salrashid123/envoy.yaml

salrashid123 · 2022-10-20T14:43:39Z

curl  -vvv  --cacert certs/tls-ca-chain.pem -H "Host: httpbin.org" --connect-to  httpbin.org:443:127.0.0.1:8081 https://httpbin.org:443/get

tls-ca-chain.pem

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Google, OU=Enterprise, CN=Enterprise Root CA
        Validity
            Not Before: Jan  9 22:05:43 2022 GMT
            Not After : Jan  9 22:05:43 2032 GMT
        Subject: C=US, O=Google, OU=Enterprise, CN=Enterprise Subordinate CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:01:12:b9:8a:c9:e5:4b:d5:cc:d9:7a:2b:d1:
                    cb:db:02:23:2a:98:b5:66:65:0d:36:50:e8:9f:02:
                    06:ff:c3:aa:a6:9b:fc:2e:5e:79:b8:ae:4b:b1:09:
                    cf:10:f8:e2:bb:a7:71:78:ee:cb:1f:f6:0c:64:32:
                    19:31:84:a7:eb:6e:90:29:2e:9c:05:0e:bb:59:61:
                    e9:db:1b:db:e3:35:c8:a6:39:f0:2e:de:85:5f:ef:
                    a9:b3:cc:99:37:03:e7:4f:ac:a4:cd:45:1d:4e:0b:
                    c3:3c:7c:e2:b1:ca:af:f2:20:62:34:9b:f4:ce:c9:
                    93:f6:cc:99:35:f5:f2:14:c3:10:54:fb:c8:94:4e:
                    e1:07:8e:71:8c:61:a7:27:9c:c7:49:6a:c8:5f:3d:
                    22:93:82:61:ec:80:51:84:ce:0b:33:b9:22:ee:e5:
                    4f:ab:ad:7d:e5:c0:7a:dc:bf:47:1f:04:73:7e:96:
                    86:6e:eb:29:b4:4c:a6:45:b9:e3:4d:81:2b:bb:fc:
                    48:1c:7e:f5:25:19:41:24:a2:3a:b3:97:f1:d6:26:
                    80:cc:e1:f0:e3:e6:d0:3a:cb:df:73:79:6b:e6:7b:
                    32:0c:e3:ee:92:f9:de:de:b2:d2:50:f9:20:49:82:
                    ed:94:4b:cf:7b:0a:77:e7:01:e2:5e:50:ec:12:03:
                    2c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Subject Key Identifier: 
                B7:BA:B0:02:A1:E7:BE:34:C6:C1:05:5C:66:78:E5:BB:53:5D:A1:54
            X509v3 Authority Key Identifier: 
                keyid:7C:1C:5B:E8:3E:B3:33:09:96:92:32:D8:7F:44:BF:CC:8C:93:9C:92

            Authority Information Access: 
                CA Issuers - URI:http://pki.esodemoapp2.com/ca/root-ca.cer

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://pki.esodemoapp2.com/ca/root-ca.crl

