3) -in arg
待处理密钥文件
5.4) -passin arg
输入这个加密密钥文件的解密密钥(如果在生成这个密钥文件的时候,选择了加密算法了的话)
5.5) -out arg
待输出密钥文件
5.6) -passout arg
如果希望输出的密钥文件继续使用加密算法的话则指定密码
5.7) -des: CBC模式的DES加密
5.8) -des3: CBC模式的3DES加密
5.9) -aes128: CBC模式的AES128加密
5.10) -aes192: CBC模式的AES192加密
5.11) -aes256: CBC模式的AES256加密
5.12) -text: 以text形式打印密钥key数据
5.13) -noout: 不打印密钥key数据
5.14) -pubin: 检查待处理文件是否为公钥文件
5.15) -pubout: 输出公钥文件
example1: 对私钥文件进行解密
openssl rsa -in server.key -passin pass: -out server_nopass.key
example:: 利用私钥文件生成对应的公钥文件
openssl rsa -in server.key -passin pass: -pubout -out server_public.key ) x509:
本指令是一个功能很丰富的证书处理工具。可以用来显示证书的内容,转换其格式,给CSR签名等X.509证书的管理工作
openssl x509 [args]
6.1) -inform arg
待处理X509证书文件格式
6.1.) DER
6.1.) NET
6.1.) PEM
6.2) -outform arg
待输出X509证书文件格式
6.2.) DER
6.2.) NET
6.2.) PEM
6.3) -in arg
待处理X509证书文件
6.4) -out arg
待输出X509证书文件
6.5) -req
表明输入文件是一个"请求签发证书文件(CSR)",等待进行签发
6.6) -days arg
表明将要签发的证书的有效时间
6.7) -CA arg
指定用于签发请求证书的根CA证书
6.8) -CAform arg
根CA证书格式(默认是PEM)
6.9) -CAkey arg
指定用于签发请求证书的CA私钥证书文件,如果这个option没有参数输入,那么缺省认为私有密钥在CA证书文件里有
6.10) -CAkeyform arg
指定根CA私钥证书文件格式(默认为PEM格式)
6.11) -CAserial arg
指定序列号文件(serial number file)
6.12) -CAcreateserial
如果序列号文件(serial number file)没有指定,则自动创建它
example1: 转换DER证书为PEM格式
openssl x509 -in cert.cer -inform DER -outform PEM -out cert.pem
example2: 使用根CA证书对"请求签发证书"进行签发,生成x509格式证书
openssl x509 -req -days -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
example3: 打印出证书的内容
openssl x509 -in server.crt -noout -text ) crl: crl是用于管理CRL列表
openssl crl [args]
7.1) -inform arg
输入文件的格式
7.1.) DER(DER编码的CRL对象)
7.1.) PEM(默认的格式)(base64编码的CRL对象)
7.2) -outform arg
指定文件的输出格式
7.2.) DER(DER编码的CRL对象)
7.2.) PEM(默认的格式)(base64编码的CRL对象)
7.3) -text:
以文本格式来打印CRL信息值。
7.4) -in filename
指定的输入文件名。默认为标准输入。
7.5) -out filename
指定的输出文件名。默认为标准输出。
7.6) -hash
输出颁发者信息值的哈希值。这一项可用于在文件中根据颁发者信息值的哈希值来查询CRL对象。
7.7) -fingerprint
打印CRL对象的标识。
7.8) -issuer
输出颁发者的信息值。
7.9) -lastupdate
输出上一次更新的时间。
7.10) -nextupdate
打印出下一次更新的时间。
7.11) -CAfile file
指定CA文件,用来验证该CRL对象是否合法。
7.12) -verify
是否验证证书。
example1: 输出CRL文件,包括(颁发者信息HASH值、上一次更新的时间、下一次更新的时间)
openssl crl -in crl.crl -text -issuer -hash -lastupdate –nextupdate
example2: 将PEM格式的CRL文件转换为DER格式
openssl crl -in crl.pem -outform DER -out crl.der ) crl2pkcs7: 用于CRL和PKCS#7之间的转换
openssl crl2pkcs7 [options] <infile >outfile
转换pem到spc
openssl crl2pkcs7 -nocrl -certfile venus.pem -outform DER -out venus.spc
https://www.openssl.org/docs/apps/crl2pkcs7.html ) pkcs12: PKCS#12数据的管理
pkcs12文件工具,能生成和分析pkcs12文件。PKCS#12文件可以被用于多个项目,例如包含Netscape、 MSIE 和 MS Outlook
openssl pkcs12 [options]
http://blog.csdn.net/as3luyuan123/article/details/16105475
https://www.openssl.org/docs/apps/pkcs12.html ) pkcs7: PCKS#7数据的管理
用于处理DER或者PEM格式的pkcs#7文件
openssl pkcs7 [options] <infile >outfile
http://blog.csdn.net/as3luyuan123/article/details/16105407
https://www.openssl.org/docs/apps/pkcs7.html . openssl list-message-digest-commands(消息摘要命令)
) dgst: dgst用于计算消息摘要
openssl dgst [args]
1.1) -hex
以16进制形式输出摘要
1.2) -binary
以二进制形式输出摘要
1.3) -sign file
以私钥文件对生成的摘要进行签名
1.4) -verify file
使用公钥文件对私钥签名过的摘要文件进行验证
1.5) -prverify file
以私钥文件对公钥签名过的摘要文件进行验证
verify a signature using private key in file
1.6) 加密处理
1.6.) -md5: MD5
1.6.) -md4: MD4
1.6.) -sha1: SHA1
1.6.) -ripemd160
example1: 用SHA1算法计算文件file.txt的哈西值,输出到stdout
openssl dgst -sha1 file.txt
example2: 用dss1算法验证file.txt的数字签名dsasign.bin,验证的private key为DSA算法产生的文件dsakey.pem
openssl dgst -dss1 -prverify dsakey.pem -signature dsasign.bin file.txt ) sha1: 用于进行RSA处理
openssl sha1 [args]
2.1) -sign file
用于RSA算法的私钥文件
2.2) -out file
输出文件爱你
2.3) -hex
以16进制形式输出
2.4) -binary
以二进制形式输出
example1: 用SHA1算法计算文件file.txt的HASH值,输出到文件digest.txt
openssl sha1 -out digest.txt file.txt
example2: 用sha1算法为文件file.txt签名,输出到文件rsasign.bin,签名的private key为RSA算法产生的文件rsaprivate.pem
openssl sha1 -sign rsaprivate.pem -out rsasign.bin file.txt . openssl list-cipher-commands (Cipher命令的列表)
) aes--cbc
) aes--ecb
) aes--cbc
) aes--ecb
) aes--cbc
) aes--ecb
) base64
) bf
) bf-cbc
) bf-cfb
) bf-ecb
) bf-ofb
) cast
) cast-cbc
) cast5-cbc
) cast5-cfb
) cast5-ecb
) cast5-ofb
) des
) des-cbc
) des-cfb
) des-ecb
) des-ede
) des-ede-cbc
) des-ede-cfb
) des-ede-ofb
) des-ede3
) des-ede3-cbc
) des-ede3-cfb
) des-ede3-ofb
) des-ofb
) des3
) desx
) rc2
) rc2--cbc
) rc2--cbc
) rc2-cbc
) rc2-cfb
) rc2-ecb
) rc2-ofb
) rc4
) rc4-
4. CA中心搭建、SSL证书生成过程
我们知道,用openSSL这个套件可以完成CA的搭建、SSL证书从生成到签发的全部过程,在使用openssl的指令的时候,我们需要记住几点:
. 在生成过程中有很多文件扩展名(.crt、.csr、.pem、.key等等),从本质上讲,扩展名并不具有任何强制约束作用,重要的是这个文件是由哪个命令生成的,它的内容是什么格式的。
使用这些特定的文件扩展名只是为了遵循某些约定俗称的规范,让人能一目了然。 . openssl的指令之间具有一些功能上的重叠,所以我们会发现完成同样一个目的(例如SSL证书生成),往往可以使用看似不同的指令组达到目的 . 理解CA、SSL证书最重要的不是记住这些openssl指令,而是要理解CA的运行机制,同时理解openssl指令的功能,从原理上去理解整个流程,就不会觉得模糊了
下面我们来一起学习一下怎么用openssl来完成一个CA的功能,并且签发一个apache可以使用的SSL证书
0x1: CA认证中心准备
我们首先要明白,要进行一个证书的签发工作,第一步要做的就是进行CA认证中心的准备工作,CA负责对请求证书(CSR)进行签名,有两种选择
1. 选择市场上公认的权威性的CA中心
. WebTrust
http://www.webtrust.net/ . GlobalSign
http://cn.globalsign.com/
http://globalsign.tbs-certificats.com/ . GTE
http://certificate.fyicenter.com/335_Root_CA_GTE_CyberTrust_Global_Root_GTE_CyberTrust_Solutions.html . Nortel
http://www.nortel.com/ . Verisign
http://www.verisign.com/
选择权威的CA进行证书签发的好处就是目前大多数的浏览器都会预装内置了这些权威CA的公钥证书,这样,在使用这些权威CA签发过的证书的时候,浏览器一般不会报风险提示
aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAgcAAAG7CAIAAADYI6H/AAAgAElEQVR4nOy9Z3RUZ7rnqy8zs+b06Vlrzj1r5syMu93tCCaDsoRiKSdABJENAqGchQAlMhiwDU5gG2fczgEb29im28bkqFxx51xVO+fC7u77Ye8KEsLuPufcu+bDqfVbtV5tCiGQ2D/9n+d5X8V9880377333okTJ/bv39/W1jZv5q/+Fcyf9Y8T+fX8Wb9eMNsmfs5/s1gQy+z/FnnBJCLvZ95Miwl/1twZ//Cz/OpvYua/hX/4O/iFj/Y/+P+Av+sTFOXf+FXxH/zfwD/MnfkPc2KYPcNmVpiZNr+ymfmP/8G0jXVzOnqSn3g24/gbuW99HPfuu+8+++yze/bsmTfzH+fN+p9vvb7vz3foMNS/FvpnoX6aktC9IH+RP9+ZxM9+eD9Sf/7xX/GXuvtP+Vsg7gKPAfvzHezPd9AoIeQu4HsA3QU4FUAUM8pPpu+nkO+nkO8nc0q898ZjY3h+Mjw/Gu4p0C1c4WebO38fzgloUxD6dyD6J/6o2x+/9VeL/k1Nz0+m98//PxOaEt+/CuDPId9PIWDSZ/lH0/ejEYv3R8N3x/DdMbx37MUkgDsG8ONkwCimBTQV8ESQWH6KgtqEYsF+CfxufpzInRhCITwUImIgQyEydIcM3SHvTA3178VPP+mrC3J/+r/jsbog96ef9NdfPzBr9r/MnPXrGXWtCbsPpz33Wtzx48f37Nnz2//zD2+/ceiOestkXzGY/QazT6enZO9E9tnP1D6N2qfR+zV6v0Yf0OiDGn1Qpw9q9BMac0ijD2n0YY0+rNGHVOqQRllXDmn0IXUCT6jUEwp1wIbcp5D7FHKvTOyWid0ysUsmdsr4TgkfkPB+Ce+X8D4Z75OJPoXoV4h+hRhQiH6FHFCpnZoFvVOndxnMbp3ZrTO7DX8U8+9gl+nfZTAWO2MYMPwxMP0G028wfQbTazC9BtNjMD0GsyPMdoPZbtDdBt1t0FsNutOgOgyqTadadbJZJxt1sl4n63WiVidqdKJGJzbrRLVOVGv4Rg3fqOEbNPxxDV+v4es0fK2GrdGw1Rq2WkNXaegqDV2poVUaWqWiy1VkmYosU5GlKlKpIktUZImKLFbhxSq8SIErFPu5XIHLFLhMgUpVqEyFS1W4RIVLVLhYhYtVuEiFC1WoUIUKrGcFzJfBfBnMk0GHDDpkwCEBOaIvR/BmC55M3p3JuTM410LOuZB1prPOdNaZxo6nseOpFoGx1MBYamA8JTCeYq9tUvxjKf6xZAtmNJkZSYohkRlJpIejUEMJU0JGGEwgYrmdQNyOvzfWyxLJwURqKIkeTmZGUvxjacHxdM6VIbizRG+25MuRgVwFcCigQwXzVChPg/It1KnQfpmCidx9JUKhBhVqcCxFMRRPpESDSzS4NEyZDVKuIWUaYi3KVbhMgctkqFQCSyWgRARKBF+J4C3mPMWcq4h1FQZdhUFXUdBVGHAW+W2KA87igLMk4CwNOEsDrrKAqzzgqgi4K4LuxUH3kqB7SdBdGfQsZT3LWM9yzruc867gvFWcbyXnW8n5VnG+1ZxvDedbwwHrOGAdD6znwQ08uEEANwrgRgHaJECbBGizCNWI0BYbuFaE68M0iHCjDdIsIs0S2iyhLRLaIqGtEtoqo60y1ipjbRLaLqJtItomoG0C2sajbRzaxqJtQbQtgLT54VYGaaPgNhJuJ+BOHO7C4K0YshVDt6HodgzrwfAenOjFiT6ctCFs+gmynyAHCHKnDWVDUjtJatc9oXfHsIek95DUHpLao+ljq/Iy+KGviM+O058fZ84cZ84cD5w5zp45zp55QTjzgnjmBfnMC8qZF9QzL6hnntPPPGecec4885x55vm7Me56Uz/zvHrmefXMceXMcfnMcfHMccF+5ycCZ04wZ04wZ07Qn58gPjvBD51dlZeh6eMB9hVFvfXGG4f/z32/ml7XEr/7SNyePXvmzfzVqdcPhcQzOr0/zIEw+++hh8jL9uuMhWWCQzpzWGeO6MwRnXlSZ57S/U/r/qO6/6jmP6b5j2nMUY05qvljYCI8rdFPafSTGn1Eow9r1CGVekKlDqrUAZXcrxL7FGKPQuxWiF0KvlPBdyp4v4IPWD5QyX6VHNCogRgf7DToXZYVJt7l99iLwO5QYE+Y3eHn3aHA7pA/ll0T2RnyD0ykP4a+kL8v5O8N+XtD/h7TgtlhMttNZrtJbzPpbpPuNukuk+4w6TaDbjWoFoNqMqhGg6o3yFqD3GIQmw1is0FsMoiNBrHRIDYYxOMGsd7A1xn4OgNfo2NrdGx1+HmVjlXp6AodXaGjy3V0mY4u1dClGlqpIUs0ZLGGLNaQRRpSoSEV1t1BQ8rDN45SDS7VkFINKdGQYg0pDt90rNtQgf0M5WtQnmrjUEGHAuYqQI4M5EjebMmTJXoyBXeG4FrIuxbyrnTOlca50jhnGutMY52prDOVHU8NjqcFx9OCzjR2PDUYJSU4nhIcSwmOpQRGUwKjyYHRpEn4RyIkMsP3hB5OpIcS6aFEKpbBRGowgZwKatB6TVJUCaOpAcsKzgzenSl4skVvjuzLVQCH7QM4X4cL/m0U3sXP/FJRFCRC8URKYijVkVIdKQtTriPlOlKmo+U6Wq6h5bYe4DIVLlOgcjniBm8x5yni3MWsq4h1FbOu4qCzOOgqDrpKbCW4SoOu0qCrLOgqY13lrKuCdS/iPIs4z2LOs4TzVHKepZxnKeddxvuW874VvG8F76vifSt53yoBWCUAqwVgjQCsFYB1ArBOANcL4OMitFGENopQtQhtEqFNIrxZhGskeIsEb5HgWgmuk+A6Ca6XkAYJaZCQRglpklGLZhltkdEWGW2VsFYJa5PRNhlrk7F2CWsT0TYRbRXQNh5t5dBWFm0NIi0BpNUPtzJwq20FqAOHOzG4C0O2oug2FN2OYjswfAdG9GBEb8QKMW64SwykpYQIf4MYqN0RKyzPzWBvniE+fob4+Bnq42foj59hPjka+OQo+8lR/pOjwqdHxU+PKp8eVcPoUY79ImoY5dNj4qfHhE+P8Z8cYz85FvjkGPPJMfrjZ6mPnyU+fpb4+Fn25hcrcjM0fZyk95H0PkE88/obh2fO+vVjta1xmzdvnjfrf/6o3dKZ/TpzwMJgDhjhdYwq9oclEVYCc1BnDurMEzpzyGAO68yTOvOkzjyt+4/p/md0/7N64Hkj8IIROG4EjhuBEz+P7j+u+1/Q/c/p/ud0/zMac1RlnlKZJ1XmsEofUukDKrVfJfcp5F6F3KOQuxRip0IMKMROhehXiQGNtJQwoFE7dSqsBHqXQU+wQvheH/HBnjs2u+2Ff3cMuyzCShgI+XeGGQj5B0JMv81kJfSG/D0hf0+I2RFme4jZHqK7Q/TWsBXaw2JoMqhGg6w3yDqDqAkroTqqBPzxsBLWGvhaA19j4KsMbKWBrTTQKgOtilHCMh1dqqOVOrJER5bo6GIdWawjFTpSYd8m4DIdLtPhUh0u1eGSGKzvOqNWCN+t8nXY+j43T4PyVNgSQ64C5ihAjuzLlnxZojdT8GQKnqgYLDhnWoSwIdLY8bRgrBjGogRGk+/GP5rsH7FIYkaSmOGpoYeT6CEbKpbBRHIwkRxMIO2FDTWYSA0mUUNJ9FAyM5TMDKf4R1IDo2nBsXTOuZB3ZYrubMmTI3tzFcChgvkalK9D9u3b+Ncy4UY/gUIdLjTgontQbINEKJlIaQxlYcoNpDyy0NEKHbW+Bip0uFyDy1SoTAHLZKBU8pUIvmI+7AbOVcy5izhXEecqZl3FrLOEdZawzlLWVcpGrOCq4NyLOPdi3rOE9yzhPZW8p5L3LOM9y3jvcsG3XPCtEHxVgm+l4ItYYY0IrBWBdSKwXgTWS+DjErRBgjZK0EYJqpagzRJcI9liiFihToLrJbheRhplpElGmhS0OUyrhZUVFLxNxttkrF2y40Irh7bwSEuMFVoYuJWCWwm4nYDaMagDgzvRSVbALStY3CsxDBDkTtLibxcDFWGPpo8ty05lr36KvHsEf/cI8e4R6t0j9PtHmPePBN8/wn5wmP3gsPDBYfGDw/IHh5UPD6sfHlY/PKRHORyL+uFhbeKb6odHlA+PyB8cET84InxwhP3gCPvBkeD7TzLvP0m//yT17pPEu0/i7z6JvPske/X08uzUiBVIep+i3po1+1/uL1kcN3fu3FOv7wuxr1hWMCL4D+j+AxNDw8QkEeMDw/+k4X/KCMsgbIIXjeDLRvBlI/iKEXzFYF8z2Ndtgq8ZbAxBi1eN4CtG8KQReEkPHNcDL+j+57SoHo6o9CGVOqhS+1Ryr0LuVshdCrnTcoNqi6FfI2096NRO3aog0TtNZpfp320yu00mxgr+SDiwlDCFDGKsECuDu5TATPJB7xQ+YLaFmO4QvTVEd4XorhDdEaI7QnSbSbWYZKNJNphkvUluMcnNJrHZJKpNYqNJbDDxx018nYmvM/G1Jr7WxNeY+OqoErCVk32AVOqoxWIdXayji3R0UYwPSmOwZaDDRTpUrEMTUoLlA80mz1pYWUGzAB1qWAyyN0vyZoqeDMGTIbgzePdC3pXGu9L4qBVSOVsJqdx4Kjeeyo7dTUpwLCU4mjyJwGhyYMQiyT+S5B+eGlsPQ0nMUFQP9FASNZhITfRBrBjowcgrk5nhlMBIanA0jR1fyDkzBHeW6MmWvDmyL1cF8lQw799DDEXGPawQ+4J/VzeUTXADUq7HhEUVKlPBUksMoq9Y8Bbz7iIuBtZtpwfWVcy6SlhXKesuZd1lrLucdZezngorMfCexbx3Ce+t5L2VvHep4Fsm+JYLwAoBqBKAlQKw0k4M4BoRXCuCa0VwnQiuF8HHJehxCd4owRsluFqCN0nwZgneLME1ElIrIXVh6iWkXkYaZKRRRptkrEnBmhWsWcFaFKxVwVoVtFXF2hSsVcbaZKxVRFtFtJVHWzmkhUWag0iLH2nxwy003ELCLQTchket0GWLAduBWlawxEDcLYZYKwyQf7MYCGoXQe2KscJuTR+rzEhiLn4IvbkXeXMv8tZe7K29xFt7qVN7mVN7mVN7g6f2sqf28qf2iqf2iqf2yKf2qGGe726rXF5j8Xx3m3pq791XZPs37uNP7WNP7Que2sec2sec2ked2ke8tQ97ax/y1j7kzX3Qm/uYix8tzUjSY6wQYE++9vqB/2f2/Lh5M3/1kzFmMAftfEDbWUFnYpVwYGJl6aDGHNSYQzpzWPc/qfufMvxHjcAzhv+5sAxeMoKvGMFXDfZ1g33D5N4yubdN7m2T+0MMbxv2xTDs2yZ7ymTfsAyhB1/WAi9q/hc0/3Mac0xjnlbpJ1XqkEoeUElLDHvCYhgIi6FfIy0GdGpApy0x7DToXSazy2Ri4kJgj62HwO7Q36UEZqIMmL4Q3RtiekJMVAkmsyPMdpPZbjLbTKbbZLpNZqvJdJl0l0l3mlS7SbWbVKtJNRtUo0E2GGSdSdaY5GaT3GQSG01io4k/buLrwzKI+MBSQpWO3Z0PKnW00kCXGOhiA11koIsMtML63jCshIgJinW4WIeKdKhQt0rY0Uq3HQs0OEK+BufpsEOPKAFyaLBDgxwqlKuAOYovW/ZZYlgouhcK7nTewpXGO1MtJXDjKdx4SqTZECuDSUzwwWhyYDQpOJoUGIlyLzH4w1ZgJoWGwUTqdgJ5N+G4QA0mUYOJ9FASM5wcTQzjCyN1JMnnkIE8BcxXrX8luECLKfX8PVmhUIcLdajA+mePoUCHCu5ZPppA+HM3dRHpZ9xQZlhlpUjXAS7ToFIVKlWAEgkolnzFoqdY8BTz3iLeU8S7i3h3Me8q5t1FnKuYcxVzrhLOVcq5SjlXGecu49zlnKeC91TwnkW8LYZKwVspeJcKvqWib5noWy76VohAlQisFIFVIrBKBFaLwGoRXCOC6ywxSJCVGDZI0EYJrpbhTTK8WYZrZHiLjNTKSK2M1MlInRyxgiUGNGKFlogbZKxVxlokrEVEWwS0lUdbOKSZRZqDSPNEK7TiUDsGtWNwJ4pYcaEbxbajeDgu3JUYJsaFfpIcICNioH5ODEQMsVZYnDKf/v4d38u9wMu9wMu98Mu9yMle7GQvcbKXOtnLnOxlTvYGT/awJ3v4kz3iyR7x5A6LyuU1fw0/KpfXPNfRPOmKeLJHPNnLn+xlT/YGT/YyJ/uYk33UyT7iZB92sg852Qe/3Ae83Ae83Od7uY/+/t3FKfNjrUDSBwxjfObMf4ybN/NXf/mRNv0HIlYw/AcM/0FLDxy5792b3U9d3LP77IdXnFe63jj98hdvut1PavQTOn1IZ47ozFO6/1i4WHTcCL6kB07qwVeN4BsG+5bBvm1w7xjceyb3vsl/aPIfmsJHYT60r0T5wOTeM7l3DO5tg31LZ9/Qg6/qgZe1wAnN/4LGPKsxT6v0EZU6pJIHVXK/SuxViN0KYTUY+hWiTyH6VaLP0oNK9mvUgEZH3LDLYCw37LIayKZ/V7i7YAeIu3yw8656UV+I6TOZPpPpN5k+k+k16R6T7gnRPSGmJxTVwKQuglUy6jLpTpPuNOkOk2o3yTaTbDXJZpNsMskGg6wziFqDsJoK1WElPB5OCWtifWBgVTq2PCoDywfIEn2iDwykwvo+0ZJBuDNZpMOWCYq0iA/AfA3MU6F81W6rWnd8q57u0GCHbpOnR9cOHcrVoBwNytHAHAXIkn2ZsjdD9NpiENxWXEhlx1O4MPcSwFT5wHJAYiz+4USrx8Dcww2TrWBXihLJ21bzOUrEDdTtSJgIF5RGUv0RMbgyBXeWXUryOVQwz6omadZ9PMIvGSLsA1sA0X5ymKgbohTem6Iok2wBF0d6DDFuKI0RQ5klBhUu1eBSFSpRwGIFKJaAEslbJHoKRU+R4Cni3YW8u4hzFXKuQs5ZyDntmhLnKp7khrAYLDcssd1gi2GZ6FsxlRvW2IkBWi9CUTfIthgsN2y5yw0NETcoaNNEMbQoaKuMtUpYi4S2CGgzjzZzSDOLNAXhJj/czMBNNNRCQpYV2lCoHYM7YqywDcW2xVihByd7wmLoJSaKgYyKYeAuK0TdQNxFxArlC2ZiX7829lTr+FOtzqdaPU+1eo+2AEdboKMtyNEW7GgLcayFOtZMHWv2H2sOHGsOHmtijzWxx5qeaamdpIHY9TMtteyxpuCx5sCxZvpYM32smTjWgh9tQY+2wEdbgKOt3qOtnqdbnU+3jj/dOvZUK/bN6+ULZk60wr47d+gprGAwB8PthAPjrl3V50uaz7/yGfjFtu8utHx1edPp6xuPf1tz/NXPb3Vo9GGNflJjntaYZ3T/87r/hB54WQ++EvUB+67JvW9yH5r8xyb/qSmcNoXPwnweWYeifBoSPjH5jyw9GNwfdPZNPfi6Hjip+1/UmBc05lmNPqpST6rUIYU8qJD7VGKPTOyUiQEZH1CwPgXvVfBehehTiV6V7FPt3NCvUwM6NWDQAwa902QsdtnP/l2mnQZ2hfy77vh3WkyQQbRe1GcyfSbda9K9ESWY9I4w20zaksE2k+42qa0mtdWgugyq06A6DarDoDsMusOg2g2qzaBaDbLFIJsNMtxRIGsNYrOBVxv4RoPYYPUSTHyNga82sNVhH6zQseU6tjzGB4t1ZImOLNYR2wdmVAllBlKqIyU6XKxBRSpUqEYyAZivgQUamK+C+SqYpwIOBchVfDkKMBEwR4VyNShXh3N1xGHADgPJMxBHFNhhwLk6nKOB2SqYJQOZsjdD8i4UPAsFdxrvSuWdVkSIEhxLCY4l20wyQWw7YTjJP5wwgZFEZjjRbxPtKEwSQ7TBMBhuKtxOJG8nkLcSyFvxxFSQtxKI2wnWgryVQA0m0UPJ/uGUQIwYrGqS5MtVAIcC5Nl6ACfq4R5iiFXCxEwWM3QEFljvTbPerf2pyQ9/pqZiolc0qEib7IaSGDfYMUK3p5JKVbhUgUpVqESFilWwWAaKZV+x5C0SvIWCp5D3FPLuQs5daImBdd7thpKoGzyWGybmBl+sGyblBksMa0RwrQitE6F1IrQ+EhrkqUNDbUxoaFCQRgWd6Aar/4yGrYA0cUgzizQG4SY/3MTATRTURELNBNSCQ20o1IbCHSjcgSJbUXQrinWj2DYM2x7uLvRgRA9O9ISt8EtimJgbCGrn3UqIiEHTx0rnTkO+PDl0sH7kYP3YwXrnwXrXoVr3oVrgUC10uBY5XIscqSWO1BJHaukjtcyRWuZIbSDMsaaaWBlElHCsqSZwpI45UsccqaOP1BFH6ogjdciROuRwHXS4DjhU5z5U5zpU5zzYMHawYeRgw9DBBuTLV0rnTovtK5DU3VawCCuBhveuPJdXPZQLCldF030Wd/dR/o7LYMPJS8t732g6NfD1F0+q9FMqfUzzP6f5j+uBl/TgK0bwdYM9ZXB/MMa3VVbsgLmPDFdfZdyUj83XhS/MKM8eiks/7f4sJJw2hacPxcVVvv+iwb6jB0/pwde1wEnN/5LKvKAyz6r0Uyp1WCWfUIh9CrFHxnfJ+ICE9Utor4T1KnivbLkB71WJPtsNVL9GDUTdwOw0mIgedpoxmeCOf+ede40YWVage026x7DZYVA7DGqHQW836G0G3W3Q2wxqq0FtNagunew0yE6D7AjTblDtBtlmkK0G2aKTLTrZpBONOlFvEHUGscXAa3TcsoI1dLTWxNca2JqYiLDCwJYbWGw/ebGOLNKRRTpSoVsyQCtMtMJEyw3U+g7RUkKhChYoQL4C5Ck+hwJEyFF8uYovR/HlyN4sySZT9mbJ3izJlyUD2SqYrUE5OpxrIA4DyTVRx2SQXAPJMeAcHcpWgUwFyJR9mZInXXCnC5YVLMZS2LFkdiyZHUtiraJQhEhpKLpIZIYTmKEEZig+ynCCddESAzOceLcS/OHuQlgMlhXCEeFWwhRWuLkAv7kAv7EAv7mAuBlP3IwnbiWQtxPtTkO4zcC5snh3tujOFj25ki9X9jkUwKEC9qxqrBh+vnZkKWHiSGuBDViggQUqmK8CeSqQp0wgX70XYIFNRA+R6DCh5RBd60iphpTZQQEqUcASFSxWwCIZKJZ8RaK3UPQUCu5C3lXAuws4dwHnKmBdBazz59zAu8t4z8Tc4F0iTHDD8qlyQ6wb1se4ISKGnykoNdhisNyANktos4Q0S2izgDbxSBOLNLJIQwBu8MONYSs0EVALBrWgUBsKt6NwB4p0WVbAolaw55HwcGIgJouhj4i1wsQ2AxFlajFo+ljJ7Iehz1+8tWfT4J5Nw3s2je7ZNLZvo3PfRu++jcD+jdD+jdCBjdiBjdiBjeSBjdSBjdSBjUwMxxqqK5fXiOFH5fKaYw2bmAPVzIFq6kA1daCaPFCNHajGDlRDB6qh/dXA/mrvvmrnvurxfdVjezaP7Nk8tGfzrT2boc9fLJn98C9YwfQfNPzR6aMnvtyQfunBOk/uFf2Pf/pRuqhxuwNc82Wg6dSNpds+qH/uqe5X6/zwUyr9jEo/rzIntMBJPfCaHnxDZ08Z7B909r3re+PiKvpg/rTBf27wZwzhS+NCTdyi3Yh41hTPmuLZkM1XIfGrkPj84biFp91nwqHhldOL4uL2HjKCp/TgG1rgVc3/ssYcV+nnVPqYSj+pkIcU4oBM7JPxXRLWL2F9EtojoTskdIeE9ci4Ra9K9NmQfRrVp1F9Ot1v0FZuGDCZAZMZMO9uI9smGIhOFjF9IaY/ZOcDSwbbDWq7QW0zqG6D6tapbp3aqpNbdbJLI7s0okMj2jWiXSNaNaJdJ9p0ojVMs040aUSTRjRqRL2O1+p4rY5vsZSg4xsNfINBrDfwtQa+2sBWWSUjA1thYMsMdKmBVhpopYEuieknV+houYFYSig3sQoTLbNuAWEl5CtAnuTLkbw5sk227M227v6yN0vyZIruDNG9UHAvFDwLRfdC0bNQ9CyUvBkKkKVC2TqcYysBc4QsGWBhUIeB5BpIrgHnaFC2CmSqvgzJmyFZVoiIYTyJHUtix5KCo4nB0UT/SOLkKDCcEB4ztWVAD8VTtxdQg/F0GNsNETFMVUeKTiUNJdFD4fLRrTA3E4ib8cTNBRaWD7Dr87Hr89Hr86wFdmMBfmMBcSuBtELDaFpwNI0ds9wQzg2eHMmbY9WUYgtKv9BXiFgBnERBZG1pQPY5JJ9D8jnkWIA8BcgP2z1P8eXJvjzZl6f47OsRN4TnWe9uR9tr3RpHtsVQLINFClCkgEUyUCj5CiVvoegpENz5vCufcxVwrnzOlc86LQpYSwxRN5RwrlLOXcq773KDd7EwpRuAqilyAzSpoFQdExpiC0pRMSioJQar2dAkoU0S0iQijQLSwCONLFzPIg0BuN4PNTBQQ9gKzTjYgkGtdlxAOlG0C0W3Ytg2zC4iWVaIFUPPVGLoIyeEhp13t6CndIOmj6X983+59XTH6cJHPit65EzRI18WPfJN0cN/Knn4fMlDF0seuFz6wPWyB26XPTBU9sBI2QNjZQ+Mlz3gjOGJyqLK5TVM+FG5vOaJyiJn+YMW4+UPjpQ/OFT+4O3yB6+XP3i57MGLpQ+eL33oT6UPf1v88FfFj3xR/MjnxY+cLnrk1tOd6f/8X6JWoH7BCgcN5mDZS4tSnt1Qca57iwd8XZePylIzxGz6o7vm5LXlW79uPNnVcy3h64t9CvWMQr+gMidU/0kt8JoWeFMPvq2z7+rs+wZ38pOKuEPnP9O5zw3+C4P/yriwJW7RHkT42hS/NsWvQ+LXN/ZPnSPi4uIO//CRyb1nsH/Qg29pgdc1/0mNeVFlnlfpZ1TqKZU8LJMHZGKvjO+S0H4R7RXg7QK8TUS2i+h2Ed0uYztkbLuM9yh4j0r0KESPSvSoRI9G9elUn0716nS/QfeZzIDJ9IeYsAwCAzaxuxCYvhDTG2J6Q+GSkUFtN6huSwk61W3LgOjUiA4Nb1fxNhVrVbFWNVz0VLFmFWvScItGDVpLYrMAACAASURBVGvQsHoNq9OwWhXbomE1GrpJxzbZSsAfN/CwFfCVJl5l4itMbLmJLTWxSgOL7SdXGGh0ANFEy0y0LISVmWiJgRTrcKEGFahgnuzLlTzZojtLdGeJ7kzRbTnAYqEtA1c670zjxlN4ZyrvShNcaYI7XfSky74MFczSoRwDzjXR3BDmuIPn3cEcIQs0DJJrwjk6lK2BWapVR3KnC+40wZXKO5M5ZzI3nhQcSwqOJgZGEwMjE0PABBbQgwuowQXU7fnU7fnEzXnErflkGOr2AnpwAT0Uz8RawZ5btUeV/CPJsYlhohXiLSXY4eDGAuzGAvT6fPTaPOTqXPjKHPjqHOTqXOTqXOTaPPT6fPxmPHErgR5MoodT/CMpgdG0wFg6O57BOTN5VybvtjY0OKLjSZYVkEIDKbIwrUXUCoVTWSFPBfOUWB94c0VvjuDJETw5YgRvrmThc0i+PMnrkCJXvLmS1yF7HbIvT7HFYFmh2ECKDbRkAjFu0JBiFS5WoGIFLFbAIgUsVABLDAWit0DwFPDufN6Vx7vybTG48ia6YWJucJfyUTdEC0qC12JSTSnihlUisEoErS70mnA1aX14btVyw+Z7ucESg4w2ymijhDaKSGPYCg0sXMfC9QG43g/V01A9CTVQUCMBNeFgCwZacaEtYgU7LuDbMHx72Ao7MGKHZYUYMfROTAz9U7vh3i1oTR9L/e//6eaR1k9yf/ep43efOX53xvG7s477z+Xf/13+b3/Iv+9iwX1XC++7WXjf7cL7hgrvGy28byyGg4sLKpfX4BMflctrDi4uGCv8zVjhb0YLfzNU+Jvbhb+5Wfibq4W/uVjwmx/yf/Nd/v3n8n931vG7M47ff+b4/aeO33+S+/ubR9pS//t/sq1A3dsKFob/oMEcjG9fk7bprbwTXy+/5Kt2EhtGsKrzvlXvDq87crF0y+n+z7a0XUo6/PFamTqmUM8r9AmFeVllXlMDb2rBt7Xgu1rwA539SOc+0djTOvu5zn2h21bYi4hfm+I3pvhNyEKyFicOx2Wc9nxlil+YwpunF8UdvvCxyX9gcO8YwVO6ZQX/Sxrzgko/o1BPK9RhmTwoYXsldKeI9AnIDgHazkPdPNwtwN0Csl1EtknodhkL6wHboeA7VLxHxXs0skcjezWq16B7DbrPjN1zEOiPyQp9E3YhML0hpsekd5jhiKDbSujSyE6N6NTwdtUalcNaZLRZQhola2oCaQwH3gYFrVfRegWtU5AtClKjIDUqullBq1W0WkM36tgGA9tg4OsNfL2BrzHw1Sa+0sSqTGy5iS0zsUoTqzSxxQZm9ZMjPig1kBIDLTXRUhMrDaGlJlJswEWWEpSwEnjnQt65kHem8650wbVQcKUL1t3fnhRK4cZS2NFkdiyZG0/hnCmcK1XwpIWtkG3AOSaaE8Jy7+COO1iEvBDmCGG5ITTXRHNMOEeHw2LwZUieCVZgxxKDo4mBkQT/sHX3n2/d+sPMi0DemkfcnIvfmGOBXZ+D35iL35hL3JxniYEZTrDEEBhJCs+tToAZSWbCRSTqdgJ5a0L5yPIBFuMD6Mps8PIs4PIs6PJs6Mps6Moc+Moc9No87Pp8q6BkNRvsbQ1j6dHpVW+OAjgiccGAC02k6G4sN4SLSPkqNEkJeQrgkAGHpQTBk827sjhnpo0rk3dl8a4s3p0tuLMtWwjubMGdY19xZ1vmkLy5ss+hAvma1ZGGiwyk2EQjlFgYaCQxWPtUilSoWAWLFLBIAYpkX6FiicGTL7jzeXce787jXXmcM4915bFOi6nc4C7m3cW8u4SfmBsE7yLBu0iI5oZ7DynZblgrQeukaGjYOEVoCLtBQesVtEFG62WkUUIbRKRBhBsEpIGD61m4LgjXBeA6P1RHg/UUWE+CDQTUhIPNGNiCQa0Y3IYhHRjSiaFdGNaNYd0Y3o3h2yeJAZucGHrviguxbrDFQFGx7KKoXdZa18dS/+k/33qy9VPHA6fzHvg8/4Ev8h84m//7cwW//67g/h8Kfnux6LdXi397s/i3t4vvHyq+f7T4/rHi31pYSoDCj0nrg0sKxkp+O1py/1DJ/YMl998svv9q8f0Xi+7/oeD+7wp+d67g92cLfv9FwQOf5z9wOu+BTx0P3nqyLfWf/rOmj0eUMKUVDsRaYUHRvtSO9vTuj4uO//Hxl744/cW3d/PCK+++8Mq7z7506sIfn1Hol1T/q4r/DS3wtho4/klFXFxcXFxFH8Se1sZ3LomrucZ9pf+wJW7RXlj4xhS/McVvTfHbkPhtSPo2JH0bEl88HJdx2nM2JH5pCs8cjks77f7Y5D80uXcN9m098Ibmf0Xzv6Qxz6v0swr1lEIelon9Ir5XRHcKcC8HbePAbg7sYsEuDtzKQ1081C0i3SLSLaHbJHSbiNoLBd+u4DsUYodG7NDIHp3qMZhekwnXiKbepRzdf2DS201qm0FtM8hunezSyS6d7NSIDhW3JqZbJLRJRBpFuEGE6kWoXoTqRKhOgmoluNbauikjW+y5bGiTBFXL8EYF3qAgGxR0g4au19H1OrZOx9cY+BoDW2XiVSZuKWGpiS0xsSUmtshEKwy0IjxVYv0PLzbQEus/fwgtMZEiHSrQwDwVcMjebNGTKbgyuPE0bjyyeyCFd6aGSeGsiv9oUnAkkR1NZMcS2fFkzpkiuNMkb7oCZuhQlgFnm0hOCMm9gznu4Hk/4nk/YjF6QB13UIeJ5BhwjgZmaWCm4lsoedJEV6rgTOHGk9mxxOBYYnA0gRmOpwfnU7fnkbfmkrfmkrfm4Dfn4Ddn4zfnEGHwG7PR67PQa7OQqzORqzPhq7OQq7OQa7Ow63NsMQzFW3Wke1nBP5LMjFhxIWKFeOJWPH4rHr8VHxsRbB9cmum9+Jj3wmO+izOAizOBSzOBS7OgK3Pga3NRq6Z0M564GW/rYTjVP5IWGEvnxjMEd5bkzbUaDL9gBSRSRIpYIc+2AuCQAYfky5W8OYI7i3dlsuMZgbGFgbGFQYvxhex4BuvM5JyZvCuLCzuDdWZw4Yu8K0vw5EjeXMWXpwL5GligQ0UGXGwixeZENxhoibXjwR5stU46gYoUqFAFCxWgUAYKZV+B5CsQPXmCbQUH53JwTgfrdLDjjnu6wZpndRfzk3KDd6Ib7tWIBleJYNgNUTHc2w1IrYzUKmidjNbLSL2E1ItIvQDX83AdB9fZVoBq/VAtDdZSYC0J1uNQIw42YmBz2ArtGNKJo104thXHtuJ4dzgubI+xwg6cvDs0TCEGiuynyH6aGohh5yR0fTT1n//r4LOdn5ZP+7x82pnyaWcrpn2zaNq5RdO+XzTtwqJplxdNu7po2s0l024vmTZU+eho5aNjlY9YVC6v8YYflctrDi4rmXRlvPKRscpHhysfHVwy7daSaVcXTbu8aNqFRdO+XzT93KLp3yyafrZi+pnyaZ+XT/+0fPrgs12p//xff9EKMVnBfzCn+NXkisPp1c84tp2o3f0KQVIWF7zwn9wghhMYjqMYhqAYgqCffHBEpl6S6VdV5k018LYa+IMaeF/9fkNcRR/IntbGB5bEbb5qWSH8qPzgPeTDjHvWj6zHviOGZYXgm5YVVOYFywoycUjCD4jYHgEZ4OFeFuwOAl0s0Bn0dbBABwt0cmAnD3XxcJcAbxXhrSLcLSBbRWSrhHRLWLeMbVPw7RqxQyN3GOGZovBmtAmnVkSx5023m1S3QXYbUSW020pAmyWkSYQbRKhOAGp5YIsA1ghADQ9sFoBNArhJBDfZ+/uhahHcIIIbROBxEXxcgtZL0HoZXqci6zRkrY6t1bE1BrY6agXcCgqLTXTxpGZyeENT+AaEFplosYEU6lC+BjoUX47szRbdGbxrITeexo2nctE50WRuPJkbs56T2NGk4EhCYDg+MJIQHE1kxxNZZ5LgTpW86Qq4UIeyDCjbhHNCaO6PmONH3PEj7phgBcyyQrYJZ+tQlgZmqr6FsidddKcKrrAVRhMCI/HM0Hz69jzi1hz8xmz8xiz8xiz0+kz02kz0+kzs+iwL9NpM5OoM6PJj4KXp4KXp0OXHwMuPQZdnIFdnYdfnELfm0YML6MF4ZijBP5IYs81tghXC80iJ1GB0AAm/FY/fXIDdmI9emweHleC7OMN74TH3D9PcP0zz/DDd+4Olh5nAxZng5dnQlTnhmtI8Sw/k7SR6MJkZTg2OpfPOTNGTLQOOX7YCHGOFGCXYVvDlSt4c0ZPNuzLZ8YXB0TT/cKrf0o/FaHpgLD04tpAdz2DHMyxbWFeC41Z2yeRdWaInR/Y6FCDPGlLSYauQNcENBhq7Fa5YR4o0a0oNLFKhIhUslMFCq44kefIETx7vdvAuB+9ycK5czulgnbns+L3d4ArvdbBDQ6kVGgRvhWC7YcqCUtgNMWKQwDUStC5GDJYbNk2YULLcgNbKSJ2E1IlwnQBv4eFaDq5l4S1BuDYAbWGgLTRYSwFbCLCOAOtxsBEHmzCoGYdbcbidQDoItJPAunCsC8e7cbwbn1IM964mRX1A9tNUP0P1M1S/nxoIszMWXR9N/x+/HjrRe6Yq/suq+LNV8d9UxZ+rWvBd1YIfVs2/uHrulTVzr6+Ze3PN3KF1c4fWzR1dN3cszMFVFZE9awdXVUy68sSqivF1c8fWzR1eN3d43dxba+beWDP36pq5F1fP/WHV/O+q4s9VxX9TlXC2Kv7LqvgzVfFDJ3rT/8ev/1YrmP6DBnOwpePlZMdrC3oXOz7J7Hy/869//etf//oXxfxx2XduVNbu3LkTMkOGYWq6rqrqx+8flsiXZOoVmXld8Z9SAn9QAu+p362Pq+gFAp8qESuct7OCIXxrit+aUjgoSOdCUkxWEM+EhM/Q91NjrPCG5n9FtaxAPaNQT0nEIQnfL6C7eXiAg3YEga0BX0fA2xbwtgV97UGg3XIDb7kB6owgwF0SslVCtspYt4Jv08jtBtVjWA0Dq3kwWQk7Qn57f7I9dUptNcgunezUyQ6N6FCJNhVrka1OF1QvgnUCsIX3bWZ91ZxvE+et5nwbOd9GDtjA+zYIwAYB3CAA63nfOt63lvetFYC1IrBWAtdK0FoZXqMiazR0jY6t0u3dy5YSlproEhNdFKOEqA/ssjVSaCKFBlpoooUGkq9DeSqYq/iyZW+m6M4QXOkTfDBmkcSNJXFjiexYAjuaEBiJDwzHB0big6MJwfEEdjyJd6fcZYWcqBUmuQHNNZFsE8k24CwdylKBDMWbLnnSeFcKN54cqR1ZQYG4MRu7NhO9NhO9NgO9NgO59hhydUYE+Mpj0OXp4KVpwMVHfRce9V18FLg4zXdpOnR5BnJtFn5jLnV7AT0YT0fiwmjSRCVEO8+2FW4nkGElWFZArs2Frs4BL8/yXZrhvfCY+/w01/ePWrjPT/P8MN3zw2PeCzN8l2aCl2aBV2ZDV+ZAV+bAV+ci1+djN+KJW4nUYHJgNI0bzxA8WbHdhbvFYKWECRWkCbUjq5eQI3qyBXcW58wMji0MjKTRQ8n0UDIzlMIMpTDDKf7h1KgeRtMDo2FbjKQFRtMCY9ZZHZmCOztaRwILdKjQgK2kYosh+mWDFBlIkR57/hVUpMFFKlSoQEUKWCj7CkRvnujJE9wOwZ3Lu3M5Vy7nzOWcuawzlx2/hxtchZyrkL/LDYKnTPCU/awbImKY5IZ1E92wMTyhFDu9ukVGaiVkiwjXCvAWHt7CQVtYsCYA1fihGgasocEtFFBDALUEWI8D9TjYhEPNONRCwK0k2kGinSTWSWJdBL51shhi3ICT0dAQEQNJ9lFkH0X20WQ/Q1o+6A9Q/QGqP0gNhNkZpHYGqJ0BasDQRzP/5Z9G39r/ba3j201Z5zZlfV+T9f2WrAtbsi7WZl6tzbxem3mzPnOoIWOoIWOsMX2sMd3VmO5uTPdMhXviL7kb08cb08cb04cbMoYbMm7VZ96ozbxWm3mxNvPClqzvt2R9V5P97absbzZlfVPrGHlrf+a//FOkr0BQ+4h7WSG8yfng5T8dLVr6Zuru4umHZq57dtNf/vLXk1fA7i9H3hoi7ty5EwqFDMPQdV3TVEVRPnr/sEgel6iXZfo1mXlLYd5W/O/K362PK++5/M7Gj77vXxK36Qr7pXZ+S9yiPRD/tSF8Y9p1pG9CVh0p0lcQvjCFz0PCaeT91Li9RwzuHYO1xpBe0fwvqvTzKvWMTD4p4U+I2D4B2cXBfSywPejr8ns6/N62QJR21tfOAh0c0M7Zz+0c0M6D7QLUIcAdItwlo10q3q2R23Vqu0HvMOmYYyr8O0L+7SG/dVLFtrAVtppUl0FtNchOnejQyHaNaFPxVgVrlpFGEa4TwFoBqOF9m1lvddCzIeh9nPVsYD2Ps571rHcd513PedfxvnW8dy3nXcN6V7HelbxvteBdJfhWieAqCVqlwKs0ZLWOrtKxKt0eRV1qYEsMbJGBlhtoeUy3MNLGLDDgAgMpMJACAy0w0QIdsQ6lyFF8WbI3U7J2DzhTeWcKP57Cj6dw40nceBI3nsiNJbJjicGxhOBoQmBkgX94gW2FsQR2LFFwp0jeNAVcqIOZBpRlItm2FSxsK+TeCRNCc0JIjmUFBciQvemiJ423W82JVjuBuj2PuDkHuz4TvToDvvoYfGW6BXR5OnR5OnRlOnzlMfCy5YNHvD887Dn/sPeHR7w/POK98ChwaTp8ZSZ2fY7deR6KZ4YSJmx4Hpm0qS0xbIV44lY8fjNshevz4KtzoCuzrcKR54fpru8fHf/u4fHvHnZ+94jzu0fc30+z3XDhMd/Fmb5LM4FLs8BLs8DLs62aEn4znrydaMcFV5ZkdRfA/AljSEhhxAd3zSBFlWAFBdGbI7izOFdWcHxhYCSNGU6hBpOowSTqdhI1mEQP2oawA0QYyxb+kVT/SJo1RMu7MkVPtux12HUkqOBeJ2fEnLhXpCPFOlykwUW6fepJkQYVKmCh7MuXvHmixyG4Hbwrh3flcK4czpnLOnPY8Rx2POwG5+R+AzeVGwSP5YZJueGuZgOwQgRWhN2wWgLXSHanYV1MaJgwoSTBm2W4RkRqRLhGgGp4uIaDalhwcxDcHIA2M+BmGthMATUksAUHanGgDgMaMLCRgJpJuJVE2yi0ncI6SayLxLpIfGvYDdsmVZPCVpggBpLspcg+muxjyD4/2R8g+wNUP0v1s1Q/R/Vz1ABHDXBUP0f1s9QASw0Y+uiiR+8b/vDZi72rz3dUnO+ouNRZfqmz/Fpn+fWtZbe3lQ9tKx/ZVj62o3RsR6m7p9TdW+rtLQXuge+uNz29pZ6e0vEdpeM7Ske3lQ9vKx/cVn5ja/nVzoqLnRUXOyu+71j8fcfiC71rhj58btGj92n6OEnvJX7GCkaMFQzmwOuvnayoOZa6N/3xw9V/+ctfTvxxuPjF8zeEWze4wXPfXPn268vfnL3kHAdkWf7ovUMCcVwiX5KoV2X6TZk5JTPvyH9cFxcXF1feC4z1LY6rvhI8o52viavYDfFnDeGsIZw1Y4aRQuLxw3ELT3u+NIXPTf60yX96fV9c5XsvGdwfjOBbetCaQTqhMs8p1DGZPCLhB0V0L48McFBvENjm93Uy7na/p83vaQ14WwPeloC3LehrC/pag762INAaXreyQCsHtvFQhwC1i0injG3ViG2a1Sqgtpn0jhC9I0Rvjzm8aJvJRLYobzWpToPs0MkOnWjXiFaVaFXxZgVtlOB6AaoVwBret5nzVQe9GwKedQH3uqB7fdC9LuheG3SvYT1rWc8azruG86xmPatY98qgu4r1rOC9VYK3SvBViUCVDFWpcJWGRA84MuxDLKz2cpmBlOhIUXhXlHWKZ74B5xtwnoHkGUieieYbiEODclVry7E3U/ZkSO500ZUmuFIFZ4rgTOGcSWExJHHjSexYQnA0PjCywD9iWSGeHUvgxhMFV7LkSVF9C3Uw04CzQkjOHauCZFsh90c890cs98dYK6A5Jpytw1kqmGllBcGVwo0lBUcTmKH59OA88tYc/MYs9NoM+Op0+HJYBpenQ5engZemgZemQZenA5ciSnjIc/4h9/mHPOcf9px/GLg4Dbo8A702m7g5j7w932o7+4cT/SOJsackMcNJzHCipQR6MIGyjtSObk2Yj16fh1ydA0VqR+enOb97ZPxPD1s4v3vE9d2j7vPT3Oenec5P9154zHdhhu/CDMsN0OXZyLV56I35+M14ajDJiguiJ3y66iQxRDcrFIR3NeerYH7EB3ZHwa4d2UHBP5JKDyWTtxMjULcTqduJETdEoAdjVDGSGhxLt3rgktc61y/PiguTTt/T4cju6MLIr+pIYdgK9olYKlSoAPmSL1/05oluh+DKFVy5thucOZwthogbYvVgzSzFuqGYdxcLnhLBM8kN92g2AJYbqkRwpQSussVgu+HxiW7YJNtdus0iXCPCmwRoEw9t5qHNLLgpCG7yg5sYcBMNbCaBzSRQQ9hWqMfBBgJqIuEWGmml0TYabafQDgrrJLGtJHZPMcQmBoLsIckeiuylyF6G7POTfQGyL0j2sWQfR/XxVL+FQPULVD9P9nNkP0f1m9rIgTX5r+3f5X7n0M1Dddf2rL+2c/WtnauHdq8e2rN6bO/qsb2rXXtXuw+s9h5YBRxcBRysQv82sINV2MEq6GAVdHAVcGCV58Bq997V43tXj+9dM7xnzdDuNTd3rrm6c83VPY/fONTgeufwq/t37V9TYFmBpPZOaQW7nRA5EMlgDqjk/qeO7FrSur/pxc4///kvQlAchpmKb5xBRTcMQ9M0VVUVWZFk6aP3DgnECyLxokS9ItOvS8ybMvO27+3kuN2HFf9H8ljf4rjqy8HP1POb4yp2QdyXBv+VwX9lCF+ZwtkwLxyKW3ja/QXyfnq4q7D+eqSpELCaCsdV+lmFeloiDov4fhHdzcP9HLSD9XX7fZ2Mu9XvafV7WgOeloC3xXJD0Nsa9LUGva1Bb0vA22zB+lo5oJUH20S4XUY7FXyrRnTrZLdui8EqE3VPPPi6y6S7LCUYZLtOtGlEq4a3qHiTgjXJaIME1wlgDQ9s4n3VrHdD0L0u4FobcK0NuNYE3KsDrtUB16qgexXrXsV6Vlo+CLqrAq7lrHsZ51nOe5bznuWCb7kELFOgFSq8QkOWa8gy+ygLZLGOlOv2RmXr/7N1l8nToTwdso+gsDYem0ieAefqUI4G5qhAtuLLlL0LJU+66EkT3WlWoV9wpfCuZN6ZZMGNJ9piGJ0fVkICP54oupJlT6oKLDSgLBPOjrGCLYOIGCZYAck24GwNzFB9C2VPmuBM5saTAiMLmOF59O25xM3Z2PWZyLXH4CvTocvTIjIAL00DL0+DLk2zCkfeCw97zj/s/v4h9/cPuc8/5P7+Ic/5h30XHoUuP4ZcnYXfmEvemk8NLmCG4pmRhPCG50RLBhHowQRqMIGylHBrAX5rAX5zPnZjPnptLnx1DnR5FnBxhueH6bYV/vjwZDHYieEx74XHrGaD9+IM4NIs+Moc5No87MYC8nYiM5LCji+0b8RArgrm3XVwRZRwnzkcEQBrI0I4KDgz2fGM4Gg6M5xKDSXZ07S3E2LdQA8m340thslxIVfxWfvsfv7wDBvN+lYDKdLhIrumBBWqYL4MWHEhT3CHreC0EkMO68xmx7OndoMrj3Xd7YYi3hNxQ9nUucFyAxArhioJXClFQsPkglK1DFdLcLVk/6iGagGq5qFqDqxmweogWO0HqhmwmgaqKV81CWwmgBrcV4f76nCggYAaSbiZRlpotI1B2xmsg8Y6KayLwraS2FZ8CjFMCA1hK/RQZC9D9vrJXlsJZB9P9glhRHvRL5B9PNknBU8SyLflsx460bt1+MyL5LnXyLMvkmdfZCy+eTH47XH23An23An+3Anh3Anx3Anpl5AnIp07IZ47wZ87wZ07wX57wv/NS/6zLzFnXyIszr0+dOal471by2c9jKJ/CnJvkPReiymygjFRDNYZ2t6bW585sqq7v/nPf/6p85Pby966+q2HMQzDCgpff3VxfMwnSdJH7x0S8OdF4oREvSzRr0r0GzJ9SmbekZkXPyy/Vys5/VPXFwb/hSF8aQhfGsLzh+LSP3V9bgqfmfwnBv+hwb1vsO8Ywbf0wGua/6TKvKjSz6v0Mwr1lIw/IeL7BHQXD/Vy0A7WtzXg62TCSvDbVmjxe1sC3tagtzXgaQ54mv3uJr+7MeBpCnqbWaCFA1p4yBJDh4p3acRWndyq2zuTtxrUVsM6v4jqMqlOk+o0qXaDbDfIdp1o1YhWDW9W8WYFa1TQBhmpE+FaAdzM+6o570bWuz7oXhdwrbFkEHCtDLhWBlxVQVcV614Z9FQF3SuCrhUB17KAc2nQtZR1V3LuSs5TyXuXir6lMrhMgZep0DIVrtTgJTqyWIMrNLhMs84yggo1sEAD8zQwTwMdGpSrRw6lgB0G7DARh7XTWIOyVDBTBTIVX4biWyh702VvuuRJkzxpojvFQnAlC65k3pnEORO48QR2LJ4bt