我正在尝试为内部业务用户设置反向代理,以便在外部路由关闭时进行站点验证。我能够在httpd.conf中为端口80设置多个具有相应虚拟主机条目的路由:匿名用户。我担心陷入SSL路线而无法取得进展。我去过多个论坛,但无法找到帮助我进一步行动的回复。
Apache版本:Apache / 2.2.29(Unix) Linux版本: $ cat / etc / * - 发布 企业Linux企业Linux服务器版本5.8(迦太基) Oracle Linux Server 5.8版 红帽企业Linux服务器版本5.8(Tikanga)
当我尝试通过SSL(*:443)访问时,我在所有3个浏览器(IE / Chrome / Firefox)上都得到空响应。注意:我按照How to Create and Install an Apache Self Signed Certificate的说明生成了自签名证书。
错误记录
[Wed Jul 08 23:16:06 2015] [notice] Digest: generating secret for digest authentication ...
[Wed Jul 08 23:16:06 2015] [notice] Digest: done
[Wed Jul 08 23:16:06 2015] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x21b6ff0 rmm=0x21b7048 for VHOST: stgwww.cos.agilent.com
[Wed Jul 08 23:16:06 2015] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x21b6ff0 rmm=0x21b7048 for VHOST: stgwww.cos.agilent.com
[Wed Jul 08 23:16:06 2015] [info] APR LDAP: Built with OpenLDAP LDAP SDK
[Wed Jul 08 23:16:06 2015] [info] LDAP: SSL support available
[Wed Jul 08 23:16:06 2015] [info] mod_unique_id: using ip addr 127.0.0.1
[Wed Jul 08 23:16:07 2015] [info] Init: Seeding PRNG with 144 bytes of entropy
[Wed Jul 08 23:16:07 2015] [info] Loading certificate & private key of SSL-aware server
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Wed Jul 08 23:16:07 2015] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Jul 08 23:16:07 2015] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(253): shmcb_init allocated 512000 bytes of shared memory
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(272): for 511920 bytes (512000 including header), recommending 32 subcaches, 133 indexes each
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(306): shmcb_init_memory choices follow
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(308): subcache_num = 32
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(310): subcache_size = 15992
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(312): subcache_data_offset = 3208
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(314): subcache_data_size = 12784
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(316): index_num = 133
[Wed Jul 08 23:16:07 2015] [info] Shared memory session cache initialised
[Wed Jul 08 23:16:07 2015] [info] Init: Initializing (virtual) servers for SSL
[Wed Jul 08 23:16:07 2015] [info] Configuring server for SSL protocol
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(521): Creating new SSL context (protocols: SSLv3, TLSv1)
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(759): Configuring permitted SSL ciphers [HIGH:MEDIUM:!aNULL:!MD5]
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(843): Configuring server certificate chain (1 CA certificate)
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(890): Configuring RSA server certificate
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(936): Configuring RSA server private key
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(521): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Jul 08 23:16:07 2015] [info] mod_ssl/2.2.29 compiled against Server: Apache/2.2.29, Library: OpenSSL/0.9.8e-fips-rhel5
[Wed Jul 08 23:16:07 2015] [debug] proxy_util.c(1829): proxy: grabbed scoreboard slot 11 in child 6098 for worker proxy:reverse
[Wed Jul 08 23:16:07 2015] [debug] proxy_util.c(1945): proxy: initialized single connection worker 11 in child 6098 for (*)
---------
truncated for ease of reading
---------
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] Connection to child 0 established (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] Seeding PRNG with 144 bytes of entropy
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1903): OpenSSL: Handshake: start
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1911): OpenSSL: Loop: before/accept initialization
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1939): OpenSSL: read 11/11 bytes from BIO#22341b0 [mem: 223b880] (BIO dump follows)
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1872): +-------------------------------------------------------------------------+
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1911): | 0000: 43 4f 4e 4e 45 43 54 20-73 74 67 CONNECT stg |
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1917): +-------------------------------------------------------------------------+
**[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1940): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] SSL library error 1 in handshake (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] SSL Library Error: 336027803 error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request speaking HTTP to HTTPS port!?