    Signature Algorithm: sha256WithRSAEncryption
         c2:ae:b0:30:75:e4:50:32:8b:ee:d3:4c:2c:f0:8d:eb:79:42:
         0c:11:db:6c:17:02:d1:4a:1b:b4:82:05:61:18:73:07:d6:f1:
         83:a5:d4:49:a1:a4:a9:08:67:42:70:fb:f5:20:0d:01:90:be:
         bd:eb:d7:5f:d4:60:d4:c5:03:96:6e:22:da:8f:24:39:4b:a7:
         d5:16:06:7f:c8:86:e7:dd:2c:cc:c3:b0:ee:6e:28:36:8b:dc:
         49:a3:d9:5a:3e:98:e3:8c:cf:e0:17:a6:c1:4b:17:61:a0:b5:
         0a:2c:57:f4:7b:cd:85:0a:e0:0f:5e:c9:1e:89:6e:c1:73:55:
         c1:de:e8:b8:c6:03:cd:57:3d:d3:1e:ef:0c:6b:dc:ff:7d:32:
         51:a2:1a:c2:f2:dd:42:fe:96:9b:ed:34:29:71:04:7a:5e:44:
         6b:5f:94:9b:fc:c3:3a:4e:71:5e:c3:bb:03:e5:cb:85:4f:ba:
         3f:0e:f6:d6:4f:8d:bf:50:fd:a7:b8:d8:b9:f7:54:c8:19:80:
         c9:04:22:81:aa:77:74:00:7e:91:cf:e5:53:c9:e4:54:56:9e:
         23:db:51:31:b7:32:f4:24:a9:8d:d5:2f:9d:98:fe:56:e8:fd:
         44:57:ec:ed:12:59:4a:11:5d:cd:fd:ee:ab:eb:9e:70:94:31:
         bf:d3:2e:c6
-----BEGIN CERTIFICATE-----
MIIEDTCCAvWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEP
MA0GA1UECgwGR29vZ2xlMRMwEQYDVQQLDApFbnRlcnByaXNlMRswGQYDVQQDDBJF
bnRlcnByaXNlIFJvb3QgQ0EwHhcNMjIwMTA5MjIwNTQzWhcNMzIwMTA5MjIwNTQz
WjBXMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGR29vZ2xlMRMwEQYDVQQLDApFbnRl
cnByaXNlMSIwIAYDVQQDDBlFbnRlcnByaXNlIFN1Ym9yZGluYXRlIENBMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQESuYrJ5UvVzNl6K9HL2wIjKpi1
ZmUNNlDonwIG/8Oqppv8Ll55uK5LsQnPEPjiu6dxeO7LH/YMZDIZMYSn626QKS6c
BQ67WWHp2xvb4zXIpjnwLt6FX++ps8yZNwPnT6ykzUUdTgvDPHziscqv8iBiNJv0
zsmT9syZNfXyFMMQVPvIlE7hB45xjGGnJ5zHSWrIXz0ik4Jh7IBRhM4LM7ki7uVP
q6195cB63L9HHwRzfpaGbusptEymRbnjTYEru/xIHH71JRlBJKI6s5fx1iaAzOHw
4+bQOsvfc3lr5nsyDOPukvne3rLSUPkgSYLtlEvPewp35wHiXlDsEgMs7wIDAQAB
o4HqMIHnMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1Ud
DgQWBBS3urACoee+NMbBBVxmeOW7U12hVDAfBgNVHSMEGDAWgBR8HFvoPrMzCZaS
Mth/RL/MjJOckjBFBggrBgEFBQcBAQQ5MDcwNQYIKwYBBQUHMAKGKWh0dHA6Ly9w
a2kuZXNvZGVtb2FwcDIuY29tL2NhL3Jvb3QtY2EuY2VyMDoGA1UdHwQzMDEwL6At
oCuGKWh0dHA6Ly9wa2kuZXNvZGVtb2FwcDIuY29tL2NhL3Jvb3QtY2EuY3JsMA0G
CSqGSIb3DQEBCwUAA4IBAQDCrrAwdeRQMovu00ws8I3reUIMEdtsFwLRShu0ggVh
GHMH1vGDpdRJoaSpCGdCcPv1IA0BkL6969df1GDUxQOWbiLajyQ5S6fVFgZ/yIbn
3SzMw7Dubig2i9xJo9laPpjjjM/gF6bBSxdhoLUKLFf0e82FCuAPXskeiW7Bc1XB
3ui4xgPNVz3THu8Ma9z/fTJRohrC8t1C/pab7TQpcQR6XkRrX5Sb/MM6TnFew7sD
5cuFT7o/DvbWT42/UP2nuNi591TIGYDJBCKBqnd0AH6Rz+VTyeRUVp4j21ExtzL0
JKmN1S+dmP5W6P1EV+ztEllKEV3N/e6r655wlDG/0y7G
-----END CERTIFICATE-----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Google, OU=Enterprise, CN=Enterprise Root CA
        Validity
            Not Before: Jan  9 22:05:07 2022 GMT
            Not After : Jan  9 22:05:07 2032 GMT
        Subject: C=US, O=Google, OU=Enterprise, CN=Enterprise Root CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ee:86:98:a4:6c:92:71:85:aa:76:16:13:85:
                    bb:d7:49:37:e5:11:03:49:73:a6:31:c6:d0:fb:27:
                    ca:70:ec:c2:d0:db:88:d7:3a:97:20:49:fd:7b:4a:
                    76:72:d0:c9:16:31:07:14:86:3b:99:67:6f:88:70:
                    fc:a7:a4:60:81:af:35:68:88:14:75:d3:cf:66:8a:
                    28:55:ac:63:98:56:91:2c:55:59:0e:ed:fe:37:2a:
                    6f:79:11:08:ca:41:c4:78:d1:d6:83:c1:35:7c:a0:
                    f4:72:db:5f:16:4f:f7:04:30:26:4b:58:99:cd:52:
                    7d:0a:91:e1:29:3d:11:3d:2f:11:1f:6b:0f:e7:95:
                    63:ef:e0:4d:c7:d6:b9:15:3a:3c:6b:51:36:eb:df:
                    55:e2:a2:e0:e2:24:a9:3e:30:3f:76:15:a8:1a:13:
                    e1:e3:b2:b5:ae:e6:59:62:a4:2b:64:74:df:82:e5:
                    a3:ac:c9:6f:c6:39:28:ec:93:57:be:17:c5:71:14:
                    85:d8:ae:1c:f7:29:94:10:6d:ad:fe:fb:ea:33:5e:
                    6e:e5:f3:8c:73:1c:50:5e:0f:57:55:c7:43:73:cc:
                    2a:56:91:35:2b:c1:c8:6e:a6:8e:c9:4b:7b:75:68:
                    87:17:3a:7a:ed:6d:54:f6:76:3c:ad:03:e0:e3:b5:
                    78:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                7C:1C:5B:E8:3E:B3:33:09:96:92:32:D8:7F:44:BF:CC:8C:93:9C:92
            X509v3 Authority Key Identifier: 
                keyid:7C:1C:5B:E8:3E:B3:33:09:96:92:32:D8:7F:44:BF:CC:8C:93:9C:92