5UgOJMkd4riTdMmWCEnqoSIGMJxIdYKOpipAgvDWSEhMLqAGZpP3Z6D35iFXp+BXH3MUgJ0eRpw6VHg4qMRN0CTrHD+IY/NBCuEp1Tj7R1wQwnMUAIznEAPJdCDNtRgPHU7nrwVT9yy9qzNxyJWsEaPYq3wp6gVrFJStI70w2Oe8+FOw8WZdly4Pp+4lUgPpQTG0q0bsRQ5dhuc+qfuTFCCzyH7ciVfruTNtYICG+4oWOWj6M67sBioiWKwSkwxVkgNjKZHrBCOCw7t54/NAAuj2oj8IAfr6NzIz1zy5Uleh+jJFdw5giuHd2ZzzizOmc06s9jxWDFM4QbuLjcInmJhajdEmg1TuEGyQ0NsQWl9TKdhowRtFKFqAdooQBt5aCMHbmSBDUFwgx/YwAAbKaCa8m0kfJsIYDPuZTs4ZQAAIABJREFU24L5anGgngAbKLiJQZoZtJVB2xisncE6GMxODERYDBjejeHbUMsNxPZw53kHQe4gyR2WGCwrBMgeluzlyV6B7BXJPguJ7JXIXpHsFcg+gejliV6WfIEPfP/ChvyaBQ+UP/K/yh/5XxWP/p/F0+5bMv03lTN+u3TGb5fN/N3yWb9fMfvBqjkPrpzz0Mo5D622mPvQ6rkPrZ7z4Oq59pVVketzHlo95yHrxVVzHlwx+8Hlsx5YNvP3S2fcXznj/iXTf7t42m8qHr2v/JH/Xf7I/65Z8ODzGwqCwQsU83JECVZiuHOHmqqvELGCdU4qtU8l9/7x7OGffvrpzK2bm059Y5imruuqqiqKIsuyJEmiKH70/kGReFYkjkvkixL1ajgunJKYP8j+9xX/B2rgIyXwsRL4VGVPa+xpjftM5z7Tuc8MPsLnBv+ZKZw2+U8M/iODe19n3zHYU3rgDT3wqsq8pNLW9NHTMnlEJg5I2F5r+ogDt7FWq9nTGvC0RpQQ8DYHvS1Bb2vAaymh0e9uZFwNfk+j39MY9DYFfc0c2CLArRLaruAdKt6pEZ060aVTXaZlBbLLoDpN6wgj+7AKa4tyi4Y3q1iTijUqWIOC1svwFhGuEcBNvG8D532c9a4LetYG3BElVFlKCLqrgp4VrHsF614edC0LupYGXZVBVyXrWsK6l7CexbxnieBdIgGVMlipQJUqtESFwz8zByrToBINso+vUEGHCuZqYK4G5lhH1OnWuRRwjmnvNM7WoSwdytbATA3MVIEMFchQgIWKL132pcneNNmbJnlSJU+K5EkR3cmCK0lwJvLjCYIzUXAmiq5kyZ0ie1JVX7oOZphwZgjJDqHZU1ghJjFErYBk6VCmCmTInlTBlcyNJwZHFjCD88jbs63yEXL1MThsBfDyo+ClR2Pjwv/L3ptGuVHcC7w699M7773P78s75553F2wnbGbzvsx4AZuwmMVmX0IIwZ6xPQYG4wW84Q0M2BCThBASkhBs4wVCgCTcsBm8zIw99qza19barW71Ko2kuXofWupp9VIqadRSS6rf+Z85rVJ1dXV1df3U0nSX/EcF27dX2L+7wv7dFbbvxG+Qfuw9f7W/91qs77rghesLNzzfKP7GELl0U/jSTaGCD0QlBC/cgF24AROV0He9v/c63/npnrPXus9c7fzhSsfpH9u+nTb6zVS5D0a+njLyzRTZL895Mdi/+7FoBc/56f6e64OiFQbnxkcWkOL0bXZx7ralShm4lxbdmjChhEW0fZF4g4L4n0UTVriYVwKm/B5pZlj8pUGMwu8N4g/RxPACcnQhJVnBsYTLP7VpqVwP4kMyCmKQbrYofMUkmwauIIYlCfsSyraYtC6Kj7aTI+3kSHt8uC0+0k4MS25QXDcsIYaXEKNL48VuEJ+7p+EG9Q/Rznsp54QbaOf9MjFMuEG6HTrhfoJy/ZRy/ZR0/TTuepxwPo47H4s5Hw87Hg85ngg6fhp0/CzgeDLgeMrv+IXfuRpzdYQ8nWHvuohvfcTXFfVviPrFKwaZGPwaYghgmwPYZgzbHAxuDmKbQ9iWCLYlim2JYVvi2BYyuDUR3JIIbkkEtyaCWyesgG2lsK1kYCsZ2ErH3k3xAyl+IFkIYSIGpUgKQ0lhKCkMpnjdGOMHx/ihMX5oTJBicCz/7pAYyUIIUgjDOPHHYOjlIiuEtayQjE58fSRZgQ/t/u7L1zKZDJ2gI4mokBR48SdmhqFpmk7QiUTi5NG9icDBBPZWIvg2HXqHDr1Lh99jwu8z4T8xkQ/YyBE2eoyNfcTFTvD4SR4/ycdPCvFTQvzjJPlxaiJOJuPiJcIR8ZbmwlVCsRKC+5jA7oRvB+V9iXRvIl0bCdfzuP3ZmG0Dnv/WSIp1Mce6mGNdzLY2au2MWjsiox1RW0fMtha3d+D2zrhzLeVeT3u7GN8zrP8ZFnuWDzwr/nORGOLFQTKYf36RgK0XAuv4wDre38n5OjjfGta3hvE9TXueot1PUq6fkY7HSftjcdujhO1h3PogLn5TNHo/ProKt95HWO8jbKvitlVx20rCeg8h+mD0Lty6grDeRVjvzN8I6riLdt7NuO5m3Xdx7hW8ZwXvvoNz/4Rz3cq5CkpwLuGcizlnO+daxE08rUh8LsWilHdRyrso6WlLetoET5vgbhPcbbx7Ae9awLnmcc55nHMe65grBWObTdtm0dZZCetM2jqLts1ibLNZ+1zOMY93zUu6F6S8C8e87WnforQfzgqeNsG9gHPMY+xzEtbZ8eEZ+MCN0UvXhS5ei/Vd4++50nvux56z06TLBfeZae4fpok/MIjfLOXFcHqKQ4zvpzhOT3X98CPP2St9568O9E0XrVD4zTn/hAzp2RiFq4Qb8kq4cL10oeDvvc7XM917/lr32WtcP1zl/P5K+3c/sn07bVSUwddTRr6ZUIL1u2n5745OX2k/faX4DZL77LXitULwwk3hS7Nig3MJaaIeu/zxecqQ3a2Wv0qg7YsS9kWUVbRC/lohenlO+NKs/HP9xIe55i8LZob7C9ME5WO2XAn40HxiZIH8WoFxLGGdSzmNmHiMkugG6SFOgrcgBvcyznML576ZdS1lnEsS9sUFK+RvmCCGFxLDC/GhBfjwQnx4IT7cVoh2fLgdH16EDy/CxX9YGl1CjC4txC1x6y2kdRlpXUbalpO2W0nbT0jbT0jbbaTtdtJ+B2m/k7TfSdpXkPa7SPvdlPMeynlPwrlS/St0frYG8VEZrscSrsco12Ok8zHS+Xjc9RjhfBR3PBp1PhpxPBp2PB50PB50PBFwPBlw/NzveCrgfDroWhNyd0Q86yLedVFfV9TXFfNviPo3iGII+p/D/M9h/uf9/uf9eTFsFMUQwDYFsE2YKAZscwjbHC5YgcC2kNiWRHBLAtuSwLbQwa20aAhsK4VtoQJbyMAWMrA1HtgaD2whAlvxwNZYYGs0sDUSeDGCvRTCXgph20LYtnBwWyQo/tvSDiK0PR7cTga3UcFtVHAbGdxGYttIbBuFiSnbE6qggtvJ4HYyuD2O7SCwHTi2I4rtiAR3RoI7Q8FdoeCuUOjloDw0rJAOFy4U9k58fRTZK4T28KHdfOjlwOjuT0/uOXls58mjO08e3XXi6M4TR3adOLrrxNGXTxzdffLonnP/ejGBvU4HDtHYW3TwbSb4azr0DhP+HR1+j4m8z0b+xEb+zEY/4KIfcrEPOfxDDj/C40cFohDxo0L8aJL4MEn8JUl8IOB/KvzT0Ttc9Ndc+Jdc+E0mr4T9TGA3HdiZ8G2jfFtJz6a4e2Pc9RzheAa3d+V/RXB04c4u3LFOCskKUeuaqK0jZuvA7R24oyPuXEe51iU86/MzOvk38AHx4UXPCPmHF20QghuEYJeAdQmBdYL4yAp/B+dfw/nWcL6nWd9q1vcU7f15wvOzhOunlPPx/L8YFX5PJqz349b7xeuDuG0VabuPtK2KW++N2+4lbHcT1rsI612EdUXcuiJuvZO0raBsKyjHCtq5gnGtYNwrWNednOsOzn273Aqsa6k4RybrbGOd7ZyznXO18e52QbzRzLc45WsX/0k0/6+i3rakZ2HSs1DwLBDcCwT3At41n3fN553zxOAccznHXNYxh7XPYR1zxJe8c67gmp90ixcKbWm9CwXZ90hp36IxX3vK25b0LBTcCzjnfNY+N2GdTY7MxAdvjF6+Ptw/HbtwTaD3Kt/5on9A8pz5kefsjz1nf+w59yPvOfEnhx+5fpjm/GGq7FeHH7nP/Nh77ip/zzWY3Ar9N4YvFaKghGD/jcGLkhLyVgj0XR+QWcFz9hr3matdP1zl+P5K+3c/sn47bVQW0v8g5X9t/v5Kx/dXOb6/Kv+7wrnpvp7rxedhRAfnEMPzxUck0fZFtH0x41zCiIOvJAPXUta1RP5bgnShIFkhPrIQH16AD84TLxfCl2aFLs0KS9E/UzRB9PJsecQG5sQG5+SVID6NQ3rCq30x41hceB7iUi093Mw5pSew5u/NFn95Ljxu/ZbCt15LaMfihE2qahsxvDA+vJAYXkAMLcSHFuCDC/ChhfjQQnyorRDt+FA7PrQIl64exJvgJn6RviU+KupB+j+ln5DW20ib9DClO0nbCsp+F+W4m3Lco3rEXvHz9VyPijOAks5HSOejhPMR3Pko7ng46ngk4ng0ZH80aH8UczyOOZ4IOJ70238ecDyFuVaH3Gsins6od13Uty7mW4/7u2L+DRH/hoj/2WBBDIFiMfgDL/ixTf7AJgzbJLPC5ii2OYZtzluhEDS2hS4sy6ywJR7YEg9sIQJb8LwStoYDW8OSFYLbIsHt0dD2WGg7HtpOhLaRwe1UcFuiIAYKy0ciqBFUcDuFbSex7SS2PY5txyUrYKIVdmpYIaR9rSD+W2r+IUgFK+wWrcAFX+awXSy2kwnsoP07Ev4dCd/OhG9Xwv9ywr874d9LB16hsVdp7HU6eIgJHqJDbzGht5nQr5nwO0z4t0z4d2zkPTbyBzbyBy76Phd7n4/9sRB/EvLxRwF/X8D/wMfeKzzc4td8/p61g2zoNSb4KoPto7HdtH8X7d9O+19MeDeTno1x9/Nx17Nx5zOEc0PcuSHu7CKcGwhnF+HsIpzrCcc6wrE2ZuuM2jqjto6otSNmW4PbO3B7B+HojLs6SdfahGc97V3P+Daw/vWcfwMf6OIDXTwmxXoeWysExOjkA/lHGHH+1ZzvF5z3Kdb7FON9kvb8LOH+KeV6nHI+SjoeJu0Pk/YHSfsDpO0B0nafKAPSLsZK0n4vab+3MLvhXaRthewcWJFwrKCddzKuFYzrzrwVXLdxrls593LOtZwVreBczDrbWUc762zjnAs5V1vh9uN28QP7mG/RmK9djJSvLeVtS3naUp62pGdh0r0w6V4gheCeL7jywbvmCa75gmue4JonuOcVK6E97W/XtYJ/cSawKO1vT/vax7xtSW+b4F7Aueaz9rkJ22xqZCYhfol06fpQ/7VY3zWBnqv856/0KeMq3/krfT1X+c7n71qYiHNXes9d6Tt/lb/nmkDvtcEL12EXrg9eLFhBjEs3hMSrhP4bQhdvUFpBDPF3BUkM564VxeD8/krH6R/bxPjuR7bvfiT+tuz4/krnD1c5xbsWzlztOnON+8w1nnPTveev8/cWrJD/55/8TWT5D+nOxayzyAfSfxzJf1HIi8HWTlnbJsRQuGIoioG5BQHMlQc+NA8fmkcMz5duZKOs7Qn7oolrBSkKbpAi74bCc7nlz3wVH6IlhvhPU4xzSf4nEGt7fLSNKFwrEEMLiKH5+OCCiVC5oegnh4IbpK+VyMLXSjpukP8QfY/ec7kp18PiPKCk85G442HC8TDueBh3PBR1PBRxPBKyPxy0PRqwPxawPx5wPOF3PBlwPIW5ng67V0c8HVHP2phvLe5bh/vX4/6uqK8r4t8Q9j8T9D+L+Z8L+J/z+7sVYggEXghgmzBsk8IKOLaZxDZTOlYgJ6ywWWWFF8PYi2orEKHt8dA28UKhMO6/lFeCGHIlYNsS2DYK20bKrEBg23FsexTbEQ1KVtgZCu1SWCEUejmk/Q1S4d9ShcheIbKn8A3Sy1xeDDsZbCcT2Mn4d9CBnXRgJx3YxQR209geBtvLYPsZ7BUGO8AEX2eCB5nQm2zoLTb0SzZ0mA3/ig3/mg3/hg2/w0V+y0V+y0XzwUff5aO/5WPv8rHf8tF3+Ohv+Oiv+ejbXOQwF36LCx/kgq+zoVdZbD+D7WWwXUxgJxPYTvtepH1bE94XKO8LpPu5uPu5uOuZQmyIu7ryf53rxSAca3HHWtzeids7cFsH4eggHB1xZyfp7CRdaxPutbR3Petbz/i7OP96PrCex9YXfLCeF78ywjoFrFMIdAiBNXxgNe9fzfue5nxPcb6nOO9TrO9J1vsE43mc9jxGux5NuB5JOB+iHA9SjgcpxwOU437Sfh/luI9yrEo4VxVu5rxX7OWU427KcTdpv4u0S0pYwTjvZFwrWNednFu8ULg9/xx89zLWeTPjXMI4FzPOdtbRxjnbOGcbn7dCW8EK7WP+9jH/orS/fczfNuZrG/O2F6It5V2Y8mjGgqRnfsqzQIox78Ix70KZEvSvFfyL8lbwt49528a8beIVCeucx9jm0NbZ5OhMYugmfOAG8YoheOEarPfqgDz6rsF6r8Z6rw705e95DvRc7eu52le44dnfc3Wg9xrswnTswnWhi9eLQ3/BBxNREMONoX75N0iF6JO+Srou74ZzExcNrh/EZ12INyhc5TxzteuMeAvbNe6z13jOXus5e63n/HXi85ECvTeID9yWrECNtolfItGOJeLlgkwM+a+P5GLIu6FwV3NeDOLPzoW7l4tieL44+hMjC4iRBXEpRheSowsL80CIz9FbxDgWi78rsI4lGiaQXy5MTBSxTGaFWwT3Mt5zi/i7Auu6mXEupR1LEvZFpE20QhsxshAfWRAbXhAbWhAbnB8bnB8bXDARQwtjQ235mPhOaXE+Rpbg+a+VbiZGb8n/HG1dFrfeGrfeGrf+JG69LW69LW67I267o+gLpfxZs5Iqfi43lY+HSMfDccdDhONB3PFQzP5g1PFgxP5QyP5Q0PYwZnskYH/cb/+p3/GzgOPJoOsXIdfTEc+amKcz5l2L+9YS/vW4f33U1xXxdYX9G0L+DUH/swH/sxNiKLhB/PckDNsUxDaFsE1hbHMU2yRaIY5tprDNCWxzAttCY5tp2aVD8bXCZvEbpLwVsBfz1wrBl0LB7WArJLCXEtiLmlYofK20Lf8NUnA7EdyOB7fHgjIrhHaFQruCMjGECqG0guJmhWReDLsnrhhCL3PBnWxwJ4vtyg/Q2MsM9jKD7WaxPWxwLxvcx2L72eCrbPAAGzzAhl5nQm8woUNs6E029CYbeosL/3IiIvm//ES8xUfe5MOHuPAbXPh1LnyAC73Khvaz2F4We5nFdrHYDjawjQm8SPu30v7NCd8LCe/GhOd5yvMc5X6Wcj9LuZ+h3M9QnmdIzzOkZwPp7iJdXaRrPelcH3euJRydhKODcHTmrxKcnaSrk3J3JjydtHedNPNfXgOBdXzh+kAIdApYhxh8YDXvf5r3/4L3P8X5n+L8T3K+JznfE6z3Cdb7OON9jPE8wngeod0P064HadeDtOsB2nU/7bqPdq2iXasY132MayXjWkm77qWd99DOe2jn3bTzbtp5F+28i3auYJwrGNcK1rWCdd/Jue/kPHfwnjv4iW+Qbik8XHMJ62znXO2cs413LeTdbYKnPeltT/lEGeQH6PyA7mtP+9rSvvxH/jFf20R4xVioDN/CMd9Caa2Mf1FxyGQgi3SgPe1vF4tNehby7gXiDxiMbU7COoscyd8YER24IXLpunD/9HD/9NDFiQhKyxemhy5MD16YjvVNxy5Mx/JPTJoeunhd8OL1oYvXi09OFX2geOpqWPbk7dDFG4OFH5zlgV24IdCX/y9Vf891vvPTveene89d6z53rfvste6zEw/I84iPUM0/SHW6r+c6X8/1ohKwvhuD/XIrLJC+umFkX91wTvVPC0uLLh0mfmYQH4/aTlnbSGtb/ol4RbGQtLZRRdFO2doT+VgkzgvEOMQrlbwPtH5UkK4Sbp74CVo1P0T+S6TCTwtsoZ4FMSwkRhbgwwvw4QWx4fmxoQWxoflKNwwtlLuh6PeGghtkPznouoG03yF7QHdh5gb7PZR9leQGyvkA6XiAcj5AOh6M2x8gHA/gjgei9gci9vvD9gfDtgeDtocw2yMB26MB++MB+08xx8+Czp+HXb+IutdEPWti3k7c20l41+K+tTHfOkkMQf8GTC6GwPP+ifufNwYCLxSssCmKbY5hm3BscxzbROatsDmBbaYLCxS2mQxsVn2DtEV2rSBaQfkNUjyYtwKFvSSzwkuJ/Et1bKcKPy3Eg9vjE1bYIbeCdLkQKmEF+a/NhcsFXozQbj70shhccFchXuaCL3PB3WxoNxvazQX3csF9XGg/F9rHBvezwVfY0Kts6FU2dIANHeBCr3Gh1/MRVkXoNS50gAu9yoVe4UKvcKH94vzMbHA3i+1ksR1sYDsTeIkJvMgEtjL+zYx/M+17gfZtpH3P097uhPe5QjxbiGcS7mco9wbK3UW515OudaRrXdy1lnKtJV1rKfdayt2Z8KylPZ20Z634fHbWv5bzr+X8BR9g4qw4YnQIgTUCtlrAVguYOB3CU4L/54L/ScH/JO9/gvc9wft+yvse57yPcd5HOO8jrPdh1vsQ63mQ9TzAeh5gPfcVYhXrWcV6VrKelaznXtZ9D+u+m3XfzeZ/Xr6Lc9/Ne+7iPSt4z528dwXvuYN331H4HyTxSajizbFLePci3t0uuNtlFwptEz7If7pvT/vbCiH3hKQKYPjbMn49KyzStIJ4uZDyLBQvFzjnPNY+l7bPSdhmU6OzyOEZ8eEZ+OBN+MCN4t3Usrg+cvkGKcL9N4T7rw/3