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] Connection closed to child 0 with abortive shutdown (server stgwww.cos.agilent.com:443)**
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] Connection to child 1 established (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] Seeding PRNG with 144 bytes of entropy
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1903): OpenSSL: Handshake: start
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1911): OpenSSL: Loop: before/accept initialization
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1939): OpenSSL: read 11/11 bytes from BIO#22341b0 [mem: 223b880] (BIO dump follows)
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1872): +-------------------------------------------------------------------------+
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1911): | 0000: 43 4f 4e 4e 45 43 54 20-73 74 67 CONNECT stg |
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1917): +-------------------------------------------------------------------------+
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1940): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] SSL library error 1 in handshake (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] SSL Library Error: 336027803 error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request speaking HTTP to HTTPS port!?
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] Connection closed to child 1 with abortive shutdown (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] Connection to child 4 established (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] Seeding PRNG with 144 bytes of entropy
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1903): OpenSSL: Handshake: start
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1911): OpenSSL: Loop: before/accept initialization
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1939): OpenSSL: read 11/11 bytes from BIO#22341b0 [mem: 223b880] (BIO dump follows)
===========
打开SSL检查
[sandeep@atgweb logs]$ openssl s_client -connect 192.168.244.129:443 -state -nbio
CONNECTED(00000003)
turning on non blocking io
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
**SSL_connect:error in SSLv2/v3 read server hello A
write R BLOCK**
SSL_connect:SSLv3 read server hello A
depth=0 /C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
**verify error:num=18:self signed certificate**
verify return:1
depth=0 /C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:error in SSLv3 read finished A
SSL_connect:error in SSLv3 read finished A
read R BLOCK
SSL_connect:SSLv3 read finished A
read R BLOCK
---
Certificate chain
0 s:/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
i:/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
1 s:/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=atgweb.localvm.com/emailAddress=sandeep_rohilla@agilent.com
i:/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=atgweb.localvm.com/emailAddress=sandeep_rohilla@agilent.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICvTCCAiYCCQDmbgmAHQHTpTANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCUN1cGVydGlubzEQMA4G
A1UEChMHQWdpbGVudDELMAkGA1UECxMCSVQxHzAdBgNVBAMTFnN0Z3d3dy5jb3Mu
YWdpbGVudC5jb20xKjAoBgkqhkiG9w0BCQEWG3NhbmRlZXBfcm9oaWxsYUBhZ2ls
ZW50LmNvbTAeFw0xNTA3MDgxNzM2MzZaFw0xNjA3MDcxNzM2MzZaMIGiMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5v
MRAwDgYDVQQKEwdBZ2lsZW50MQswCQYDVQQLEwJJVDEfMB0GA1UEAxMWc3Rnd3d3
LmNvcy5hZ2lsZW50LmNvbTEqMCgGCSqGSIb3DQEJARYbc2FuZGVlcF9yb2hpbGxh
QGFnaWxlbnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDET9X5cK3G
5Cgxz6RIo1irZAnqQQg2sMdDZ3nTyGLzOTNp90xhHp1+VC6ud5Hcivv2112+QCsA
MVVJIlkUs+bv7gyiPvviFOSyoi5KAiONkmyr5Vyy1XrVfsrCcF/JhYLltoghDl+Q
6ask51K3OUjVka6UrziAunuzgoR5QHavkQIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
ABJqn06X+nvN8gZo9e+ywZhUlyhJIkrYeSS3tEpnBS4PRGyHe2egZKeu1oOquI4w
Sf1toICVVusCoLnSEw1lScfNEYk4oVdmAZBKGV1dHS8dIM7/UIQuIoRQlBQ6DkJp
uq9NHIZrmM0j1Mrj5gxRx0Yqz8U/pYm3XuEAgy7KTmYz
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
issuer=/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
---
No client certificate CA names sent
---
SSL handshake has read 2509 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: EE96B79CC47110B9A7B242691F1721DE77A3119F001CC88CE3B9BEFB4433D8D1
Session-ID-ctx:
Master-Key: 30CB866077089FD7198DBD08EEAD9A98C58E43563A191FA2FA8E7A967963E4A614F53045C8528B0978ABD0285ACC41FE
Key-Arg : None
Krb5 Principal: None
Start Time: 1436378586
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
[sandeep@atgweb logs]$ cd ..