    Signature Algorithm: sha256WithRSAEncryption
         c4:50:d2:b2:ec:3b:c9:1b:16:42:f0:a1:c5:97:26:ce:11:e4:
         d3:4e:b3:32:36:f5:9b:15:4f:3d:80:b8:07:20:89:26:43:e5:
         b7:9b:b7:37:be:a5:7c:5a:92:2e:36:b1:73:a2:35:b7:2e:d1:
         a3:55:8c:7d:99:19:43:08:8d:3a:88:78:7e:01:e3:ce:19:5d:
         7c:af:b2:4d:0b:93:08:f3:d4:b3:75:f5:d3:b5:18:9a:b0:cb:
         55:2f:b3:27:6c:38:b1:a1:75:b5:6d:c2:53:c5:91:9e:09:c7:
         b3:81:fe:2c:a8:09:0a:ec:dd:ed:d6:10:78:64:ce:c9:bd:25:
         ae:de:d8:86:68:d0:0f:ee:db:73:b6:c0:bc:7a:e4:a5:fa:30:
         b3:6c:7a:3f:e3:87:20:5c:d0:8e:78:fa:ec:ec:85:81:03:a6:
         58:c4:c8:4d:ee:cc:03:22:68:ed:a4:bb:77:a9:56:c7:9c:33:
         6a:30:c7:50:75:eb:67:3b:40:52:01:d4:67:b5:19:cd:42:d0:
         ea:f5:c3:fd:e7:a1:3a:6d:2b:22:6b:2f:61:85:9b:8e:50:8e:
         34:b9:4e:00:5d:d2:89:96:47:b3:d7:ac:eb:9a:fa:76:07:34:
         61:51:a0:2f:20:69:5e:f6:dd:06:2b:1e:c8:82:7f:ce:f0:ba:
         5c:12:ff:f2
-----BEGIN CERTIFICATE-----
MIIDfjCCAmagAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEP
MA0GA1UECgwGR29vZ2xlMRMwEQYDVQQLDApFbnRlcnByaXNlMRswGQYDVQQDDBJF
bnRlcnByaXNlIFJvb3QgQ0EwHhcNMjIwMTA5MjIwNTA3WhcNMzIwMTA5MjIwNTA3
WjBQMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGR29vZ2xlMRMwEQYDVQQLDApFbnRl
cnByaXNlMRswGQYDVQQDDBJFbnRlcnByaXNlIFJvb3QgQ0EwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDe7oaYpGyScYWqdhYThbvXSTflEQNJc6YxxtD7
J8pw7MLQ24jXOpcgSf17SnZy0MkWMQcUhjuZZ2+IcPynpGCBrzVoiBR1089miihV
rGOYVpEsVVkO7f43Km95EQjKQcR40daDwTV8oPRy218WT/cEMCZLWJnNUn0KkeEp
PRE9LxEfaw/nlWPv4E3H1rkVOjxrUTbr31XiouDiJKk+MD92FagaE+HjsrWu5lli
pCtkdN+C5aOsyW/GOSjsk1e+F8VxFIXYrhz3KZQQba3+++ozXm7l84xzHFBeD1dV
x0NzzCpWkTUrwchupo7JS3t1aIcXOnrtbVT2djytA+DjtXj9AgMBAAGjYzBhMA4G
A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR8HFvoPrMz
CZaSMth/RL/MjJOckjAfBgNVHSMEGDAWgBR8HFvoPrMzCZaSMth/RL/MjJOckjAN
BgkqhkiG9w0BAQsFAAOCAQEAxFDSsuw7yRsWQvChxZcmzhHk006zMjb1mxVPPYC4
ByCJJkPlt5u3N76lfFqSLjaxc6I1ty7Ro1WMfZkZQwiNOoh4fgHjzhldfK+yTQuT
CPPUs3X107UYmrDLVS+zJ2w4saF1tW3CU8WRngnHs4H+LKgJCuzd7dYQeGTOyb0l
rt7YhmjQD+7bc7bAvHrkpfows2x6P+OHIFzQjnj67OyFgQOmWMTITe7MAyJo7aS7
d6lWx5wzajDHUHXrZztAUgHUZ7UZzULQ6vXD/eehOm0rImsvYYWbjlCONLlOAF3S
iZZHs9es65r6dgc0YVGgLyBpXvbdBiseyIJ/zvC6XBL/8g==
-----END CERTIFICATE-----