Xx++dEP40g2RSzdELt0QvXxj5NKN8ikZtOZpKPyj6qWbQuK/JF1UxI2hizdiYlzI39rm773e13O9r+c6X891vvPX+c7nBSBNuuBXzcwTKjxFNW+F0YXi40vzd7Q5C//5o/x/pKIHphbd5OwsXEPYF2mHOOgrYwkzMZOS+J8ISzjpf2RBcYtsLjnZRHLeZUnvsvzNkrKndMie17SItLaJYiBGFhDDExc0ohjwQY3vlIjhNtk/LOW/U4qLz90bXVL4VyWNHxvi1tvi0g/RtjvF6d4KYlhJOVYlHPdRzvtJx32k437ScX/cfj9hvw+33x+13xe13xex3R+y3R+0PoDlxfCY3/54wPFE0Plk2PVUxP101LM65lmDe9YQ3k7ctzbmWxv1rYv41oV9XSH/hqD/mYIYugOB7kBAupVhIxbYGAxsDGEvhLFNEWxTDHsBxzbFsU0ktonCNlHYpgS2qaCHTVRAtMJmxe8K+V+bsRfD2Evh4EuhoPhT8zZNK1DYSxT2oriQwF5KBNViUP7mLFoBD+6IBneEi60QKlaC2grizQp75WJIRvYmw3sUIYR3C+GX+fDLkiR48WIi+DIf3s2HxQuLPXxoLx/ay4f2Fcd+PrSfD73Ch/cL4X1CWEzcK4s9fGhPvtjgLj64kwtu54LbueA2LvgiF3yRC2xhA1vYwGY2sIkNvMD6N7L+jaz/ecbfzfi7GV8343uO8T0rBe19JuHdkPB0JTzrE571lGddwrM24V6b94E37wPGJ/pgLefv5AOdfEA0Qd4KSawjia1OYmuSwdUp7OkU9osU9osU9lQK+3kSezIZeDIZ+FnS/9Ok/6eC/3HB/5jgf5T3PcL7HuZ9D/G+h3jfg7zvAd73gOC7v3DHshQrBe+9grcw8XL+hrW7eXFGHWmeNc8dgud2wXOb4P2J4F3Oe5fznlvy0yl7lyQ9i5Ke9pS3TfziSPaFj2aII7j2uwUH6K0lX1ephLwY/BNiSBbEwLvmc455rGMeY5uTsM6mRmdTIzNJ2SM3iKGbxMAHJyI2II8ZsYEZeCFigzNxaUK3iYmdpWndZujd1zZxg9ulGSEx8jc/y6Zpk03Lo5jIM3hBnO15RujizNClWWHxwdqDcwnxpmLxGySb+J8/4jcz+a/mgbe2KabtzN/WoBuyxyjxGiHODacI2UTQnqIoug1bfJRWUdxS/PimpZwoBtuihLVNFENctMLwPHxonvjAvsIVg8oNwwsLYih2w8himRiW6v3YQNluo+x3UPbCF0riHNGFR2VQjlWkYxXpWBW3r4rbVxH2VTH7qqh9ZcS+Mmy7L2S7L2i9H7M+iNkeDtge8dseCzgeDzmfCLuejLifirp/EfM8jXvW4J41uKcj5uuM+tZGfGsjvvUhX1fI14X5n8H8z2CBZwOB7kCgGwt0Y4HnscDzwbwVNkawFwpWeCGOvUBiL1DYJgp7gQpsSoiBbaICm8hiMRCBLQS2Fce2xrCtUezFiPh8veBLBStsi4W246FtRHBbPPgSFXxJZoWCGDSsMOEG0QpE/kuk/LVCsRgUVtittsLeghX2ZdhvM3xvhu/JcD0ZvqdoIf/yfIY7n+bOp2ULaa6nKNjzafZ8mu1Js9KyXpxTxdk0e3YsH2fG2DNjzJkx5odCfF8cpwvxXT5oMb4do79NTcQ3hfhaijF5MF+n8/FVhv26EF9l2K8y7L8Kf/+VYf+nEF9mGDH+mWH+mWH+IYu/54P+ohCfF8dnsvibLD5VxV8L8UmG/iRDf5yhT2XoUxn6ZIY+maFPZOjjUmRNE/kqJT7KJD5Ki0F9NEYdGyOPjZFHU+TRFHk0GZfiSD6IfAjqwItD/O81XJWOH+HhgospgxUj+iEguKhsFfwojx/l8WMCcSwZ/ygVP54ij6fIE2PUiTHqZDpxMp04lU6cKhwvnUhoRFonNDNrBHiLlUW+DifT1Mkx6kSKPJ4ijyfjx5Px40L8I4H4SCCOCcQxnjjG42J8JIYgD+IjgTiuihPJuBgnZXFqIsiPk+THSfITWYh3OH2an+dRFkIhePIznvwbR/6NIz9j45+x8c+Z+OdM/Asm/neG/AdD/oMl/8mS/+SoL3nqf/jE//CJf/GJr/jEVzz9FU9/zeXjG5b+hqW/ZehvWfpbhvlOFqdZ5jTLnOaY0xxzmme+F0Ngvk/KIsV8nypOSTI/iCEwPwjMD7wY7A88e4abiLN8Ps4I7FmBPZNkzyQZVbBnUuxZvUiyZ5PsWYE9yzNneeYsz57j2HPsRJxnmK/BVijMxRbdl+G+PXlk+8bOqRvXTn1hIqY1fkx9ocn2aF1RbBJj/Y/qHfmaFFWv9OEw1RExVWVqEusaIYoOUFFsXDt1Y+eU5zunPN85pbvziu7O/36u47+f7fivZzv+65k1/7VhzX9uWP2fXav/s2v1f61f/V/rV//3+tX/3bXmiq41V2zomCLFMx1TNnSKMVW+CYyZAAAgAElEQVSMrs6p6zunru+ctr5z2jqdEN/t6py2oXPqM51Tn+mc+mw+pkxEx5RnO6Y8I0XnRIhbKWxo6rrOqVKZ6zundRVqMrGKVjnPFsdE4R1TujqmrO+Ysr5jyrqOKWs7pnZ2ijGts3Pahx++pBCD5r3N+1PR/Rm+d2Pn1AQCgUAgmpfOzmksex70u0Iqum8sun8sug9ZAYFAIJqeghV2Aa0Q25e3wlpkBQQCgWhmRCsEZb88K79BGhOtEENWQCAQiOZHsoIURVYYy1th/1hsP7ICAoFAND2lrZBCVkAgEIiWobNzGsueK2kF9A0SAoFAtASdndMY9hwW3IkFd2KhXZjKCvvQ7woIBALROhRZIbgTWQGBQCBamg6FFYI7i60QQ1ZAIBCIFgJZAYFAIBATQFghhqxgCg4ePLhx48YuBAKBqIiNGzcePHiw5FAj/q4QDO6UQmGFvcgKZmDvvn2HDh2KRCJZBAKBqIhIJHLo0KG9+/aBR5v8f6bqWwFdK5iC7u7uWCyWTqcZBAKBqIh0Oh2Lxbq7u8GjzYQVQvmokRUsFotiYfJFVatAE9LV1ZXNZuvdqRAIRGOTzWa7urrAo03hLrYdwdCOqlnBUkDxUpGoXgCvqM6Q0HIA2Ap675rcJV1dXZlMhobAYrEoXipS1HkQCESLkMlkIK0QCu0oRPV+VwB8hNcc5QHC0CtZzzdqechXlG9RU1QmRLSC5lt6+6LZAvJVyn0LgUA0OjBWWNs5jWPPhUM7xAiFduhZYW9Z1woJlQY080AulFwXZqOabwHymArRCpQKi8WiWNB8KaaAAayLQCCagwqsENa0Qjq2L13mtQLgykCdCJOiV4hiK3p10MsMv0p96erqSqfT8WIsFovmsvol5Ftl5UEgEA1HOp0uaYV1EFbYW5YV1MO3BfghHWZBvQl1hpKrV2AF8yBagZBhsVgULyUUL+U59SxLqNBMRCAQDQ2UFdZO49hzkdCOiMwKV0/GCiLyMVf9N6FzZaC3oFl4QstA6q2r15JnaCwr4AUsFgtejJQiLiheSsvqFTVLA6cjEAjTovmxT3oX2gpnRStE9K2wNx3bm53EN0gJLSuoF9Se0ENvK+otgjM0kBUEQXDIsFgsmi/FBcVLebomDhWaiQgEwvwAzm5BEOC+QTobCW2PhLaLYlBYYZ/0u0IVraA5ygOEoVe4nhU0UzQzN5YV7MVYLBb5soT8LXke9Uu9RM1sCASiUZCPBnKgrXBOulaIhHZW3wp6KXoZDLJCQuWkCkqoF11dXTzPW1VYLBbNBXW69FITzTIRCETjonki8zxfvhUMuFZIFF8oKDKAF/TQzACuAyARkG4SRCuMaGGxWKS/ikRAul6iZgYEAtEcwFshrG+F/WOxfenY/nRsP7wVFGO0elntDMVAr15RkV+vZM0KNAFdXV0cxw3pY7FYSi6rXwISEQhE88FxHPT9CjvF0PwGaX+5VkBUHdEKAzpYLBbN5ZIvxRR1IgKBaEoqsEJY3wrlfYOEqC5dXV0sy15GIBCIScCybBlWCO8So9gK+P4xfH8afyWNv5Ll+5AV6kV3d7ff7ycIoh+BQCAqgiAIv99f8knaa/O/Nu/Mh7YViFfSBPoGqZ7s27fvjTfewDCMRSAQiIrAMOyNN97YV2rWHZkVdomhsMIrY/graeKVNPFKVkDXCvVkz5493d3dRs3dh0Agmp3u7u49e/aUHGqKrxXAVkDfICEQCESzo/wGqdgKkTH8lTH81TTxahp/FVkBgUAgmp61ndM49ny48PWRphVeSePICggEAtESwFjh1TR+AFkBgUAgWgGZFV4WQ9MK6FoBgUAgWoKCFUQl7I6EdqfTYbkVDozhB9L4gTR+AFkBYRL2HziMokGj3n0HUZpiK7ystsJrY/hrafy1NP5alr+ArIAwA/sPHM4hGhBkhZLU5kCA67C2cxrHnY+Ed0cLkVFZ4UAFVqj7RxIUzR21OXkQ1aXu3cb8kcvlPjrxqaGRg7XCnkh4TzS8JxreU2wF4rUx4rU08VqaeC0rlGeFrGkQm7vetZjAbPVpOJAVGhTU7fWQxoRcLvfRiU/hVxQH+rLy52CswPYUrLA3Gt6rsMLrY8TraeL1NPF6BVZgTIC8xetdF4YxX30aEXgrKGbgkKdrLqtXL1l+yfxSomZlSm4CsMUKNqeZDbyVimuiZv+Bw/XuO2ZE0wqQK0pWgM+fg7RCaG8kvDeitkKaeEOKrHARWWHymK0+jYieFVSTM8EO93o51dnAQ2HJYVozp7isrjx4NAeUA84AXlbXGaYmyAqTQW2FTCZDQ5DJZEQrlJU/B2WF3khoXyS0LxLeFwnvk1shmiYOpvE30sTBCqwArqjFYim5DzB5YBpCbHHN+qg3oblReSK4ViXrDK4PTDmTrAAgP3jfFaMVIFtltYJvZMC1gt5H4ApGYfXIqChQvVbJciCHUc0hGFxbzQ2VbISSFdArKqdjDnWt5Ow/cLhkH9DsY5B9o2Q3U2SAKWoym4PMJh8TcgUrUBDIrQCfPwf1u0JPJLxXVEIkvC9dZAX8YBo/mCEOZoiDWaG/XCsAMlgg5kqDyVMSeYvDbEJzoxbg9M4lV4evD0w5luLZpyVKZlBk09yQZjngDOBlRQpkTcDNCP4GqazBEaacki8tqg/pFpV4cjoigdk0eLuA+oAroEazzprla+YpWfn9xf+DpK6A3hG36HdCcDYLXLdUvwSvCE4HZNNcRdMKpIrbV72gSJFbQZ7etfuyenUpfw7KCr2R8P5oeH80/Eo0/EomHZFb4VAaP5ghDmWIQxVYQU9ZFotF+gugZAZIPUotrigcjLoa8mor8sDXWa8+kOVoVqzkdtXvltxrSrXj6nIqqIBeUYq3ALWiKAr+GyQFUh69/IqiAIMdfGaLzsCqty54YNUspNyc4BU166xXSZicEvsPHC7ZMfS6lt4xBfQfRYHqtRQpmqWpKwwGnE2zTLUV0uk0Ucxj6z64fdULisR0Oi1aQZG/a/flx9Z9QKgQ8+dKWaGzYIVI+JVo+JVo+NViKxAH04RohTfLtUI6nY5rYbFYNJfBOSsmnU6LLa5ZH/UmACnignh09apXss6A+gC6ml5NILcLeFevEPWyukolzxBFHvUuqHdcXVt15QFWKGukA+e0lGMFwILmdiFXB+yFelmOYi/A+6LehKIQzRL0ygQUvv/AYUAP1Owb4N4LyAZ4qe5m8P0ZUG1wxQDZ5GNCLpf76MSnY2NjERniKH/7qhcixYyNjYlWKCt/rgwr7I+EX4korxWIN9PEm5n4m5l4JVZQy8pisegtADJPBnmLa25CjTqDIjOgeiXrDKiPfF3NZb0KKDKr6wDZyODKA3KW3GuY4y6mwOQEW0HzmGoOW5rZ4EvTXFG9LchV9CqmVwd1UYoF9V/5FsE7Lt+uonD1finetQCtoDjiYAidE1CeQf4WoE9WnFkTC/CsgdkvOWorCILgKEYc5RWJgiCIVlDkF63gUCHmz0FZoS8cfiUcfjUSfjUSPpBOR66SWeGtNPFWJv5WJv5WBVbAZYjNIX+p95Y8gzq9XOQtrn5Xb7vqOkiVlDJUVmdAfQDto5lNviBvQ8CCGvBBkZes/qtXQ/UmSraeug8AKg/5u4JeijoDTDmAl+pl9V+9l+CFkrUCrK5ZB0AKZCVL5gFUfv+Bw2V1G5hsOFyf1OzngN5YcouaAPYCgNoKPM9bVdy+6gVFCs/zohUU+bt2X1avLuXPwVkhEnk1Enk1EjkQiWhb4ZeZ+C+zwqWyrCAIgksfi8UCeFfKUDJbSQRBEFtcsz6ah1avqooq6eUE1xlQH/mK5S5rVky+IN87vT6taAHNHdfcR3AbKrarV3m9d9XtWfJ+BQvwo6tFNoop0CsE/BKwiRxwsFakW7SGYEDJmuVrbqhkfSDL1Msjb0BA5fcfOKzusXo9ULMfgrsZuDTNFS0V9We96oELURclIh8TcvpW0Bvly82fg7RC+EAkfEBthVia+GWa+GUmfjgdf6sCK6gvYSQsFgvku+CcJZG3OEw1ACnigvRXkROyzoD66HUjeQXkKYo6KOqpuaCm5P6qd1xzZ/V2X/GuZpXAedQ1hLmLTWoomCFvki/VW9F8F7BdC/BLfEA1SpZf1k6VLBNmrwGV33/gcFk9UC+DJuC1IPsnIEUvg+aCenwA7IumFUYgkFsBPn8O9hukA5Hwa2IUWyF+OB0/nI7/Ml3RtYJdH4vFAvkuOGdJ5C2u2AQYdQXEBb36QNZZrz6AEsBbVNdKSlHUvGS1FSmaO663Oc23Spapl0d+FNQ5S36DpBi89IZC9UHXzKb3Um/FnL4VLMCBW/NdcMkw5ehtVHpXr/7qwjU3B6ihgv0HDpfshJAdQ969NVcEvARswl6qPwN6sjqnJnYVaitwHDcIAcdxohXKyp+DssKFSOS1SOS1SOSNSOSNdDoqt8Kv0vG30+Tb6fjbWeFyWVYAX9RYLBb4twCZYS6axBaHvMgC1EdRDflL+DpD1gfcPiJ6maV39WoO3pB6LfC2YKqtVyZMG6rTwf+ZWvItvcFX76XirFZntuiP1GVtThP1jujtoKIC8DVUJ0LmAWdQs//AYc3uYdXq1YDOM8mXMH1eLydgFZh1NRPlY0Iul/voxKcsy16GgGVZ0Qpl5c/BWuH1SOT1SOSNaORgRmWFfJRrBY7jhvSxWCxVSS8Jx3Fii2vWR10sIEXxll46oKiS9QGvK542mluX59fLU3JD8vIB5WgWK62rKARcSc3NAWoogp6O16DsP3BY8/gCOqGivykA9BP1S70V9XojoD8PaZ0U4C3qbXqoeEzIFawAiWQF+Pw5KCtcjEQOFuKQwgq/Lljh11lhoFwrDOhjsVggEyHf1UPe4pAFKtLlLxUHuII6A+oDUzfFu4q6KfJoArkh+SbUe6puE/XqFeQBZ5BAVmhQ9h84DHN8FW9p9nbAS80OD997YfoqoBrgdM1EtRXq+yTtYiscikQOyb9BwtPx30hRrhUgL2qMhmVZscVRfZoGZIUGZf+Bw/XuO2ZEPiZADrCG0tk5jef6o5E3o5E3o5FD0eibmYxkhSyeJt8pxG+yybKt0G8C5C1e77r095uvPo0IskKDsv/A4Xr3HTNiYiu8JUYmE5Nb4bdSZJODMFbYX+/JjFC0QtR7fENUQt27DQrxQMBZ4ZdSZNJFVng3HX83Tb6bJt+Ft0J9ex4CgUAg1JRhBf5SLHq4EG8rrhXeS5Pvpsnfpcl3s8khZAUEAoFoUMqyQjR6OBZ9OxZ9Oxb9ldwKRIZ8L0O+l6Hey1DvISsgEAhE41KOFS5Ho7+KRn8Vi/46Fv21wgq/z5C/z1C/z1C/zyaHkRUQCASiQSnHCgOx2K8L8ZtMBpdb4f0M+YcM9X6G+gOyAgKBQDQu5Vkh+k4s9k4s9g4ee6fYCtQfM9T7GeqPGeqPyAoIBALRuJRlBTz223zgv1Vb4Y+ZxJ8y1B+zyRFkBQQCgWhQyrHCIB57F4+9i8d+h8d+J7dCPE39OU39OUP9OUP9KZscRVZAIBCIBqUcKwzhsd/hsffEyGQIuRU+SFMfZKgPMtQHyAoIBALRuJRnBfw9HH8Px3+P478vtkLiw3TiL5nEh5nEX7IpK7ICAoFANCjlWGEYx/9A5ON9uRXIdOJImvowk/gwk/gQWQGBQCAal7KsQBDv4/j7OP4+gf8xk4lPWCGTOJpJHM0kjmQSR5AVEAgEonGBtUKHeK3wRwL/I4H/icD/pLDCsUziWIY+lqGPZVO2allh596DKFCgQIGi6lEVKwj8CIH/iSD+TBAfEMQHCisczySOZ+jjGfqjbMpeRStAiA2BQCAQZVA1KwijBPEBQfyFIP4SJz6UW4HK0Ccz9AkxkBWaD4Zh6l0FRBMehebbo5rBMIzYeqlUKhAIhMPheDxOyUgkEuJfCZqmGYaJxWK5alrBGic+jBMfxokj8fiRTIaUW+FUhj6ZpU9m6VPjKQeyQpOBzl4z0HxHofn2qGaYyArxo3HiaJw4Go8fk1shkWE+yTCfZJlPsszH4yknskKTgc5eM9B8R6H59qhmmMYKNjJ+jIwfFyObpeRW+DTDfJplPs0yn46nXMgKTQZN0/WuAqIJj0Lz7VHNoGlabL36WiEpOEjyBEmeIMmTJHlSYYXPM8xnWeazLPPZeMqNrNBkoLPXDDTfUWi+PaoZNE0nEolc3a2QdJDkKZI8RZIfU+QnMiuM0xnmiwzzRZb9PMt+Pj7mQVZoMtDZawaa7yg03x7VDNNYwUmRn1DkJxT1V4r6azabkK4V6Azz9wzz9wz7RYb9IpuqnRUsFou0IAeQDVAIIE+LI/Y/PapyFNTZEAogj4K0DGjJihsZ8iBCAt6jkluBr0PJnNXdrxogDvo5fSuwLMvzPMuyBlvBRZF/pci/UuSnFPU3hRX+mWH+kWH/kWH+kU15