[sandeep@atgweb apache2]$ cd bin
[sandeep@atgweb bin]$ sudo ./apachectl -version
Server version: Apache/2.2.29 (Unix)
Server built: May 21 2015 21:05:01
HTTPD-SSL.CONF文件
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
Listen 443
NameVirtualHost *:443
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/apache2/logs/ssl_mutex"
## SSL Virtual Host Context
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs"
ServerName xxxxx:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache2/logs/error_log"
TransferLog "/usr/local/apache2/logs/access_log"
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
SSLProtocol all -SSLv2
# SSL Cipher Suite:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Server Certificate:
SSLCertificateFile "/usr/local/apache2/conf/ssl.crt"
# Server Private Key:
SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key"
# Server Certificate Chain:
SSLCertificateChainFile "/home/sandeep/sandeep.crt"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
CustomLog "/usr/local/apache2/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLProxyEngine on
SSLProxyVerify none
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ProxyPass / http://www.google.com
ProxyPassReverse / http://www.google.com
</VirtualHost>
已启用模块
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule echo_module modules/mod_echo.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule charset_lite_module modules/mod_charset_lite.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
我真的很感谢这方面的帮助。这几天我一直在撞墙。我也是新手,如果我错过了一些基本道歉的话。
答案 0 :(得分:0)
我在OS X上使用pbpaste
将s_client
的PEM编码证书粘贴到剪贴板上(见下文)。您与openssl s_client -connect 192.168.244.129:443
联系,但192.168.244.129
不 主题替代名称。
您需要修改服务器证书中的名称。要在适当的浏览器位置创建包含服务器名称的证书,请参阅How to create a self-signed certificate with openssl?。 (不要担心自签名与CSR - 步骤是一样的。)
浏览器仍可能拒绝自签名证书。答案讨论了为什么以及如何解决它。
相关:
SSLProtocol all -SSLv2
应为SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
应为SSLCipherSuite HIGH:!aNULL:!MD5:!RC4
。sha1WithRSAEncryption
应使用SHA256和2048位RSA模块$ pbpaste | openssl x509 -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 16604219322008720293 (0xe66e09801d01d3a5)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Cupertino, O=Agilent, OU=IT, CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
Validity
Not Before: Jul 8 17:36:36 2015 GMT
Not After : Jul 7 17:36:36 2016 GMT
Subject: C=US, ST=California, L=Cupertino, O=Agilent, OU=IT, CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c4:4f:d5:f9:70:ad:c6:e4:28:31:cf:a4:48:a3:
58:ab:64:09:ea:41:08:36:b0:c7:43:67:79:d3:c8:
62:f3:39:33:69:f7:4c:61:1e:9d:7e:54:2e:ae:77:
91:dc:8a:fb:f6:d7:5d:be:40:2b:00:31:55:49:22:
59:14:b3:e6:ef:ee:0c:a2:3e:fb:e2:14:e4:b2:a2:
2e:4a:02:23:8d:92:6c:ab:e5:5c:b2:d5:7a:d5:7e:
ca:c2:70:5f:c9:85:82:e5:b6:88:21:0e:5f:90:e9:
ab:24:e7:52:b7:39:48:d5:91:ae:94:af:38:80:ba:
7b:b3:82:84:79:40:76:af:91
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
12:6a:9f:4e:97:fa:7b:cd:f2:06:68:f5:ef:b2:c1:98:54:97:
28:49:22:4a:d8:79:24:b7:b4:4a:67:05:2e:0f:44:6c:87:7b:
67:a0:64:a7:ae:d6:83:aa:b8:8e:30:49:fd:6d:a0:80:95:56:
eb:02:a0:b9:d2:13:0d:65:49:c7:cd:11:89:38:a1:57:66:01:
90:4a:19:5d:5d:1d:2f:1d:20:ce:ff:50:84:2e:22:84:50:94:
14:3a:0e:42:69:ba:af:4d:1c:86:6b:98:cd:23:d4:ca:e3:e6:
0c:51:c7:46:2a:cf:c5:3f:a5:89:b7:5e:e1:00:83:2e:ca:4e:
66:33