envoy.crt

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14 (0xe)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Google, OU=Enterprise, CN=Enterprise Subordinate CA
        Validity
            Not Before: May 19 14:13:07 2022 GMT
            Not After : Aug 26 14:13:07 2024 GMT
        Subject: C=US, O=Google, OU=Enterprise, CN=envoy.yourdomain.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:9f:6d:a6:a8:46:9a:2f:f0:50:f7:27:ec:cc:
                    2c:43:fc:4d:06:64:3b:24:b2:14:46:04:df:65:6c:
                    a8:bc:e1:f3:8c:18:30:1b:df:37:61:95:53:11:70:
                    bc:9f:38:15:a0:20:58:a9:17:cd:0d:06:ee:21:1e:
                    e4:9a:64:1e:fa:a2:f8:b2:04:ca:9a:d6:36:80:bc:
                    77:d5:ea:99:6b:06:b2:eb:f9:f9:ba:dd:93:f6:7c:
                    61:40:4d:f1:32:20:fe:66:b7:24:27:73:e3:85:f4:
                    38:0a:9a:e8:6d:92:9a:dd:d9:13:13:12:57:81:6b:
                    50:20:fe:ae:c0:d4:12:ce:e7:e2:eb:9b:ed:a7:40:
                    d4:3b:fa:30:c0:ec:5f:e5:2c:39:45:c6:93:e8:4e:
                    b8:d0:6d:52:41:4d:e4:c5:53:63:5e:80:18:19:fe:
                    3f:95:72:de:f6:06:39:98:5d:f3:7b:bd:7d:0a:f9:
                    2c:45:58:9b:dc:0e:39:10:c7:65:80:55:3d:77:72:
                    3d:77:de:f7:28:08:a4:02:2e:0a:77:ce:d4:4f:9c:
                    f0:d0:3a:a5:61:60:5a:1e:b7:b8:79:36:6a:b2:e7:
                    4d:e9:f2:71:1b:bc:c7:69:c6:8f:71:39:39:d6:33:
                    47:1a:85:cd:ef:c3:15:25:47:c4:a9:03:c5:c0:17:
                    29:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Subject Key Identifier: 
                31:79:43:6B:F8:65:B2:7F:06:CD:7D:A0:2B:A6:EE:16:16:BC:E9:CD
            X509v3 Authority Key Identifier: 
                keyid:B7:BA:B0:02:A1:E7:BE:34:C6:C1:05:5C:66:78:E5:BB:53:5D:A1:54

            Authority Information Access: 
                CA Issuers - URI:http://pki.esodemoapp2.com/ca/tls-ca.cer

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://pki.esodemoapp2.com/ca/tls-ca.crl

            X509v3 Subject Alternative Name: 
                DNS:envoy.yourdomain.com
    Signature Algorithm: sha256WithRSAEncryption
         04:bc:95:ca:ca:76:55:3d:8c:7b:d6:b9:76:b5:0c:f3:ce:30:
         89:da:8a:7b:5c:a1:13:13:26:69:47:d0:b1:95:fb:98:8b:18:
         b7:e7:4f:c5:56:a6:9b:b8:66:5f:59:77:1a:06:ea:fb:63:b4:
         22:bb:da:41:e7:67:f6:b9:35:bb:4a:8d:c4:70:50:29:de:f0:
         e8:9e:2d:c6:2d:49:48:3f:ba:a2:9b:d7:62:50:a8:38:8a:6c:
         d2:fc:6a:2b:24:69:6c:fc:a2:ee:fc:b4:0b:53:1a:ad:4f:3c:
         b1:25:01:05:e5:1b:f6:2b:77:3c:f6:59:c9:b8:d8:91:45:9b:
         9b:7e:7d:50:bc:2c:07:96:48:b6:e3:21:a8:26:89:9f:58:18:
         ff:d0:1e:0f:d8:f2:b7:60:32:0a:67:92:eb:5a:35:31:85:96:
         26:86:fa:e2:c7:56:32:58:2e:a1:5f:d6:82:e4:fc:0c:c9:6e:
         6c:a2:30:f5:0d:43:ce:b5:bd:0e:10:9a:fa:4d:e7:ec:7d:8f:
         29:0b:d7:2a:05:ee:15:fc:72:18:84:70:24:3f:2e:3a:9b:74:
         c8:73:2d:13:6d:37:0a:ca:ba:a5:c9:01:89:84:df:5b:89:6c:
         80:94:67:35:d0:fb:19:d7:64:7a:70:30:ba:c3:83:e2:53:e5:
         02:f8:48:f3
-----BEGIN CERTIFICATE-----
MIIEPDCCAySgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEP
MA0GA1UECgwGR29vZ2xlMRMwEQYDVQQLDApFbnRlcnByaXNlMSIwIAYDVQQDDBlF
bnRlcnByaXNlIFN1Ym9yZGluYXRlIENBMB4XDTIyMDUxOTE0MTMwN1oXDTI0MDgy
NjE0MTMwN1owUjELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkdvb2dsZTETMBEGA1UE
CwwKRW50ZXJwcmlzZTEdMBsGA1UEAwwUZW52b3kueW91cmRvbWFpbi5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbn22mqEaaL/BQ9yfszCxD/E0G
ZDskshRGBN9lbKi84fOMGDAb3zdhlVMRcLyfOBWgIFipF80NBu4hHuSaZB76oviy
BMqa1jaAvHfV6plrBrLr+fm63ZP2fGFATfEyIP5mtyQnc+OF9DgKmuhtkprd2RMT
EleBa1Ag/q7A1BLO5+Lrm+2nQNQ7+jDA7F/lLDlFxpPoTrjQbVJBTeTFU2NegBgZ
/j+Vct72BjmYXfN7vX0K+SxFWJvcDjkQx2WAVT13cj133vcoCKQCLgp3ztRPnPDQ
OqVhYFoet7h5Nmqy503p8nEbvMdpxo9xOTnWM0cahc3vwxUlR8SpA8XAFymnAgMB
AAGjggEWMIIBEjAOBgNVHQ8BAf8EBAMCB4AwCQYDVR0TBAIwADATBgNVHSUEDDAK
BggrBgEFBQcDATAdBgNVHQ4EFgQUMXlDa/hlsn8GzX2gK6buFha86c0wHwYDVR0j
BBgwFoAUt7qwAqHnvjTGwQVcZnjlu1NdoVQwRAYIKwYBBQUHAQEEODA2MDQGCCsG
AQUFBzAChihodHRwOi8vcGtpLmVzb2RlbW9hcHAyLmNvbS9jYS90bHMtY2EuY2Vy
MDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9wa2kuZXNvZGVtb2FwcDIuY29tL2Nh
L3Rscy1jYS5jcmwwHwYDVR0RBBgwFoIUZW52b3kueW91cmRvbWFpbi5jb20wDQYJ
KoZIhvcNAQELBQADggEBAAS8lcrKdlU9jHvWuXa1DPPOMInaintcoRMTJmlH0LGV
+5iLGLfnT8VWppu4Zl9ZdxoG6vtjtCK72kHnZ/a5NbtKjcRwUCne8OieLcYtSUg/
uqKb12JQqDiKbNL8aiskaWz8ou78tAtTGq1PPLElAQXlG/Yrdzz2Wcm42JFFm5t+
fVC8LAeWSLbjIagmiZ9YGP/QHg/Y8rdgMgpnkutaNTGFliaG+uLHVjJYLqFf1oLk
/AzJbmyiMPUNQ861vQ4QmvpN5+x9jykL1yoF7hX8chiEcCQ/LjqbdMhzLRNtNwrK
uqXJAYmE31uJbICUZzXQ+xnXZHpwMLrDg+JT5QL4SPM=
-----END CERTIFICATE-----