a2AFzX6vPjHAy5opjdItaone2VvFo1ButhYEcBQUMi45xul9PNJDvaLmR4Fq7RG4npqVAVcD0A56O2hyRCtks+OaVmAYhuf5q6++Wi4GY6zgJsm/UeTfKPIzivxcbgUmw3yZYb7MsF9m2C+zY7WzguaC+iX8h6aSH7JaE/FTiZoqHgXwYITI6R8FkbKGtnKHTmmhAgMB0NwjgJxgRnB1YsmupSizIXqgOPprWkFUwr//+7/fdNNNDz30kCQGg6xAkZ9T1BcU9QVF/T2bpaXfFZgM+1WG/ZcY2TFfda2QyWSTqbQ8LBaLYllxLNUpauTlKF4qlls8stnxcCRm3FHQLBa1P/xRgGzhkt1br801VwQsTHKPStZHvdeAVWD2VG8XTNsJxaYLhsJqK4hK+I//+I/ly5dv2rTpwIEDe/bsEcVgjBU8FPV3ivp7gvpHgvqnwgpfF+Kr7JjfaCtAdlz4vgXfn1owstnxcCRag6MAb44WDPBRUPThkkMh5JAKs2LFR6pkvwIXCKMlzVNbb3cU5Zi544lNp2kFnudXrly5cePG3/3udydPnvziiy++/vrrzz//nOd5I6yQSnpFHyQSXyYSX8qtwGbYbzPst1nu2wz3TXYsUF0rpDNZITkmD8WxFFMUf+WZFaurS9MrFoWQHMtmx4OhsNFHoaxsLRh6R0F9IBSHQ7NtNdtZsxzFuSA/WfQWJr9HevXR3B2YCkgNorfjgJcmDLHpsGBofFz7WkGNQdcKqZQvkfifROJ/Eol/JRL/ymYZmRW40xnudJY7neG+y45hRltB3RXA4xFM30IB7oKGHgXNDHrncGsG2M2Aw6E+WOq3AInqFRWHxiArqHcBYAXI3qW3IeldQAc2VYhNp3mtUNv/TJ2aSvkTia/ofHytsML3UmTHguaxArhvKboRGo80Y3x8HAuGanAUAOWjAB8FzWHRICuoFyo7ZQB7JED0Gfid0kOeQbEAbpC6h9h0mtcK9bDC1zT9NU1/Q9PfZrOsZAUuw52RYrJWsFhQNF/wQooXUhaLRfqrCL1TV52zNSM7Ph7AQul0RrPpFAuajQx+Vy9RUb766GhuvVp7xOv3GXW6Io+6hnqrW3T6p2m7n9h0ASyUrb8VAjT9LU1/R9PfMfR3RVbI8uekGE+HJmsFxbVCpWcC+CW495i2Q9SrC07mKOQgGrascaoFA3wU9AZrveNSmRXA7xpkBfiKVdy19GRg2u5nJitgDH2aoU8zzPcM84Nkhf/zf8e5LH++ENW3wlg6w/FJRVgsFs0Fdbq4LL2rmS5/KaHeaGtGNjvu82OTOQq54sbXbF710IaOwuSPgqJ7ay6XPASaKwIWJrlHMGcup+ppgArA71RlO1L7EJvO58dM8LtCUPQBw/zAMGeyWS5vhdw4Py70ZYW+caFvXOgdT0eqa4XUWJrlBHlYLBZpQVyWUtTL8peAREAhLR7Z7LjXF5jMUchBHIWSR6TFQ+8oSC0pR9GAgOFenl+vtfUyKNYt92AB9kivQEBPA1SgrJO9gh2pfYhN5/UF6m6FsbEQy55l2bMse45lz42Pc1ddmb9W4DN8X4bvywp9Wb6vBlZAUfsuOJmjkDP9aWb+mPxRMFs03x7VuOkkK/T29h4/fvw3xbzzzjviX4ljx45dvHix2tcKIYY5xzDnWOYcy5wfz8qskBUuZIULWeFiVrhQfSuk0gzLo6hXZLNZj9c/maOQs1jqvheNHpM/CmaL5tujGjedx+vPZrOpVOr48eMYhgkFxBsU4vE4jsdjMTwajYVCYa/Xd+nSwIkTJ6p8rZAKs8x5ljnPsj0s2zOe5eVWuJgV+sUYT0era4VkaoxmOBT1ikw26/b4JnMUchZL3fei0WPyR8Fs0Xx7VOOmc3t8mWw2lUr96le/knzAMGyCpikqEQgEvV6/y+21212XB4ZOf392cHD48NuHq/0NUphleli2l2V7WbZvfHzCCkJWuCTFeDqGrNBMgaxghmi+MbT59qjGTSe3gnQDcyJBkyRFEHGXy2uzOUdGbYODI+fO93377Q+XLg0YYIUIy/ZxbB/HXuDYCworXM4KA1lhICtcrroVhhENTs5iqXcVEIjmRLICx3E0zYhKiEZxm905PGy9fHnowoXLZ8/2fvPN9/39l42wAsde4NiLYiisMJCP5MB4Gq+uFTKIepNOpyezes5iqVZNWplJHgUT0nx7VDPS6bTYevW2QjSvBK6f4/rHxwW5FYaywmA2OZhNDo5nqmwFRMNjMe9z6hGIhqb+VuAuicFzl4utkJSsMISsgFCCrIBAGEO9rRCTrMAVWyGZTQ4XwlgrnPrtFvjovG/mZJobUTWQFRAIY6ivFdJjMZ67zHMDYkxYITeeHE8OF8JwKwye+wfmHvY5Bl2jA27boNcx5HeP+N0jfvco5rVhXjsedicILOS5jKxgFpAVGgqLmY6XWBnAjdmKnK1Gna2QjvH8ZZ6/zPMDPD8gv1bgsnxPIc6Pp8OGWsHvGoBpLCrmVVihlp2m3G1JXT9XfBpI76rPDb1ywBmqDtSGqlSZ1mnVstAcHytIkdIBL2uM5tYBVTLnATKU+lohlQoyzBkxWOZsduLe5kx4LLZvLLYvHduXju3L8r2GWsFju5DL5X713sXjn1h/9d5FefzrW6+4kMvliLCrZlaYfMnq8Uu9APmxSL26oRhnhVZuVXjU9a8sRa/AOu4vQNIVrNWsSFYQb1YgiHgshkci0dFR++DgSH//QG/vxR/OnP/q6++MsAJDn8EC27DAdiywHQvsSKdDBSuMuZP+h5L+B1OBh1KBBzP054ZawW3tg2ksPORQW8GgHlP78QumMjWzQukNNYgVYCpjtkFnkg5Qp5jkWmEyFwRmO0aGIlqB4zhRCdFoLByOBoPhwcHh/v7LvX0Xz57t+e70mX999a0RViDjH9tGb7db77BbV9itd6WSTskKrqRvVdK3KuVflfKtzNCfGWoF12ivPOXyYOD0Wfd3P7jP9HjDUVpKjwVtcitoDgHyi2i9BfWoB3ltrn4JHkA1y8mpTmmYU6JmH/FgW1WV0hytCpNSM6TtqncW8BKcQTOlBuj1KD1KltDEpFKpI0eOYBhG0+JdzQSOE7EY7nK57Xanze6wWm0jI9ahoZHz53s/+OCD6lohTpyyjiyzji63jd5qG70tmXTIrbAy6VuZ8q1M+VZm6L8Ze60w2gPTWG5rL9gK6rOosoUcxLmk3roavRqWe6LCbKtawLYq8NO65kLO9K0KuRe1Qa/dwO0Jk6fuktNMhzlYLUIqlTp79uyRI0cOv30YHB988MGXX35ZbSuctI4sk8SgtsK9Kd/KlO8eo63gGu3Jjo9//Nnw8U+GP/p4SEynQhc+3vVv/9pj+dceCxW6kNOyguKTBeAEAC+oP6HAnEsle6pmd6/go1AtxybYVoWwQsO1qnmsoClL+CqB89RxhAXUB2Z3WoT6zq8QJ05aR24uiEFphXuT3ntTvntqYAW3tXf8f/83nuAokk4k8l8Zfbzr3zwfWc795v8dPWz54nlLTudaQXMBJk+5Z05VPtXmdM5wcFE1tkLJjUJaAVC4Xkp9W9UkVgC3kl4TwZujvoOs3oHTq1WrKSFnFivcbB1ZNjqyvNgK3nuS3ntSvnuSvrsz9KeGWmG0/1u3tVcRJzdbvnv1/0lf/tn3+yyjhy1iomQFxYdZ9UdU2cY1KLkWOINmIVr7XXr80ty0uhqKzZUcXjVTSgLfqprNWnotc7eq5qYVKQa1vGbdSrYVOI9e3Wq/R3ql6VVDM0PrUF8rEMSJ0ZGl1pGbR0duGR1ZJreCM+m9O+m9O+m7O+m7y2grdN43Ux1n9/wf/9hs+X6fJfKpxffnf5PSJ9PciKrRkqdrY2HyIRXs9ZpXx0TU2Qr4iZHhJaMjS0dHbh4duSWZtMutcFfSe1fSd5fRVtBj/R/ORt+xEEcs1HHL9HuPQK6FqBGtfd4iJonmuA9zkdcK1NsKx0eGFg8XxKCwwoqCFVbUxQr3/yr5bwuIcSE493nr//dgAHItRI1o7fMWgTCOOlqho2MqgR8fHlo0PLR4ZHjp6MhSpRUE74qkb0XSe2ddrHDdz/13vxjN5XK/680hK5gOZAUEwhjMYYW8GCasMD7mFLx3Ct47C1b4K3qSNqIIZAUEwhhMYIV20QrDQ4sVVrhD8N6Z9N6Z9N6BrIBQgqyAQBiDOazQPjy4aHhwcVKYsIJD8N4heO5Ieu9Iem9HVkAoQVZAIIyhnlZYMxXHPxoebBseFK2wKCnYZFbw3C547kh6b096b8/Qn6BZdxBFICsgEMZQdysMDSyUxKC2wu1J7+1J721GWwHNutN4ICs0FDD/69ni/w9qHsxkhXaFFX4ieG5Lem+rgRWqO+sO4PZUzTtCDaKW26ouUK0q2y/UqlVH8w7kClKkdEUGzXOkgpLL2h3FsqIm6rqpq9oiR7/eVjg2NDB/aGDB8ODC4cE2tRV+UhsrVH3WHb0TQ/13MpQsQd6bJ1NOjdNDAw8AACAASURBVIFqVZ32RK06eRTDccUp6peANtHMU7JkeBTla5ZZcqHGPa1e1NkKsbwVRDEorHCr4Lk16b0t6f2J0Vao+qw7elbQe7cyIMcv+GHOJEC1avXGC9BW9DM0XKvCU18rqBONtgLM5urS0+qFOayQF4PCCssFz61J761J760Z+uNGnHUHkKJ4F7wgL0Sdor3LWnnAJatXBKxlHJCtmlOlNHqrqiujXqvGyGurToTMoz4umvuo3jTM1uFRl6bX1JoV1qutoT2tXtTdCoOX5w1ezotBEKwKKyxPem9NepcbbYVazrqT0zqvSp5pmr2nZJfSqyH4nIQ5f4wDtlUhPp82XKtC9p/aoNe2k1mGKV+dxyAr6FWjgiNrUE+rF+awQl4M+lZIGH2tUOVZd8q1gqq+2muVXFGvHMjNyTekuV81ALZVIaygLln9lqlaFVDDGo8gJYfOyvJo5i+Zx1ArVPBWzXpavai3FY7qWcEueJYJnuVJ7/Kkx3ArVH3WHSOsULIcNXrVAFeg5ABnKLCNWSUrqFPq2KqQ/cdoYNoHsg2rYhcjrACuiUnO33phAivMlcSgtsKyghVONdysO3opeu+qqqy9lrpH6vUtSzHyzCXLAVRYyqDeXMmUksC3aq44pQlaVbNMzTqrq1QypSzU+6iuMEwevbpVlgdwUMraL3X99fZI84iU3GXN8tWbU1fJPJjJCvMUVrhF8CxLepYnPcuMtgKadafxMN+5hFAAM96ZcExEmMAKcyQxqKzgroUV9ECz7pgaNJogEMZgGivMVVnBLVphWb2sgGbdMTXICgiEMZjDCnkxqK1wSx2tgGbdMTXICgiEMdTdCgOX5khikFkhZRfcN9fXCghTg6yAQBiDGawgiUHPCrcgKyCUICsgEMZgAivMlsSArICABlkBgTAG81hh4JK2FW4x2gpo1p2GBFkBgTAGc1hhtp4Vbq6NFdCsO40HskJDYap7F9R3lqlvYatxlUyFaawwW22FpTWzQlVm3QHc5ajIA95K3W931LsPs5YVUFdGnUmRp2SZLd6qZaE5PmremgteS52tsjxVbDrNQgAlN8Txqi5mssLsulmhirPuwAxP4AyQeQzCDB+UoFq11BM4YIqtGWZoVXjUtdWsv97HasDhA7QDIE8VW09vdXCx5j9k1aXOVogeHeifLYXA18kKVZx1p5msUMc6lG7VhrWC+YEflyHHa5NYYTIXBI11BCeJyawwWh8rVHfWHcVLmKtsyKt1mL6rWZTi3QpOj2pdv5cEslXVVmj0VpWWFQs1a3nN6ikWwMt6LQwoGSaP3hbLQvO4AyhZQhODrFDNWXfULwEZJrmgpuRa6r+AQsAlGwdkq+pdKzR0qwKG1NoPSZAmKGu5spSqWAGwLvjYTX67DQeyQjVn3clVZAV5UfB5tPZSd9ONZQWYVi1phVwDtmrJbdUMgJXLWp68EgBbqQDAgSirDzQ3yArVnHUnV04Xn+SC1l5Wefwqa+vVArJVa3+toLetKraqSawA7sOTsQLYjuVuvTJKno/g/K1Ava1wRM8KNsG9pGCFmxti1h0FirdkddH4cKpYETKP1o5qb05aVvzVaS3drctfqtcqmVIS+FbNNV2rgqsnT1GXXDKlLPTaXLMRSqbAlFzB1ie5g+pNay5Xa4uNRX2tEIseGeifVX8roFl3Go/WOF0belSCqXwdd1BtI723Wg2TW2FJ0nOz0VbQA826Y2pa4Lyt7gdkhBzNVlVfo7QmdbfC5f5ZA/nQtsLSelkBzbpjalr7vEUgjKP+Vrioa4XF9bUCmnXH1CArIBDGYCYrzNKzwtJM4iR6kjaiCGQFBMIYzGCFyxdnXUZWQJQHsgICYQx1t8Kli7PEuNw/S+BHr0RWQECBrIBAGAOyApp1pzFBVkAgjAFZAc2605ggKzQUpvpfT0vxXY1qFDlbDWSFms66Uy30OrERSJuo2b9yw7SqEVZo7lYtC83xsWRKrtJnWtQSmBpCvtWsmMcKly7Wzwq1nHWnKkgDSlW2WLIEKUMt9w6cYpAVcuZr1dqPSuoPyzApOdVjUfQKrOM4q7dpsx2C+oKsUOtZd6pItbYFM35Va6yErE/pVjWsJmZrVXNaAZwfkEEvTw2YzAVBS4nBzFZYJLgX18YKNZt1R+8LCnmKPAP4g5XmRzDAgmYFNOuj3lDNrADZqrkmbVXFWjDlGId8d9SJOTh/w6TUAM2+AaBkCU2MCawwUwqBH73yyv+rDlYw/6w7mgAGwbIKLNndYQbTagHZqrlmbNWSo3AtAZgAMid8Sm3Q265ml4NctympqxWmRCMflrTCkppcK5hx1h3IYQVm0+V+vtMsp2ZWgGnVklbINWCrwu678QD2pSwrVOZL4wDUB1CrllJCzgRW6L84o6QVlhj/u4K5Zt3JwQ3BlY1fMHWGL6fqQLZqBdcKOdO3qknGUJj90ttTk1tBvfWSfbvVlJAzgxUumMAKZpt1Jwc3poA3pFmyekPq3QFsCHJAhNwFvW2pa67ROM3YquAd0duFqrS8Zt3ATQGZold4WfWf5B7plaZXDfgO05SYwQqSGOpmhVrOugPZz1qzO5ZBmV/XlJUNURVM3tpq9eq91WrU0wqrp0QjH/b3zejvm3HpwsxLF+pkBT2MmHVH77OnOk9VNtfMlPp8rcqOWhUxgWZn0LvmazVMYgVRDOayApp1x9S09nmLQBiHeazQ3zdDwwpC/ayAZt0xNcgKCIQxICsgGhNkBQTCGExlBV5uBd7VzrsXCZ4lArICQg2yAgJhDKa1ghVZAQECWQGBMAbzWoFztfGuRYJnseBZkkaz7iAUICsgEMZgYis423hX/qeFdOIEmnUHUQSyQkPR4v/r2ViY1ArZlJV1LuSc7bx7keBebLQVqjLrzmSoSjkl/9VaL4PZzlio+kDkafRWreO/z1dwJ7OlGEVpgJc1A52tkJjYCo6FnLNdvFww2gpVnHWnXihOV8ic5qRaVpg8dW9V+ZhrRPngjUrLZaWAB7I63iNmnp5f934FxqxWSFoZ+wLW2ca7FvHuRUZboYqz7tQLk/ezsoBqVWQFw4BxgF7+yjLUBnS2QmJeK9D2+UzhcsFoK1Rl1h3A5bMij16iei34D1maZzLk5bx6K+C9MBTIVs21Rqtq73utkDemOjGnVX/NNi+ZUgMg+5VmFzJtvzII01phNGGdx9gXss42ztmepgy+VqjGrDvyl+rTqWSv0nwJWACUAF7LiK1XEdhW1TrJNYtSv2ygVlXseC0BmAAyJ3xKDWjWs9UIzGsFyjo3YZvPOkQrHDf/rDt6/UzxEUDzoII/ICiK0tlFY8cv8NarCGSr5orr06ytWnJ8MQhA04H3FLLNq1DFMmnWs9UITGqFTHKUHJ1DiZcLjrYxg61QlVl3dMcvZV0q6WclRwejxy/NjRoBbKuWP/o0YqvW9xBopiiOBWBZsyi9RKNp1rPVCExshZE51Og82raAsS8cI421QrVm3cnpnDPyd9WfICATLTJ09rLoXc3tqgspuZZeNvXWS6aUBL5Vc8XvNkerAjataApFtpIpZQGzR3qVB7/UK6dk/auyR+oKqJtU8/iC66+3U/AHV2+7kEdBXXLJFDBmtsJscmRuwjqfti1IGWyFWs66g6gO9fi8iSiLSQ7liHpRdytc7JlxsXdGf++M/l65FYTR+PCs+MgcyjovYZufIj9qjll3EFUDjTgIhDHU2QrhDy/2zJDEUGQFYnhWfHgONTovYa2PFdCsO6YGWQGBMAazWKFnxsViK4wQQzOJ4dnkyFxqdF4qXgcroFl3TA2yAgJhDOa1Aj44Ax+aFR+eQ47MScaPoSdpI4pAVkAgjMFEVuiZwXMyK8QGb8KHZsWHZ8dH5iQJZAVEMcgKCIQxmNgKAzfhgzOJ4dnx4dkCcRRZAVEEsgICYQx1t8KFnhlSKKxwY2xgBjE0ixiaZagV0Kw7DQmyAgJhDHW0wprVUyLhDy/03CSFhhXwwVpYAc2603ggKzQUMPcuoPsbTIJ5rRC9LFphJjE0S8CNtUIFs+6UvHcxp3UjIiAnTAUmD+Qtl7WpjN7WYVoVxgqN3qqad7fWBs17aMEpgNqWlUfv5WQaAb5fwWzCPP3KIMxshRuil2+KDc7EB2fyBluhsll35H0d0Bzqd2t8jDW3Cz49alKdElsvUY0WaFWL3tM+DEa9R+Wm6BUI2T5q/Wgul0Wznq1GYHorDNTCCpXNutPQ/Wzy2Qyioa0w+WxVXLFi6m4FQM7WtEKNMb8VZsQGZ/L4EXPOuqN5IVzutbDmS3DJ0jK4KAWaPV5dFOR+GQTs1puuVQFb19u00cjrpk5U59HbR/lyyTyAlMk0BWS/0sxg5n5lBI1ghYEZRlthMrPugBdy0D1esSz/q7cAOD8166+