envoy.key

googleapis.crt

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 46 (0x2e)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Google, OU=Enterprise, CN=Enterprise Subordinate CA
        Validity
            Not Before: Oct 20 14:28:01 2022 GMT
            Not After : Jan 27 14:28:01 2025 GMT
        Subject: C=US, O=Google, OU=Enterprise, CN=*.googleapis.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c6:b9:e6:d6:03:eb:63:bd:89:26:2c:cb:d2:1a:
                    00:a7:c2:8d:8a:57:b4:e1:17:0d:38:1f:a9:85:9d:
                    b1:cb:f0:75:c2:ec:07:12:42:0b:e3:8f:be:5b:f0:
                    34:f4:d4:ce:a4:07:f7:c4:eb:db:f3:a1:c0:9f:11:
                    9a:04:71:c3:20:2d:56:54:c7:6d:fa:62:c1:4b:b1:
                    4c:96:ef:d1:9e:1e:5f:e8:e4:26:a3:2d:16:76:b3:
                    0a:d4:6c:9d:3d:03:8c:4d:ec:a0:99:82:60:38:e0:
                    4b:92:21:de:1d:79:7c:59:94:bb:da:9f:da:03:0e:
                    4a:28:1f:9e:ed:d9:d3:7c:07:8d:6f:da:c2:1e:bc:
                    2b:fd:58:f9:c8:2e:a4:35:b4:4a:29:f8:81:b8:01:
                    29:fa:22:46:c5:4d:d1:49:56:42:b1:cf:f5:0e:a8:
                    47:3f:93:64:0d:41:ab:96:2d:78:3b:f0:e1:40:f0:
                    b3:32:6e:7a:79:54:67:27:7a:61:a6:c8:40:4b:1e:
                    84:74:dd:a4:12:d6:cc:86:7c:97:c7:86:60:c0:31:
                    c0:bf:1b:4c:05:99:ea:5e:e8:68:5f:38:14:85:d6:
                    e8:a7:0d:d6:7d:27:1c:78:93:41:15:f6:ce:4f:6c:
                    a9:e7:10:eb:25:c9:3b:71:53:02:26:02:86:8d:66:
                    44:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Subject Key Identifier: 
                E4:D9:17:B6:A2:E7:26:3E:3D:46:2C:CF:05:CF:BD:C9:84:71:83:68
            X509v3 Authority Key Identifier: 
                B7:BA:B0:02:A1:E7:BE:34:C6:C1:05:5C:66:78:E5:BB:53:5D:A1:54
            Authority Information Access: 
                CA Issuers - URI:http://pki.esodemoapp2.com/ca/tls-ca.cer
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://pki.esodemoapp2.com/ca/tls-ca.crl
            X509v3 Subject Alternative Name: 
                DNS:pubsub.googleapis.com, DNS:storage.googleapis.com
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        0c:55:6d:07:c9:33:02:72:06:41:bb:92:15:19:c2:72:47:36:
        09:89:0b:13:05:82:70:9f:5d:de:6a:e9:d6:8b:4b:b3:b7:11:
        f2:97:d0:73:5c:54:1d:ee:d9:cd:af:8a:f3:fb:ac:12:3c:3a:
        4b:cf:e2:a5:67:83:8b:b5:29:8e:dc:26:0c:fb:12:b6:9b:e9:
        68:cf:20:c3:fd:0e:a8:07:17:b2:e9:fd:3a:9d:55:c6:3a:b4:
        e7:7b:55:68:96:c0:b5:9a:0d:67:26:14:55:37:a8:51:a0:14:
        76:37:60:a1:45:45:f3:94:bd:f2:5b:29:77:33:40:1e:76:48:
        9c:7c:42:4c:b1:3f:a9:ce:a3:fe:d6:09:76:9e:51:2a:67:a2:
        51:29:45:ee:c7:89:f1:3e:6e:77:4d:23:7f:98:c1:4b:a2:ed:
        64:6c:7b:f0:34:01:8e:1e:f2:c5:47:ed:fc:c6:08:b6:f0:de:
        ff:87:43:e9:dc:9e:76:43:ea:24:85:0b:5d:ad:b7:e3:8a:42:
        9b:09:ad:b2:f7:59:9f:e9:25:f9:60:b5:00:aa:2b:c7:3e:01:
        eb:29:e5:3a:5d:91:79:85:bb:45:c8:62:bb:a3:86:21:92:36:
        d1:25:3d:85:d8:9f:e2:aa:e6:76:7d:4b:b6:2e:b8:56:f2:8f:
        ef:aa:4a:c0
-----BEGIN CERTIFICATE-----
MIIEUTCCAzmgAwIBAgIBLjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEP
MA0GA1UECgwGR29vZ2xlMRMwEQYDVQQLDApFbnRlcnByaXNlMSIwIAYDVQQDDBlF
bnRlcnByaXNlIFN1Ym9yZGluYXRlIENBMB4XDTIyMTAyMDE0MjgwMVoXDTI1MDEy
NzE0MjgwMVowTjELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkdvb2dsZTETMBEGA1UE
CwwKRW50ZXJwcmlzZTEZMBcGA1UEAwwQKi5nb29nbGVhcGlzLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMa55tYD62O9iSYsy9IaAKfCjYpXtOEX
DTgfqYWdscvwdcLsBxJCC+OPvlvwNPTUzqQH98Tr2/OhwJ8RmgRxwyAtVlTHbfpi
wUuxTJbv0Z4eX+jkJqMtFnazCtRsnT0DjE3soJmCYDjgS5Ih3h15fFmUu9qf2gMO
Sigfnu3Z03wHjW/awh68K/1Y+cgupDW0Sin4gbgBKfoiRsVN0UlWQrHP9Q6oRz+T
ZA1Bq5YteDvw4UDwszJuenlUZyd6YabIQEsehHTdpBLWzIZ8l8eGYMAxwL8bTAWZ
6l7oaF84FIXW6KcN1n0nHHiTQRX2zk9sqecQ6yXJO3FTAiYCho1mRBkCAwEAAaOC
AS8wggErMA4GA1UdDwEB/wQEAwIHgDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMB0GA1UdDgQWBBTk2Re2oucmPj1GLM8Fz73JhHGDaDAfBgNVHSMEGDAW
gBS3urACoee+NMbBBVxmeOW7U12hVDBEBggrBgEFBQcBAQQ4MDYwNAYIKwYBBQUH
MAKGKGh0dHA6Ly9wa2kuZXNvZGVtb2FwcDIuY29tL2NhL3Rscy1jYS5jZXIwOQYD
VR0fBDIwMDAuoCygKoYoaHR0cDovL3BraS5lc29kZW1vYXBwMi5jb20vY2EvdGxz
LWNhLmNybDA4BgNVHREEMTAvghVwdWJzdWIuZ29vZ2xlYXBpcy5jb22CFnN0b3Jh
Z2UuZ29vZ2xlYXBpcy5jb20wDQYJKoZIhvcNAQELBQADggEBAAxVbQfJMwJyBkG7
khUZwnJHNgmJCxMFgnCfXd5q6daLS7O3EfKX0HNcVB3u2c2vivP7rBI8OkvP4qVn
g4u1KY7cJgz7Erab6WjPIMP9DqgHF7Lp/TqdVcY6tOd7VWiWwLWaDWcmFFU3qFGg
FHY3YKFFRfOUvfJbKXczQB52SJx8QkyxP6nOo/7WCXaeUSpnolEpRe7HifE+bndN
I3+YwUui7WRse/A0AY4e8sVH7fzGCLbw3v+HQ+ncnnZD6iSFC12tt+OKQpsJrbL3
WZ/pJflgtQCqK8c+Aesp5TpdkXmFu0XIYrujhiGSNtElPYXYn+Kq5nZ9S7YuuFby
j++qSsA=
-----END CERTIFICATE-----