ZDrMXJUuuIrBbb8ZW1TzVa9Dmmuj1YXDfrlaeslobhmY9W42g/lY4f1NfIXhu9Mof18MKFc+6o1jI6Xy4UFWnOv1MXYh66+Dtqjekty1wyVUEslWNs4K6kJq1KnggqCV6Q1gO2FZVzFMDK+Sa4mw1grpboU/XCgM1vFaoxqw7mgu52vYzjX0HbkVaLjl+gUuuIrC73IytahIrwLckOI86G7xdAK1aege0aNaz1QiQFSY16476CFn0UWdTrCK9zKn6GXgV9db1jo1eZWDyqCsJKEQzpSTwrZrTzwaosJlbFabZ1cVCppSFsqm1agKTR69uleUBHwL4PQLsKTibZk0sJuhX6rVKpoAxiRV6z9/Uq7BCrIZWaPFZdyo+2eqJ6evckK1aVWBaALVSudSgxepohdWrp0TCH/YWlKC2wo2xgVpYQY9WmHVnMp+/6oyJq93ArYowMTXrV8gKuqBZd0wNGnYRCGMwuxXwwRmxwfpYAc26Y2qQFRAIY2gAK+B1sgLC1CArIBDGUHcr9PXMQFZAlA+yAgJhDHW2QuRIX8+M3oIYkBUQ0CArIBDGUE8rPD0lEj7Sd35G73ldK8yogRXQrDsNCbICAmEM9bdCz8y+8zP7zs/oPTejyAr44I2xwRn44MwaWAHNutN4ICs0FOjehQai7la4ALACXisrVDDrTk7/hsnaoLn1JjivYFvVmD1t1lYtF81GAKdYilGUBihHnUf9UjOlLOp7tjYW9bVCNHL0Qs+svp4ZfednKJ94IbOC4U/SrmDWncmMGpPvl3pbb/QeX8a+VHvUAGy90Vu1XNT7XlYKYECHyZPTul1rkqN5fc/WhqPuVrjYO+tCz8wLPTP6zmtdKxBDM4khw61Qwaw71eqj1S2h0T8KlVF5g62gSG/oVi2Xyqyg9zIHlEEFhVRAfc/WhsMUVuideaF35oWe+lmhgll3YEYQaVnzQlsvD8ylruZb6tO14SijVbWaEbVqddEczcHDN3g01zsKMA4wYmSvzdnacNTXCrHo0f6+2dLlQv2uFcqfdQcwgigWSvZvxVrqv4ANqRMbunfCt2rJawXUqpNEzwQAQ5RMqVY55VLfs7XhqK8V8OixSxfn5MXQO1PXCoL5Zt3R62fqDxea2TRfTn78avSPLWW0ag2t0OitWgF6jZlTNSz8ipMpRy8bJPU9WxuOOlshduxy/9z+C3Mu9s2+0DuL5+tkhQpm3YHs3zWwguZHHs21zE8ZrWqwFZqpVcsF3I3LMqsJrVD7s7XhqLcVPhq4NO/SxbwY6maFCmbdyck+axRvaiIR8BlTkW4pJgfRz9QfczSXGw7IVlVbIYdatUqo2y2n0zLqg6U+cHqFl5tnku0P2a80NzH5ftVY1NkK+EeDlxdcLoihblZo8Vl3GpJmOQObGJhRsmlG0mbCDFYYuDT/cv+8ullBj1aYdaeBQaMJAmEM9bbC8aGBhaIYLl2cy/NWE1kBzbpjapAVEAhjqK8VCPz40ECbKIbLl+YJprICmnXH1CArIBDGUHcrDA+2SZcLCivMqK8VEKYGWQGBMAYTWKFdEoMgICsgIEFWQCCMoe5WGBlql8RQbIWhGfjgTGQFhDbICgiEMdTXCnH8+MjQopHB9uGB9qGBNkGwTViBGBIvFGbV4D9T0aw7jQeyAgJhDHW2AnFidGjxyNCi4cH24YG2ZL2sgGbdaTyQFRoKU927oLhtTU3tq2QqTGKFkcH24cF2LSsMzyKGZhltharMuqPZsSroapqrVAvzd33IVs2VuRct3qrlork7FaRI6WXl0XxZrWOnWQig5IY+jpVRfysMLx4dWjw6tGhkcJGOFYZnCfjRhph1R7GgN0aU7GfqAiEpOTJWVp+aUUarAlsYXHirtWq5qPeishT1S8AhUJsDUJ+K0Vsd/hC3AnW3gnV48ejw4tGhRSND9bNCtWbdUZwegC4I2QuNG7/Kqk/NKKNVdR6eA1N4q7VqudTACuCNAkqbTJNO5oKgQQ9lZZjGCotHQVYgjLVCtWbdUVznwoxxOvXVuF4umaK5lnrTFdSnZpTRqlqDCGrV6qLZk2FGfMCy3lHQ23TJREg0jzKA6m69sTCDFcQYHVost8JoLa1Q3Vl3qmKFnM6pBViALLaC+tSMMlq1IivkWrJVKwNylK/6MnxKueiVAN95WgQTWGGJdXiJeMWQTNbJClWcdQfwUkqE//hZ1oLeFidfn5pRRqvqf/QrWXirtWoFAHqy3oeeauUpueJkqEzhDXoQK0ZhBYZheC1YljXaClaVFWbW7lrBmFl3ID+WatXX8PGrrPrUjDJaVeeyDLXq5AF/TtcbQ42zQnXbUK9KeltpxCM4SRRW4Hl++vTpV1xxxRVXXDFt2rR58+Y99dRTBw4c4Hm+tlZI1tQKVZl1R/OzoWYe9bLeKuD8miWAP59WUJ8aA9mqOdSqhmEpRpEInyenI49y82hua5I7qN605nLDHbuqoHmtsHLlyscee2zTpk0ffPDB119/XZNrhSXW4SUaVojXxApo1p3GoyVP18YCZkit47Cr8VFD561WQ/27giiG7u7uo0eP9vX1iUpIGP67gsoK8eGZxPCs+PBso62gB5p1x9S09nmLmCTgC0pkhUAgEIlESJKURleWZXmeP378uKSEWlnBXmSFeF2tgGbdMTWtfd4iEMYhWgHHcYqiaBkcxwmCwHGclMIwDMuydbBCfHh2XayAZt0xNcgKCIQxiFYgSVIc9wGwLFsHK5Ajs+Mj9bECwtQgKyAQxiBaIZFIqB0gmUAOsgLCHCArIBDGIFpBLQCO48S/CupgBXJkdhJZAaEAWQGBMAbRCurRX48mtAKadachQVZAIIxBtEKsHHLVssIvpsTxE9ahJVIkBXStgIAEWQGBMBOGWyFrpBVQNEHkLJa61wEFChTyMNwK5MgsI6yAaBLQMUUgGgdoK1wRx09YhxZbhxYjKyDKBB1TBKJxqMgKi63y+RVEK5Ajs8lRZAWEFuiYIhCNQzWtQI3OQVZAaICOKQLROED/Z+oV4lxstuHFtuElNvl/piIrIEqAjikC0TjA369AEifsw0ukSGlagRqdk4wjKyCKQccUgWgcIK2w5ukpJHHCMbJECmQFBDTomCIQjQOkFTpXT6HiJ92jS6VIJe1XISsgoEDHFIFoHCCtsHb1FJo86bMt9RdiLGm/+sqCFahRZAWEPuiYIhCNA6QV1q+ZwpInQ46bQ/abQ/abw/ab0yn7NXIrUKOzE1ZkBYQW6JgiEI0DpBU2dEzlqVMxxy0xZz4yKfu1V/3fk7KCZuQsFhTNF3qHGwUKFCYMGCs82zlVoE6RrmWk6xYxsin7dLUVElZYK9RPhAgEAoEoDXgMf65zWipxivYsL8Sy7NjkrIBAIBCIxqW7c9pY4hTrWV6IZeN6VkghKyAQCESz8/zaaWP0Kc67vBDLxsfs10lWSFhnU6NzkBUQCASiRVBZYTmyAgKBQLQuE1bw5ENphcTonIR1LrICAoFAtALPd04bS5ySlMB5lo+POYqtYJ1D2+YmrHORFRAIBKLpUf3avHx8zDFdbQXaNjcVP4asgEAgEM1NsRWWKf8HCVkBgUAgWoruzqljiVOiD0pZgURWQCAQiCYHWQGBQCAQE2hYIYWsgEAgEK1KkRXcy1h3sRVo25zKrHDw4MGNGzd2NRcbN248ePAgYK+/+PKrU3/74sRfP2umOPW3L7748ivw4W7ZHUc0Ja05fEnkreBeJkUVrLB3375Dhw5FIpFscxGJRA4dOrR33z7Nvf7ks79/c/oMzTD1rmaVoRnmm9NnPvns73qHu2V3HNGUtObwJQfGCnNp27yyrNDd3R2LxdLpNNNcpNPpWCzW3d2tudcnP/2cYdhMJsM1F5lMhmHYk59+rne4W3bHEU1Jaw5fRS1Q0gq0rWwrdHV1ZbNZdbUs+qiz1aqtyiObzXZ1dWnu9Ym/fpbNZtWDyy59NAcjvfQ6ks1mT/z1M73DrbfjlQHY/dq3DHjHEU2J3vAFCWDsqvuwBhi+5BhlhUwmQ6uwWCzqRL10vcyTKXPyZDKZCqygOeLI02GWyy2zilTXCnIpqgVZMh1QbFnpMCArtCB6w5cegA+7IvKcmvn1ii0rHQbA8CUHygqMfR5jn1euFdTpgIbTLEcvXZFBr6iSq1dAZVYoea1QlhUU4yagqGpRdSuU9ZerqE3U71YAskILojd8TRK9oUlzmAJnqHhkg7bCtLHEx4ZYgVJhsVjUiQDA+RXvamYud4slqeK1gl4e8Aio+W61BkE96msFcCNwRrYJskILojd8gdH8sCt/V76g+ZZeShVHtjKtsJx1LxetkK2KFdLpNKHCYrGoE/XeElPgV9HMCVi9MtLpdBWtIB/CSl5P6I2AJQfNyVMXKyj2tKw24ZAVEJWiN3yB0RvBpGURxVswo5Z8RcDmYAAMX3IKVrhVVAJTRSvgWgC+RFLnlP7qFQV4CUicDBVYQT2oAQa4kuOX5lhZVgkVYNDvCpqtoWkFaUW9AtWFQ64LBlmhBQEMXwDgxzTFgjqn/KXeMFjZyFaOFU4x7uWMezlTRSsIguCaHBaLRfoLyKD3EpA4GQRBqMAKZVGWFTTzm98K5f4F29S4NkFWaEGqMnypkY9F4LFLnVM9jlU2sgGGLzndnVNTBlnBAYfFYgEnamZQp5cspypUywqaX3qU+xLms3NVqPuvzfIV9QpULEOuCwZZoQUpa/gSBxkwijzSS71hSvGWfEW9VSY/fMkptsJyxr28alawF1Oy7RSZNZf18uhl01u3Ysq1AuDbEsV3JnrjF4wVqjICAqi7FQCq4JAVEFVFc/gCAB5kAOOS/K/eKtIyzHBXkmpYIVW5FXieH9HCYrFUJUWerrCL3lqT2ZAEz/OV/a4AM5BBDmea36uUuzo4RUFtrKDeO0X19EZ8TtUmeiWUC7JCCwIYvgCjkN5ApBiRwGOUIl1RjmaZZQEYvuSUsAJTqRU4jhvSwWKxwL+sevok4Tiusm+QwB/5S15PgEsrmT5J6mIF+UvFcs3aBFmhBQEPX4ChRj7mKBLFMV3vLXCxkOkwcPrDlxwtKxRm6BxPjTL2uRVbYaAUkjnlKeD8Jcs0GkCzQg6OgLG+6oNataj6Ey8UH+TVy5pXA7VvCmSFFgRy+JKQxiXFtYKUopdZnWg0XLWswNgrsQLLspebEZZljf4fJBNSy+cgmQpkhRakNYcvOSWswNrnMvZ5rH1+WVbo7u72+/0EQfQ3FwRB+P1+9MxUtOOIJqY1h6+iFihhBcdc1jGPdZRnhX379r3xxhsYhrHNBYZhb7zxxj69+RU+/8c3p8+wLFe9J6KbApblvjl95pPP/6F3uFt2xxFNSWsOX3JgrcA6yrBCIpHYs2dPd3d3JTMGmZju7u49e/YA9vrjz/5+8tPP6z6JWHXj5Keff1xq5pmW3XFEU9Kaw5cElBU4x3zWMR/N24xAIBBND5wV/v/2ziy2jTu/43zO8d6gRfvQZNdG7NRyDonkUCJ1x5sUMBIYAYoA3SDdh42PIEFj+8V6CNJtk4UXm7d2A6/TGNjosBwl6yROsmk27qYbYGNb1sFjZkhZki+Jx3AODi8nfRhyOJzzPzRFidT3gy+E4X/+/zlo6vfh/09LYgIiHSikJ2EFAADobIitwAQKGVgBAAA6HFgBAABADVgBAABADVgBAABADVgBAABADXsrRGAFAADYVsAKAAAAasAKAAAAajhagYIVAABg++BgBZGmRDoAKwAAwDYBVgAAAFCjpVbweDwN9zeO1bW4PbhuVGPDm349AACwubR6rqDUSo8Fpp1NHzp21p5F91DXaNywH2h6wSTXAwAAW5/NX0GyqeY2Jdi+dtsc3+Y4nqqxdD2t6rujb0yvBwAAtjJb0Qqmu+y3Tffa7LLqbL/hOJbwpAAAsGVp9ecKrlZaCK1gPxvQ9XR8R2/fYnUQwusBAIAtzuZ8rmC6YdOZZNs4RdCVb5JRrq7QZq5AeIMAALDV2CgrLCSua6O2mxZNXe22x9hHd3CrFuNX49mtrtD0Hk0PYn89uqcFQRCklSGp3htihYXE9R/qMa2k9jXXdJfNu35Xe+0dYPSEjaJcXc8PAACweZCIoflWUJRgtVf7Zt9YRk07mw537GO1rftqrPKNzRUIrwcAADYREjE4WYFpvhWsiq9pZ9OWxqzgeDpdB1gBANBhuLHCaOusYLVh05kzTC+MyzhWo4y7TDsQrilZrSARXg8AAGwiTbICE5DY3mZZQcG+yGq7WQ232rZ/qNs2OkNX6Akvg/B6AABgcyG1QuZcNj6qiqEVVgAAANB6XFiBHc2yozxrbQWJ6S3CCgAA0M64sAIzkmVHeXaUZ62swMIKAADQ3hBaQU5Pc/QIx4xkmdEsOworAABAZ0JuhQw9DCsAAECHQ2iFXPpsJjakThfK+RisAAAAHQipFVJn09GhTGyYo4c5ZgRWAACAzoTYClOpyEBVDLACAAB0KIRWkJJTyfBAKjqYjg1l6GFYAQAAOhNyK6yH+5ORihhgBQAA6ExIrbA+ubYYSob7lXUk2p7cIgAAErNJREFUWAEAADoTQiuI65O3F/rWK2IYhBUAAKAzIbSCsD5xa6739kJwfTGUjAyUZFgBAAA6EVIrrE3cvBq4Pd+3thhcD/eX5GjNChKsAAAAnQKxFcZvzFI353pvz/etLYbqrcBSEhPIwQoAAND+EFqBXxu/Puu/cZW6Ndd7e6FPZ4WAxPbm4rACAAC0PaRWuD2+esV/fZa6eTVwa64XVgAAgM7EhRUu+65f8d+YpW7OBUo5Myvk4rACAAC0N4RWyN56f+WSd/WyT1lHKuYiRiv05eJ9sAIAALQ1pFa4/f7KJe/KZe/qFd/1Wb+1FThYAQAA2hhyKyxf6qmI4bLPxgpTsAIAALQv5CtIy5d6VqpigBUAAKAzacQKl7xFCVYAAIBOxIUVvute/q5HWUcqSOH6n2KDFQAAoCNwaYVuZcYAKwAAQGfSgBWWYQUAQAfzyedfnvv9J2c/PN9JOff7Tz75/EuS23dthe+6l78zsUIgF++FFQAA7c7M+U+/uvhNlufLnUWW57+6+M3M+U8dnwFYAQAAakx/9DHPC6VSSewsSqUSzwvTH33s+Aw0ZIVuKyv04qfYAABtzdkPz5fL5YaL7+uvv07YTaXhc7mlXC6f/fC84zMAKwAAQA23VnjdCdNuJId11U4CrAAAAK5peK6g1GvtV/ueJIfSSYVwuBWwAgAAuKYxKxhLtq52O04mjIeyP5rbKxRhBQAAaIDGVpCsarp90bc6oHEbVgAAgM2h4bmCzSSA8LMHY8W3Wo/aClbgb8MKAIBtwF2uILlqcewGKwAAwCazEXMFqw4kS0yNLUOZ0nwrXOpevmRihbDEwAoAgA5hI+YKVm/5HQeSjyKh6VZYsbaCH1YAAHQGGzRXsOrjWPSbNVEQW2oFFlYAAHQId/mzzTa4etfvtp2EjbCCkuVLBiuIDJVjA7ACAKDd2aCfbbbp2XCVd0tLrSCxFOYKAIAOYOPmCpvOBlihx8IKjGKFQI4NwAoAgLYGvzPVpRUqYjCzAgsrAADanpmPL3x18RtBEFv1hw9ahCCIX138ZubjC47PgAsrXLa3QjyQi8MKAIC254Pzn05/9PGm//W05mb6o48/IPiTO5xbK1TFUGcFkfGJjD/HBnLxQDEDKwAAQBvj2gqXe1bq/25zWKQ1VsBcAQAA2hlyK6w6WwGfKwAAQJvTNCtILCWxFFaQAACgrXFlBVUMdVYQaK9A+yRGscIErAAAAO2LWyus6qxQzoeFGKwAAAAdQgNWWDWxQswnMn6JgRUAAKC9IbXC2vurV3rUFHIaK/CxHj7mFWm/yPhhBQAAaGsas0KxZgU5zEdhBQAA6BAIrSCsvX/9So8aCyvQ/gKsAAAA7QyJFV47uENYG78x61VTzIW7VCtko9181CvQPlgBAADaHUIriGvjN2e9avRWyKpWSMMKAADQxpBY4eihHeL6+K2rPjXFXERjhUh3NtojxHwC7Sukx0msUC6XHc8KAACg9SwkrpfLZfs+xw7tkNbH1+Z9a3OVlHKRrt1aK0R6+JhXiJFagauKAUEQBNlScVQCx3HHDu/IJcfXF/zr85WUcpG9d2kFjuN+AAAAsMUgqd6KFVKL/uSiP7ngTy74S7LRClEvH/Pm3VgBAABAO3L88E45OZFepFKLVGqBSi1QJTmyd/f9ihUWucgTFStEYQUAAOh8jh/ZKacm0mEqHaZSi1RqEVYAAIBtjGKFTJhSkg5TZVgBAAC2LU5WCD/BRbqz0R5YAQAAtgMVK0QoVQwGK4RhBQAA2C7UrBAxtUKkYoVstAdWAACAjqfOChErK0R6shFYAQAAOh9YAQAAQI3jR3bUWSFSb4VspPJpczbSk0/BCgAA0OEcP7xDTo1nIv56K9xXs4LyC/KyUVgBAAA6n4oVwn5VDCZW4KM9PD5tBgCAbcAx1QoVMfhhBQAA2L7UWSHsz4Q3yQoej0e7rYXjOM/P/uLuaJr+xrHacxkfGi+GfKDJlVgPt78qAMBmcfrL+QO/+owam+mkHPjVZ6e/nCe5fcUK6Y2zgsca027qQ/3Gz/6ifDWN/qT1LXWSsHWAaWPFTBYD7W+NxEAkzw8AoDWc+mLuibe/fuzPgm/xTiflsT8LT7z99akv5hyfgaoVfK2eK5iWTpsNkyOYycDeGaZl16YQ2xRr8g37om91g7ACAJvCMycvPP6t8PNE+X+S+U7KzxPlx78Vnjl5wfEZqK4g+dKttAK5ElxZwXSX1UTBY5gB2J3L4i0/oSdswFwBgC0FNTbjW7jz5Xo+LbqIx+OxbzF2aHG+XM/7Fu5QYzOOz4D6uULrrOD4ltxkCMEykdUuGyuY1nqrSYPpBXPWMtAJw+oeMVcAYEuhWiElyq7i8XhMt42NxoJgfzSSdse4tkKkVZ82mxd9TXk1fq30qRZ344bJAYnnCo4bjgXdpg9JZTcdrjsRAKBlKFb4w5qcFFoUj8dj1aItCDb9SfKHNdmNFSa4CMVFKC6yeVbQVUOTCmtmBe0nB1YfKtT1carvVhdp09KYXeyfEJt2AMCGoljhizV5XcgRxua9nbaPbojjLsLhhPmC2ArHD+/Ia62w0T+vYGUFrv6tt7Fzw3MFbYtVOXZrBdMSb7Nhg83ryXEsAKDpUGMz3oXyZ7ekW9lG4vF4SNq1D612WR3KfpdVPrsleRfK7qwQpbgolY3qfrY5ujlzBWNn7YRA22J+FpdW0LVo/eRYrEmsQFjxYQIANh1qbMY7X75wU7rJiQ3E4/HYtBtLgXGI+tDqUPa7rHLhpuSdJ7PCkR359EQ2GqhG99vxWmUF41ddAdWuFKktlme5ayt4DJMD08uuu0LiSYPxMhyHAABaAzU289hscYJNza0Sxerto4raTTfKdFv7UNduNZwwE2zqsdkimRV21lshYLBCdBOsYOx8N58214bYvmG3qcjGsu6xngeYlnirUxvv2qoRANACqLGZR2cL40xydnm9gXg8Hsd2pQhYDVEfWh3KfpdVxpnko7OFJliBjz7BR7v5WBOs4FiLOU7/Jr1WVZ0+SSaN9ecK9iXYZi+JXUyLvuk1aJ8lWAGA1qNY4Xd08vK1dbfxeDzqV9Ndpn10/XU97fuQ53f01rMCAABsfaixmb1XCu9Fbn/L3nIVj8djuq1tUdtJOisbClYnIs97kdt7r7iwAh+ztYIQ6+FjsAIAoPOhxma6LuffDd/6P/oGeTwej32L9qFS6G3GWjXatDvm3fCtrsv5ZlpBgBUAANsAxQq/Xbz5v7HrJFFKvOMu0z7qVIDwXHeT3y7edGsFVQyWVijACgCATocam9lzWT41f+PryGon5dT8jT2XZbdWUAIrAAC2L8+cvLD7YubArPDO3PVOyoFZYffFDMnvTIUVAACgxqkv5h7/9R93/ynzD5fkTsruP2Ue//UfSf6+wvEjOwvpCQFWAAAAhd98fnX/Lz/d9L+e1tzs/+Wnv/n8KsntV6xABwS6aoU8rAAAANsVWAEAAEANrRUUMZhaoRtWAACA7cDxIzsLmZoVBLrOCmFYAQAAthUurXAQVgAAgE5GsYLIBMSqFe7UrJAP89FuPtrNwwoAALA9sLPCnXyYj3Xz0R5YAQAAtgk1K1TFUGcFIdYt0D21/4MEKwAAQEdTZwUmIFpYwQsrAADAduD4kZ3FzKTI9KpiqLcC3S3QPQLtFWgvrAAAAB0PuRV8+J+pAADQ8ShWkNheVQwWVmB8heR/Tv33Px879GMEQZA2ytGDPzp68EdHDz509OBDRw8+ePTg3yt57SVtHvzXlx587aWHlM7HDv342KEdxw7vOH54x/EjO44f2bl9Mv3eC6X0Ozm2T7K2glekvSLjk68fKqT+q5Aer0vGLGm75DUxO9REITNR5NRMFrnJEjdZyk6WspOl2sMpd+GmikSZtEvGMgWn5NMTriKnxm2Ss0rSMe+rkdZNM55br/WXUxNyaiKfnsynJ/PpqUJGydkid7bITRezlZTMc25T88HWi+XVFrPnipxNpovcdIGbLmSUnDVkSpt8eqqQniqkp/LpynY+PaX8IxYq/5TGWL8aU+MkUV6Z9nvNk7RI7YDqxUwW0pOF9FQhM1XMKN+wykvxbKkSi5ciN13izpa4qWomS5zuO1f72p4ucbWXUJmfKfMzZf5Di8zU54Myf66a6TI/XebPlrNT9Zm0zlQrwk+VefNdlWqZfqdw4+Uc26dOF74vRPfuvt+zZ8+eM6d/IV37J4H2ioxXZHwi4xdZSmT8km1Exi/SDhFovxCrhvaLNCXSlMhQEkNJTEBiAhIbyLG9uXivHO+TE31yoi+fCOaX1ISc0q9PIiQ7J5iL24a1jMQGRabPJgLda4z2N5hr/x6eEi5KcRGTZMJUOuw3z6LPJiklC77UgldNct6bnPeuV9KzPudNznuTC77Ugi+16E8vKoelMuFANtrHx4ICHRKZfokdkOIDufhgLqFkSNZn2CIjDWXUdZZG5aUn67Mvr+aaXeRrT8rXnjQMb1LMrjaXGKkkPpKLDyuR4sNSZWNIYockdkhkB0V2UGSUDIjMgMD0C7SakBqeCfJ0kFe26SAfC/KxvkroSrKx3mxUG+3Lj9KGi1BcxG+fTNiXCfu4iHkyYa9V0oum8WXCvkxYObhyGYFsNMDHegW6T2SCIhOS2FAu3p9LDOQSg3JiUF6qvvaWhuSl4bokhuTEoJzol+P9cjwkx/vkeG+O7ZUYpepVDigw/SI7mIsPy4mR/NKThWv7Css/Ka48VVx9qrT6dGn1H63zdGn16dLqU6XVn5RW95VWnyytjJZWRkorQ6WVwdLKQGm5v7QcKi2HSsvB0nKwtNxnm2CjCdWn3zwr1Sz3l5b7i2qu9ReuhQrXQvmlkJwIyvFgLt4nsb255Z+eefffH330Uc/zzz/f9chfFTJTAq0owSeyfomlJFap3bZWcBKDuRVqbqhZQSuGmhsSwXzC3g0GKywpt0oQezFYuEGqiMHODQJt4gY+VueGrNENFmLImFtBia0YdFaoiiFZsULP+lyP4onkgkYPYYqL9FbEwNSLIT6YSwwarKB3Q66SETUbKwYTK1RiI4YNlEEtplYY1Vih4gapqodcfEiKD0lxEytU0y8w9VaomCDIx4LZWB9PBwXVDYwqhl4+ZmWFOjeQWKFa/S3FwIWt3UAgBi5CKVbg6T6BDlbF0J+LD+TiA7n4oKy4QS+GIXlpUGOF0F1YwUYMqhWqYlhRxDCsEQO5FRoWQ4hUDMs1MRSNYlgK5RNBOVGxQpE71/XIA/v27fMcPHiwa9d9Z06/mb/9hisrkMwYBK0Y6HoxGKYLJjMGZyuYuiGUXwoRTRocxWDtBrsZg5kVhJjTjMGVFcKEVjAXg2qFNYMeFDFkIgEu1svTQYEJCWxIZPuleL8UH6jOGKqJazNkyHBDGcnFR7RSIcrSqBp7MWh9oB1FmoTbaAUwkouPSPERqTo/kOLDyuRAYodEtqqE+KDIDgrsgMAOCIySfiU8E+KZEE8rUWYJwaxGDDzdV5sx0H21r3bThYDVdCFjGV867EuHfZmwLxMxSbqhGQNXP2NQpgsCHRSYoMhqxKC1Qk0MihUG5MRAM6zgVgwjGjFspenCssV0YblqBUUM8WBh/T/OvPvW3t33P/fcc5433njjxRdf/Nu/vufM6bcK3Nncyk+l5lnBfh1JieU6koulJOOMob8lMwa360i9NlZo+nQhbT1dUKywNte9NlfduNqtuCG54Est+NOLFBepW0oS2cqkoTZvqEaKD0iskkElIjsgsgOVN7zsoFr4HFITib6SOqTiBk0t1rhBa4U6Jbiu77VICaW4VyLGh7UPa0mMSInhOgfEhyV2WGSHtFGtUI06UahagR5Q1o54up+nQ3xMSd0sIRvrq80YtOtIsaoViNeR1NKfiSjv4g2J1Aq6ZfWvT61x0ZtyuY6kzBgq60h104VBWysENVYIiHSzrKATg3YdaXgrriPVLyUZ15EKN/6llD135t23/u5v7t2/f/+rr77qefvtt8fGxl588cWuXfd1PfLAmdP/dicf2dRE7xQq+f7ucock+Q2N/u7KxsgbmJIcKclhfXJOkSMl7XFM7iumiasnRDcq1swUTEPfKdDfF+g7dbHqTJbmXrZz6p7Dsk3k2le1Z/2Q5r7AwiU5XG4oJi9LOWxyirzpyy96Jx+1+NfRfV8baovupViIfV+gaynqwljE2JP+vhDT5G5rVytz5vQvuh55YO/u+/fv3//yyy+fOHHCc+rUqZMnT46Njb3wwgvPPvts16779u5GOjZdu+/r2qXNvc3Knl337nlYzT31udc5zbsSQzbslvX3q7+p2jOzy/yuW3K/dx/TU7T4Ghq4znvq8nAtex6+R3up9d8j92/DjI6OHjhw4JVXXjlx4sSbb775/zYXrYKlY2NcAAAAAElFTkSuQmCC" alt="" />
相反,如果我们的证书的签发机构不是一个权威机构,浏览器在访问的时候就会报风险提示
2. 本机搭建CA认证中心
我们同样可以使用openssl在本机搭建CA认证中心
/*
1. 建立CA目录结构
按照OpenSSL的默认配置建立CA,需要在文件系统中建立相应的目录结构。相关的配置内容一般位于/usr/ssl/openssl.cnf内
-- demoCA/
|-- index.txt
|-- newcerts/
|-- private/
|-- serial
2. 生成CA证书的RSA密钥对
我们知道,要利用公钥机制,必要需要先建立密钥文件
3. 生成CA证书请求
4. 对CA证书请求进行自签名
(3、4两步可以合并执行)
*/
mkdir -p ./demoCA/{private,newcerts}
touch ./demoCA/index.txt
echo > ./demoCA/serial
cp /usr/lib/ssl/openssl.cnf ./
openssl genrsa -out ./demoCA/private/cakey.pem
openssl req -new -days -key ./demoCA/private/cakey.pem -out careq.pem
..按照提示填写申请者身份信息..
//openssl中有些指令可以为一条指令(3、4步骤可以合并到以下一步完成)
openssl req -new -x509 -days -key ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem
0x2: 服务端证书准备
要配置apache的SSL通信,需要为apache配置服务端的"服务器根证书"
/*
1. 生成服务端证书的RSA密钥对
和根CA一样,生成服务端证书同样也是使用RSA机制,自然也需要为服务端生成一个RSA私钥文件(但不能和CA的一样)
2. 生成服务端证书请求
4. 查看刚才生成的请求签发证书
3. 使用CA根书对"服务端请求签发证书文件"进行签名
*/
openssl genrsa -out serverkey.pem
openssl req -new -days -key serverkey.pem -out serverreq.pem
..填写证书申请者的身份信息..(common name不能为空,申请证书的countryName必须和CA的countryName相同)
openssl req -noout -text -in serverreq.pem
openssl ca -in serverreq.pem -out servercert.pem -config openssl.cnf
(如果在签发的时候遇到异常,记得到openssl.cnf配置文件中查看是否是配置项出了问题)
0x3: 配置apache的SSL证书
http://www.metsky.com/archives/561.html
/*
1. 加载SSL模块
2. 配置apache的ports.conf文件
3. 设置site-enabled
4. 修改配置文件
5. 重启APACHE
*/
sudo a2enmod ssl
这条命令相当于
sudo ln -s /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled
sudo ln -s /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled
如果没有a2enmod指令,也可直接在apache2.conf中设置SSL模块加载:
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so vim /etc/apache2/ports.conf
加入443端口
Listen ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/-ssl vim /etc/apache2/sites-enabled/-ssl
把端口改为443,在<Virtualhost>下加入SSL认证配置,其它的根据需要自己定制 与普通配置无异
NameVirtualHost *:
<VirtualHost *:>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/servercert.pem
SSLCertificateKeyFile /etc/apache2/ssl/server.key
ServerAdmin webmaster@localhost
DocumentRoot /var/www
ServerName myServerName
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
</VirtualHost>
cd /etc/apache2/ssl/
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out servercert.pem
/etc/init.d/apache2 restart
0x4: 配置客户端的SSL证书
客户端证书并不一定需要,只有在服务端配置了一个"验证客户端选项"的时候,才需要配置客户端证书,在大多数情况下都不需要客户端证书
整个CA架构如下图所示
Copyright (c) 2014 LittleHann All rights reserved
openSSL命令、PKI、CA、SSL证书原理的更多相关文章
- 生成自签名CA+SSL证书
1.创建CA证书配置CA.cnf文件 [ req ] distinguished_name = req_distinguished_name x509_extensions = root_ca [ r ...
- PKI/CA与证书服务
目录 PKI CA RA LDAP目录服务 CRL证书作废系统 数字证书 证书验证 证书撤销 证书更新 PKI系统的构成 PKI PKI(Public Key Infrastructure)公钥基础设 ...
- ssl证书原理
SSL证书(HTTPS)背后的加密算法 SSL证书(HTTPS)背后的加密算法 之前我们介绍SSL工作原理了解到当你在浏览器的地址栏上输入https开头的网址后,浏览器和服务器之间会在接下来的几百毫秒 ...
- SSL证书原理讲解
一直以来都对数字证书的签发,以及信任等事情一知半解.总算有个闲适的周末来总结和深入一下相关的知识. CA: CA(Certificate Authority)是证书的签发机构,它是负责管理和签发证书的 ...
- openssl 自建CA签发证书 网站https的ssl通信
<<COMMENTX509 文件扩展名 首先我们要理解文件的扩展名代表什么.DER.PEM.CRT和CER这些扩展名经常令人困惑.很多人错误地认为这些扩展名可以互相代替.尽管的确有时候有些 ...
- Nginx集群之SSL证书的WebApi微服务
目录 1 大概思路... 1 2 Nginx集群之SSL证书的WebApi微服务... 1 3 HTTP与HTTPS(SSL协议)... 1 4 Ope ...
- python-ldap修改AD域用户密码(CA+SSL)
代码连接:https://github.com/raykuan/ldap-notes 使用python的ldap模块连接AD服务器,有两种方式: 非加密:con = ldap.initialize(' ...
- Splunk < 6.3 版本 SSL 证书过期事宜
最近Splunk发出邮件提醒客户SSL证书过期事宜. 问题看起来比较严重,因为所有的实例,包括 forwarder\peernode\indexer\master node 等等都受影响,而且Depl ...
- IIS服务器SSL证书安装
在证书控制台下载IIS版本证书,下载到本地的是一个压缩文件,解压后里面包含.pfx文件是证书文件,pfx_password.txt是证书文件的密码. 友情提示: 每次下载都会产生新密码,该密码仅匹配本 ...
随机推荐
- Java Executor并发框架(一)整体介绍
一.概述 Java是天生就支持并发的语言,支持并发意味着多线程,线程的频繁创建在高并发及大数据量是非常消耗资源的,因为java提供了线程池.在jdk1.5以前的版本中,线程池的使用是及其简陋的,但是在 ...
- 常用excel技巧
1.excel 设置行列分色显示 =MOD(ROW(),2)=0 2.多表匹配数据 通过身份证在另外一个表查找这个人的基本信息 第一张表 第二张表: =VLOOKUP(F12,'2014总表'!D: ...
- Android 界面排版的5种方式
Android布局是应用界面开发的重要一环,在Android中,共有五种布局方式,分别是:FrameLayout(框架布局),LinearLayout (线性布局),AbsoluteLayout(绝对 ...
- Power Builder的学习
新的任务可能要运用PowerBuilder了,对这个名词之前仅是有所耳闻,工作中倒是用过power designer这个优秀的建模工具,出自同一家公司的产品,应该拥有同样的基因,于是上网开始查阅相关资 ...
- Ant 执行 YUICompressor
Ant 执行 YUICompressor 任务压缩 JavaScript 和 CSS 文件,解决中文乱码问题,增加源文件字符编码集设定 标签: javascriptantcss任务encodingnu ...
- Python解析器源码加密系列之(二):一次使用标准c的FILE*访问内存块的尝试
摘要:由于近期打算修改Python解释器以实现pyc文件的加密/解密,出于保密的要求,解密之后的数据只能放在内存中,不能写入到文件中.但是后续的解析pyc文件的代码又只能接受FILE*作为入参,所以就 ...
- java实现八皇后问题(递归和循环两种方式)
循环方式: package EightQueens; public class EightQueensNotRecursive { private static final boolean AVA ...
- LeetCode:Remove Duplicates from Sorted List I II
LeetCode:Remove Duplicates from Sorted List Given a sorted linked list, delete all duplicates such t ...
- IOS开发之——keychain使用介绍 保护本地文件的安全
iOS的keychain服务提供了一种安全的保存私密信息(密码,序列号,证书等)的方式.每个ios程序都有一个独立的keychain存储.从ios 3.0开始,跨程序分享keychain变得可行. 使 ...
- gdb调试汇编堆栈分析
代码(src/05/gdb.c) int g(int x) { return x + 4; } int f(int x) { return g(x); } int main(void) { retur ...