googleapis.key

httpbin.crt

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Google, OU=Enterprise, CN=Enterprise Subordinate CA
        Validity
            Not Before: May  1 21:21:44 2022 GMT
            Not After : Aug  8 21:21:44 2024 GMT
        Subject: C=US, O=Google, OU=Enterprise, CN=httpbin.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c8:68:ac:fd:29:ca:17:79:40:4f:fd:66:4d:
                    53:bb:e6:ca:f1:07:3c:dc:e8:a5:19:8e:8d:0a:03:
                    e5:83:98:bd:df:16:2e:bc:61:fb:c3:2f:b1:82:47:
                    1d:fc:a6:e1:9b:55:39:f0:d0:3b:07:8a:30:cf:a0:
                    ed:89:57:87:2b:09:15:7e:20:67:a7:6e:fd:53:36:
                    2a:17:7a:06:6b:e9:1b:de:1e:2c:03:2f:1b:3e:63:
                    4b:46:fd:3d:6e:0b:dd:95:b9:ce:31:c1:57:22:96:
                    63:c7:ae:78:3b:90:85:8f:bc:ee:81:8b:40:f6:b4:
                    f4:5d:be:1b:6d:52:fd:d8:15:a0:8e:f5:81:45:af:
                    a4:b0:6f:77:73:c7:e3:bc:46:0b:dd:6d:41:cd:8b:
                    f9:83:a3:8b:e0:86:5e:29:f6:44:60:8e:c8:6e:6a:
                    5b:c1:dc:31:b8:36:92:bd:00:1d:81:e7:f7:61:1f:
                    da:96:56:3d:14:bb:21:68:52:b8:d2:69:9b:7a:ef:
                    f2:26:4e:64:17:f5:7a:38:54:81:1a:4c:4b:6d:ae:
                    ec:c9:1b:de:4e:a5:c0:24:82:01:a1:bc:a1:9c:38:
                    d2:af:6d:58:09:1a:ea:8e:e1:09:8a:5f:c0:24:b8:
                    21:f6:f7:ab:ff:59:30:f4:e1:24:be:e5:9e:0b:13:
                    66:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Subject Key Identifier: 
                59:E2:4F:A9:54:0B:7D:0F:9C:C8:85:6F:17:F6:5C:54:B8:7E:53:07
            X509v3 Authority Key Identifier: 
                keyid:B7:BA:B0:02:A1:E7:BE:34:C6:C1:05:5C:66:78:E5:BB:53:5D:A1:54

            Authority Information Access: 
                CA Issuers - URI:http://pki.esodemoapp2.com/ca/tls-ca.cer

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://pki.esodemoapp2.com/ca/tls-ca.crl

            X509v3 Subject Alternative Name: 
                DNS:httpbin.org
    Signature Algorithm: sha256WithRSAEncryption
         b9:6e:fc:65:c2:48:f6:e6:02:e1:64:68:9b:3a:d1:1e:9c:6f:
         e9:a4:a8:70:ef:85:10:b9:c5:6a:c5:2a:cd:95:67:b8:9c:d9:
         72:6d:78:07:a4:cf:45:a5:47:4a:d3:76:62:9c:f7:67:38:43:
         0c:45:00:86:04:0d:52:52:cd:1c:f6:91:71:12:97:e4:5d:db:
         10:8a:8f:bb:74:5b:da:5b:4b:95:bd:72:70:f9:a9:03:e0:f4:
         af:14:80:25:5b:82:c4:0e:58:dc:f2:d6:8f:e6:8c:70:a9:39:
         c7:17:fb:f0:70:42:ac:ca:df:84:08:0b:c0:44:5a:12:c4:83:
         59:b3:89:51:88:f8:ed:c7:4c:1b:6c:e7:6e:fd:2b:3e:a0:45:
         c6:71:e7:81:47:0a:32:bc:0d:4a:5b:d3:61:2d:06:fd:60:43:
         bd:f4:d5:2d:91:35:7a:66:37:a1:d2:86:1b:e2:bf:34:ba:1b:
         6d:d8:32:56:06:f0:13:e6:8b:bb:ba:a4:a7:3a:06:65:3f:32:
         4f:39:f9:92:27:00:6a:3a:97:5b:9f:d5:e6:51:cd:c3:50:46:
         15:e9:b6:df:90:0a:44:e0:bd:55:05:64:56:bf:3a:cb:a2:26:
         dd:7c:4a:54:d5:ff:16:a9:78:33:1a:dd:33:1a:12:95:16:26:
         c0:b8:67:6c
-----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEP
MA0GA1UECgwGR29vZ2xlMRMwEQYDVQQLDApFbnRlcnByaXNlMSIwIAYDVQQDDBlF
bnRlcnByaXNlIFN1Ym9yZGluYXRlIENBMB4XDTIyMDUwMTIxMjE0NFoXDTI0MDgw
ODIxMjE0NFowSTELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkdvb2dsZTETMBEGA1UE
CwwKRW50ZXJwcmlzZTEUMBIGA1UEAwwLaHR0cGJpbi5vcmcwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDFyGis/SnKF3lAT/1mTVO75srxBzzc6KUZjo0K
A+WDmL3fFi68YfvDL7GCRx38puGbVTnw0DsHijDPoO2JV4crCRV+IGenbv1TNioX
egZr6RveHiwDLxs+Y0tG/T1uC92Vuc4xwVcilmPHrng7kIWPvO6Bi0D2tPRdvhtt
Uv3YFaCO9YFFr6Swb3dzx+O8RgvdbUHNi/mDo4vghl4p9kRgjshualvB3DG4NpK9
AB2B5/dhH9qWVj0UuyFoUrjSaZt67/ImTmQX9Xo4VIEaTEttruzJG95OpcAkggGh
vKGcONKvbVgJGuqO4QmKX8AkuCH296v/WTD04SS+5Z4LE2b9AgMBAAGjggENMIIB
CTAOBgNVHQ8BAf8EBAMCB4AwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
ATAdBgNVHQ4EFgQUWeJPqVQLfQ+cyIVvF/ZcVLh+UwcwHwYDVR0jBBgwFoAUt7qw
AqHnvjTGwQVcZnjlu1NdoVQwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAChiho
dHRwOi8vcGtpLmVzb2RlbW9hcHAyLmNvbS9jYS90bHMtY2EuY2VyMDkGA1UdHwQy
MDAwLqAsoCqGKGh0dHA6Ly9wa2kuZXNvZGVtb2FwcDIuY29tL2NhL3Rscy1jYS5j
cmwwFgYDVR0RBA8wDYILaHR0cGJpbi5vcmcwDQYJKoZIhvcNAQELBQADggEBALlu
/GXCSPbmAuFkaJs60R6cb+mkqHDvhRC5xWrFKs2VZ7ic2XJteAekz0WlR0rTdmKc
92c4QwxFAIYEDVJSzRz2kXESl+Rd2xCKj7t0W9pbS5W9cnD5qQPg9K8UgCVbgsQO
WNzy1o/mjHCpOccX+/BwQqzK34QIC8BEWhLEg1mziVGI+O3HTBts5279Kz6gRcZx
54FHCjK8DUpb02EtBv1gQ7301S2RNXpmN6HShhvivzS6G23YMlYG8BPmi7u6pKc6
BmU/Mk85+ZInAGo6l1uf1eZRzcNQRhXptt+QCkTgvVUFZFa/OsuiJt18SlTV/xap
eDMa3TMaEpUWJsC4Z2w=
-----END CERTIFICATE-----

httpbin.key

	node:
	cluster: service_greeter
	id: test-id

	admin:
	access_log_path: /dev/null
	address:
	socket_address:
	address: 0.0.0.0
	port_value: 9000


	static_resources:
	listeners:
	- name: listener_0
	address:
	socket_address: { address: 0.0.0.0, port_value: 8081 }
	listener_filters:
	- name: envoy.filters.listener.tls_inspector
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
	- name: envoy.filters.listener.http_inspector
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector
	filter_chains:
	- filter_chain_match:
	server_names: ["pubsub.googleapis.com"]
	transport_socket:
	name: envoy.transport_sockets.tls
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
	common_tls_context:
	tls_certificates:
	- certificate_chain:
	filename: certs/googleapis.crt
	private_key:
	filename: certs/googleapis.key
	filters:
	- name: envoy.filters.network.http_connection_manager
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
	stat_prefix: ingress_http
	http2_protocol_options: {}
	codec_type: AUTO
	route_config:
	request_headers_to_add:
	- header:
	key: "x-goog-header"
	value: "value"
	virtual_hosts:
	- name: pubsub_service
	domains: ["pubsub.googleapis.com"]
	routes:
	- match:
	path: "/google.pubsub.v1.Publisher/Publish"
	grpc: {}
	route:
	cluster: dynamic_forward_proxy_cluster
	typed_per_filter_config:
	envoy.filters.http.dynamic_forward_proxy:
	'@type': type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig


	http_filters:
	- name: envoy.filters.http.dynamic_forward_proxy
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.FilterConfig
	dns_cache_config:
	name: dynamic_forward_proxy_cache_config
	dns_lookup_family: V4_ONLY
	- name: envoy.filters.http.router
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router


	- filter_chain_match:
	server_names: ["httpbin.org"]
	transport_socket:
	name: envoy.transport_sockets.tls
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
	common_tls_context:
	tls_certificates:
	- certificate_chain:
	filename: certs/httpbin.crt
	private_key:
	filename: certs/httpbin.key
	filters:
	- name: envoy.filters.network.http_connection_manager
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
	stat_prefix: ingress_http
	route_config:
	request_headers_to_add:
	- header:
	key: "x-foo"
	value: "bar"
	virtual_hosts:
	- name: httpbin_service
	domains: ["httpbin.org"]
	routes:
	- match:
	path: "/get"
	route:
	cluster: dynamic_forward_proxy_cluster
	typed_per_filter_config:
	envoy.filters.http.dynamic_forward_proxy:
	'@type': type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig
	http_filters:
	- name: envoy.filters.http.dynamic_forward_proxy
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.FilterConfig
	dns_cache_config:
	name: dynamic_forward_proxy_cache_config
	dns_lookup_family: V4_ONLY
	- name: envoy.filters.http.router
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
	- filters:
	- name: envoy.filters.network.http_connection_manager
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
	stat_prefix: ingress_healthz
	codec_type: AUTO
	route_config:
	name: local_route
	virtual_hosts:
	- name: local_service
	domains: ["localhost"]
	routes:
	- match:
	prefix: "/healthz"
	direct_response:
	status: 200
	http_filters:
	- name: envoy.filters.http.router
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
	transport_socket:
	name: envoy.transport_sockets.tls
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
	common_tls_context:
	tls_certificates:
	- certificate_chain:
	filename: certs/envoy.crt
	private_key:
	filename: certs/envoy.key

	clusters:
	- name: dynamic_forward_proxy_cluster
	lb_policy: CLUSTER_PROVIDED
	connect_timeout: 5s
	http2_protocol_options: {}
	cluster_type:
	name: envoy.clusters.dynamic_forward_proxy
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig
	dns_cache_config:
	name: dynamic_forward_proxy_cache_config
	dns_lookup_family: V4_ONLY
	transport_socket:
	name: envoy.transport_sockets.tls
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
	common_tls_context:
	validation_context:
	trusted_ca:
	filename: /etc/ssl/certs/ca-certificates.crt

salrashid123/envoy.yaml

salrashid123 commented Oct 20, 2022

Uh oh!