Functions/Enable-SstpOffload.ps1
|
<#
.SYNOPSIS PowerShell script to enable TLS offloading for Windows Server Routing and Remote Access (RRAS) Secure Socket Tunneling Protocol (SSTP) VPN connections. .PARAMETER Computername The name of the server on which to enable TLS offloading. .PARAMETER CertificateHash The SHA-256 hash of the TLS certificate installed on the device performing TLS offloading. .PARAMETER Restart Restarts the RemoteAccess service to complete the configuration change. .EXAMPLE .\Enable-SstpOffload.ps1 -ComputerName VPN1 -CertificateHash '5CE8598EEAE7416264F33808A47D676D4E12BF0740143D4FF1C8904D83CA3946' -Restart Running this command will enable TLS offload for SSTP VPN connections on the server 'VPN1' using a TLS certificate with a SHA-256 has of '5CE8598EEAE7416264F33808A47D676D4E12BF0740143D4FF1C8904D83CA3946'. The RemoteAccess service will be restarted once complete. .DESCRIPTION Windows Server RRAS SSTP can be configured to support TLS offload with an external load balancer, firewall, or other network device. To detect and prevent interception of SSTP VPN connections by an attacker, the client and server validate the TLS certificate used to establish the connection. If the TLS certificate is not installed on the VPN server, it must be added to the registry. This PowerShell script enables TLS offload for SSTP and adds the TLS certificate has to the registry as required. .LINK https://directaccess.richardhicks.com/2019/02/18/always-on-vpn-sstp-load-balancing-and-ssl-offload/ .NOTES Version: 1.1 Creation Date: May 14, 2019 Last Updated: August 12, 2021 Author: Richard Hicks Organization: Richard M. Hicks Consulting, Inc. Contact: rich@richardhicks.com Web Site: https://directaccess.richardhicks.com/ #> Function Enable-SstpOffload { [CmdletBinding(SupportsShouldProcess)] [Outputtype("None", "PSCustomObject")] Param ( [Parameter(Position = 0, ValueFromPipelineByPropertyName, HelpMessage = "Enter the name of the remote RRAS server.")] [ValidateNotNullOrEmpty()] [string[]]$Computername = $env:computername, [Parameter(Position = 1, Mandatory, HelpMessage = "Enter the SHA2 certificate hash", ValueFromPipelineByPropertyName)] [ValidateNotNullorEmpty()] # // The hash value must be 64 characters long [ValidateScript( { $_.length -eq 64 })] [Alias("Hash")] [string]$CertificateHash, [switch]$Restart, [Parameter(HelpMessage = "Enter an optional credential in the form domain\username or machine\username")] [ValidateNotNullorEmpty()] [string]$Authentication = "Default", [switch]$UseSSL, [switch]$Passthru ) Begin { $RegPath = "HKLM:\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters" $sb = { Param([string]$RegPath, [string]$CertificateHash, [bool]$Restart, [bool]$Passthru) Try { $VerbosePreference = $using:verbosepreference } Catch { Write-Verbose "Using local Verbose preference" } Try { $whatifpreference = $using:whatifpreference } Catch { Write-Verbose "Using local Whatif preference" } # // Validate this registry path exists If (Test-Path -Path $regPath) { Write-Verbose "Updating $regpath..." Write-Verbose "Creating CertBinary from $CertificateHash..." $CertBinary = @() For ($i = 0; $i -lt $CertificateHash.Length ; $i += 2) { $CertBinary += [Byte]::Parse($CertificateHash.Substring($i, 2), [System.Globalization.NumberStyles]::HexNumber) } # // Use transactions when modifying the registry so that if any change fails the entire transaction fails If (-Not $whatifpreference) { Start-Transaction -RollbackPreference TerminatingError } # // Define a hashtable of parameter values to splat to New-ItemProperty Write-Verbose "Setting SstpSvc parameter values..." $newParams = @{ Path = $regPath Force = $True PropertyType = "DWORD" Name = "" Value = "" WhatIf = $whatifpreference ErrorAction = "stop" } If (-Not $whatifpreference) { $newParams.Add("UseTransaction", $True) } $newParams | Out-String | Write-Verbose $newParams.name = 'UseHttps' $newParams.value = 0 Try { Write-Verbose "Create new item property $($newparams.name) with a value of $($newparams.value)" New-ItemProperty @newParams | Out-Null } Catch { Throw $_ } $newParams.name = 'isHashConfiguredByAdmin' $newParams.value = 1 Try { Write-Verbose "Create new item property $($newparams.name) with a value of $($newparams.value)" New-ItemProperty @newParams | Out-Null } Catch { Throw $_ } $newParams.name = 'SHA256CertificateHash' $newParams.value = $CertBinary $newParams.PropertyType = "binary" Try { Write-Verbose "Creating new item property SHA256CertificateHash..." New-ItemProperty @newParams | Out-Null } Catch { Throw $_ } # // If registry entry SHA1CertificateHash exists, delete it Try { $key = Get-ItemProperty -path $RegPath -name SHA1CertificateHash -ErrorAction Stop If ($key) { Write-Verbose "Removing SHA1CertificateHash..." $rmParams = @{ Path = $RegPath Name = "SHA1CertificateHash" ErrorAction = "Stop" } If (-Not $whatifpreference) { $rmParams.Add("UseTransaction", $True) } Remove-ItemProperty @rmParams } } Catch { # // Ignore the error if the registry value is not found Write-Verbose "SHA1CertificateHash key not found." } If (-Not $whatifpreference) { Complete-Transaction } If (-Not $WhatifPreference) { # // Set a flag to indicate registry changes where successful so that -Passthru and service message are only displayed if this is true Write-Verbose "Validating changes..." If ( (Get-ItempropertyValue -path $regpath -name IsHashConfiguredByAdmin) -eq 1) { Write-Verbose "Registry changes successful." If ($Restart) { Write-Verbose "Restarting RemoteAccess service on $env:computername..." Restart-Service -Name RemoteAccess -Force } Else { Write-Warning 'The RemoteAccess service must be restarted for changes to take effect.' } If ($Passthru) { Get-ItemProperty -Path $regPath | Select-Object -Property UseHttps, isHashConfiguredByAdmin, @{Name = "SHA1Hash"; Expression = { [System.BitConverter]::ToString($_.SHA1CertificateHash) -replace "-", "" } }, @{Name = "SHA256Hash"; Expression = { [System.BitConverter]::ToString($_.SHA256CertificateHash) -replace "-", "" } }, @{Name = "Computername"; Expression = { $env:computername } } } } # // If validated Else { Write-Error "Registry changes failed. $($_.Exception.Message)" } } # // Should process Else { Write-Verbose "The RemoteAccess service must also be restarted." } } # // If registry path found Else { Write-Warning "Can't find registry path $($regpath)." } } # // Close scriptblock # // Define a set of parameter values to splat to Invoke-Command $icmParams = @{ Scriptblock = $sb ArgumentList = "" ErrorAction = "Stop" } } # // Begin Process { ForEach ($computer in $computername) { $icmParams.ArgumentList = @($regPath, $CertificateHash, $restart, $passthru) # // Only use -Computername if querying a remote computer If ($Computername -ne $env:computername) { Write-Verbose "Using remote parameters..." $icmParams.Computername = $computer $icmParams.HideComputername = $True $icmParams.Authentication = $Authentication If ($pscredential.username) { Write-Verbose "Adding an alternate credential for $($pscredential.username)..." $icmParams.Add("Credential", $PSCredential) } If ($UseSSL) { Write-Verbose "Using SSL." $icmParams.Add("UseSSL", $True) } Write-Verbose "Using $Authentication authentication." } $icmParams | Out-String | Write-Verbose Write-Verbose "Modifying $($computer.toUpper())..." Try { # // Display result without the runspace ID Invoke-Command @icmParams | Select-Object -Property * -ExcludeProperty RunspaceID } Catch { Throw $_ } } # // ForEach } # // Process } # SIG # Begin signature block # MIIhjgYJKoZIhvcNAQcCoIIhfzCCIXsCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUYkhrCjPlbKovJ8YbLJ3ySUfU # La2gghs2MIIGrjCCBJagAwIBAgIQBzY3tyRUfNhHrP0oZipeWzANBgkqhkiG9w0B # AQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD # VQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVk # IFJvb3QgRzQwHhcNMjIwMzIzMDAwMDAwWhcNMzcwMzIyMjM1OTU5WjBjMQswCQYD # VQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lD # ZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBMIIC # IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxoY1BkmzwT1ySVFVxyUDxPKR # N6mXUaHW0oPRnkyibaCwzIP5WvYRoUQVQl+kiPNo+n3znIkLf50fng8zH1ATCyZz # lm34V6gCff1DtITaEfFzsbPuK4CEiiIY3+vaPcQXf6sZKz5C3GeO6lE98NZW1Oco # LevTsbV15x8GZY2UKdPZ7Gnf2ZCHRgB720RBidx8ald68Dd5n12sy+iEZLRS8nZH # 92GDGd1ftFQLIWhuNyG7QKxfst5Kfc71ORJn7w6lY2zkpsUdzTYNXNXmG6jBZHRA # p8ByxbpOH7G1WE15/tePc5OsLDnipUjW8LAxE6lXKZYnLvWHpo9OdhVVJnCYJn+g # GkcgQ+NDY4B7dW4nJZCYOjgRs/b2nuY7W+yB3iIU2YIqx5K/oN7jPqJz+ucfWmyU # 8lKVEStYdEAoq3NDzt9KoRxrOMUp88qqlnNCaJ+2RrOdOqPVA+C/8KI8ykLcGEh/ # FDTP0kyr75s9/g64ZCr6dSgkQe1CvwWcZklSUPRR8zZJTYsg0ixXNXkrqPNFYLwj # jVj33GHek/45wPmyMKVM1+mYSlg+0wOI/rOP015LdhJRk8mMDDtbiiKowSYI+RQQ # EgN9XyO7ZONj4KbhPvbCdLI/Hgl27KtdRnXiYKNYCQEoAA6EVO7O6V3IXjASvUae # tdN2udIOa5kM0jO0zbECAwEAAaOCAV0wggFZMBIGA1UdEwEB/wQIMAYBAf8CAQAw # HQYDVR0OBBYEFLoW2W1NhS9zKXaaL3WMaiCPnshvMB8GA1UdIwQYMBaAFOzX44LS # cV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEF # BQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp # Z2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu # Y29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYy # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5j # cmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEB # CwUAA4ICAQB9WY7Ak7ZvmKlEIgF+ZtbYIULhsBguEE0TzzBTzr8Y+8dQXeJLKftw # ig2qKWn8acHPHQfpPmDI2AvlXFvXbYf6hCAlNDFnzbYSlm/EUExiHQwIgqgWvalW # zxVzjQEiJc6VaT9Hd/tydBTX/6tPiix6q4XNQ1/tYLaqT5Fmniye4Iqs5f2MvGQm # h2ySvZ180HAKfO+ovHVPulr3qRCyXen/KFSJ8NWKcXZl2szwcqMj+sAngkSumScb # qyQeJsG33irr9p6xeZmBo1aGqwpFyd/EjaDnmPv7pp1yr8THwcFqcdnGE4AJxLaf # zYeHJLtPo0m5d2aR8XKc6UsCUqc3fpNTrDsdCEkPlM05et3/JWOZJyw9P2un8WbD # Qc1PtkCbISFA0LcTJM3cHXg65J6t5TRxktcma+Q4c6umAU+9Pzt4rUyt+8SVe+0K # XzM5h0F4ejjpnOHdI/0dKNPH+ejxmF/7K9h+8kaddSweJywm228Vex4Ziza4k9Tm # 8heZWcpw8De/mADfIBZPJ/tgZxahZrrdVcA6KYawmKAr7ZVBtzrVFZgxtGIJDwq9 # gdkT/r+k0fNX2bwE+oLeMt8EifAAzV3C+dAjfwAL5HYCJtnwZXZCpimHCUcr5n8a # pIUP/JiW9lVUKx+A+sDyDivl1vupL0QVSucTDh3bNzgaoSv27dZ8/DCCBrAwggSY # oAMCAQICEAitQLJg0pxMn17Nqb2TrtkwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UE # BhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj # ZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MB4XDTIx # MDQyOTAwMDAwMFoXDTM2MDQyODIzNTk1OVowaTELMAkGA1UEBhMCVVMxFzAVBgNV # BAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0 # IENvZGUgU2lnbmluZyBSU0E0MDk2IFNIQTM4NCAyMDIxIENBMTCCAiIwDQYJKoZI # hvcNAQEBBQADggIPADCCAgoCggIBANW0L0LQKK14t13VOVkbsYhC9TOM6z2Bl3DF # u8SFJjCfpI5o2Fz16zQkB+FLT9N4Q/QX1x7a+dLVZxpSTw6hV/yImcGRzIEDPk1w # JGSzjeIIfTR9TIBXEmtDmpnyxTsf8u/LR1oTpkyzASAl8xDTi7L7CPCK4J0JwGWn # +piASTWHPVEZ6JAheEUuoZ8s4RjCGszF7pNJcEIyj/vG6hzzZWiRok1MghFIUmje # EL0UV13oGBNlxX+yT4UsSKRWhDXW+S6cqgAV0Tf+GgaUwnzI6hsy5srC9KejAw50 # pa85tqtgEuPo1rn3MeHcreQYoNjBI0dHs6EPbqOrbZgGgxu3amct0r1EGpIQgY+w # OwnXx5syWsL/amBUi0nBk+3htFzgb+sm+YzVsvk4EObqzpH1vtP7b5NhNFy8k0Uo # gzYqZihfsHPOiyYlBrKD1Fz2FRlM7WLgXjPy6OjsCqewAyuRsjZ5vvetCB51pmXM # u+NIUPN3kRr+21CiRshhWJj1fAIWPIMorTmG7NS3DVPQ+EfmdTCN7DCTdhSmW0td # dGFNPxKRdt6/WMtyEClB8NXFbSZ2aBFBE1ia3CYrAfSJTVnbeM+BSj5AR1/JgVBz # hRAjIVlgimRUwcwhGug4GXxmHM14OEUwmU//Y09Mu6oNCFNBfFg9R7P6tuyMMgkC # zGw8DFYRAgMBAAGjggFZMIIBVTASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW # BBRoN+Drtjv4XxGG+/5hewiIZfROQjAfBgNVHSMEGDAWgBTs1+OC0nFdZEzfLmc/ # 57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwdwYI # KwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j # b20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp # Q2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9j # cmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3JsMBwGA1Ud # IAQVMBMwBwYFZ4EMAQMwCAYGZ4EMAQQBMA0GCSqGSIb3DQEBDAUAA4ICAQA6I0Q9 # jQh27o+8OpnTVuACGqX4SDTzLLbmdGb3lHKxAMqvbDAnExKekESfS/2eo3wm1Te8 # Ol1IbZXVP0n0J7sWgUVQ/Zy9toXgdn43ccsi91qqkM/1k2rj6yDR1VB5iJqKisG2 # vaFIGH7c2IAaERkYzWGZgVb2yeN258TkG19D+D6U/3Y5PZ7Umc9K3SjrXyahlVhI # 1Rr+1yc//ZDRdobdHLBgXPMNqO7giaG9OeE4Ttpuuzad++UhU1rDyulq8aI+20O4 # M8hPOBSSmfXdzlRt2V0CFB9AM3wD4pWywiF1c1LLRtjENByipUuNzW92NyyFPxrO # JukYvpAHsEN/lYgggnDwzMrv/Sk1XB+JOFX3N4qLCaHLC+kxGv8uGVw5ceG+nKcK # BtYmZ7eS5k5f3nqsSc8upHSSrds8pJyGH+PBVhsrI/+PteqIe3Br5qC6/To/RabE # 6BaRUotBwEiES5ZNq0RA443wFSjO7fEYVgcqLxDEDAhkPDOPriiMPMuPiAsNvzv0 # zh57ju+168u38HcT5ucoP6wSrqUvImxB+YJcFWbMbA7KxYbD9iYzDAdLoNMHAmpq # QDBISzSoUSC7rRuFCOJZDW3KBVAr6kocnqX9oKcfBnTn8tZSkP2vhUgh+Vc7tJwD # 7YZF9LRhbr9o4iZghurIr6n+lB3nYxs6hlZ4TjCCBsYwggSuoAMCAQICEAp6Soie # yZlCkAZjOE2Gl50wDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNV # BAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0 # IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTAeFw0yMjAzMjkwMDAwMDBa # Fw0zMzAzMTQyMzU5NTlaMEwxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2Vy # dCwgSW5jLjEkMCIGA1UEAxMbRGlnaUNlcnQgVGltZXN0YW1wIDIwMjIgLSAyMIIC # IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuSqWI6ZcvF/WSfAVghj0M+7M # XGzj4CUu0jHkPECu+6vE43hdflw26vUljUOjges4Y/k8iGnePNIwUQ0xB7pGbumj # S0joiUF/DbLW+YTxmD4LvwqEEnFsoWImAdPOw2z9rDt+3Cocqb0wxhbY2rzrsvGD # 0Z/NCcW5QWpFQiNBWvhg02UsPn5evZan8Pyx9PQoz0J5HzvHkwdoaOVENFJfD1De # 1FksRHTAMkcZW+KYLo/Qyj//xmfPPJOVToTpdhiYmREUxSsMoDPbTSSF6IKU4S8D # 7n+FAsmG4dUYFLcERfPgOL2ivXpxmOwV5/0u7NKbAIqsHY07gGj+0FmYJs7g7a5/ # KC7CnuALS8gI0TK7g/ojPNn/0oy790Mj3+fDWgVifnAs5SuyPWPqyK6BIGtDich+ # X7Aa3Rm9n3RBCq+5jgnTdKEvsFR2wZBPlOyGYf/bES+SAzDOMLeLD11Es0MdI1DN # kdcvnfv8zbHBp8QOxO9APhk6AtQxqWmgSfl14ZvoaORqDI/r5LEhe4ZnWH5/H+gr # 5BSyFtaBocraMJBr7m91wLA2JrIIO/+9vn9sExjfxm2keUmti39hhwVo99Rw40KV # 6J67m0uy4rZBPeevpxooya1hsKBBGBlO7UebYZXtPgthWuo+epiSUc0/yUTngIsp # QnL3ebLdhOon7v59emsCAwEAAaOCAYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNV # HRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYG # Z4EMAQQCMAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGog # j57IbzAdBgNVHQ4EFgQUjWS3iSH+VlhEhGGn6m8cNo/drw0wWgYDVR0fBFMwUTBP # oE2gS4ZJaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0 # UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMw # gYAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEF # BQcwAoZMaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3Rl # ZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsF # AAOCAgEADS0jdKbR9fjqS5k/AeT2DOSvFp3Zs4yXgimcQ28BLas4tXARv4QZiz9d # 5YZPvpM63io5WjlO2IRZpbwbmKrobO/RSGkZOFvPiTkdcHDZTt8jImzV3/ZZy6HC # 6kx2yqHcoSuWuJtVqRprfdH1AglPgtalc4jEmIDf7kmVt7PMxafuDuHvHjiKn+8R # yTFKWLbfOHzL+lz35FO/bgp8ftfemNUpZYkPopzAZfQBImXH6l50pls1klB89Bem # h2RPPkaJFmMga8vye9A140pwSKm25x1gvQQiFSVwBnKpRDtpRxHT7unHoD5PELkw # NuTzqmkJqIt+ZKJllBH7bjLx9bs4rc3AkxHVMnhKSzcqTPNc3LaFwLtwMFV41pj+ # VG1/calIGnjdRncuG3rAM4r4SiiMEqhzzy350yPynhngDZQooOvbGlGglYKOKGuk # zp123qlzqkhqWUOuX+r4DwZCnd8GaJb+KqB0W2Nm3mssuHiqTXBt8CzxBxV+NbTm # tQyimaXXFWs1DoXW4CzM4AwkuHxSCx6ZfO/IyMWMWGmvqz3hz8x9Fa4Uv4px38qX # sdhH6hyF4EVOEhwUKVjMb9N/y77BDkpvIJyu2XMyWQjnLZKhGhH+MpimXSuX4IvT # nMxttQ2uR2M4RxdbbxPaahBuH0m3RFu0CAqHWlkEdhGhp3cCExwwggcCMIIE6qAD # AgECAhABZnISBJVCuLLqeeLTB6xEMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNVBAYT # AlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4RGlnaUNlcnQg # VHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEzODQgMjAyMSBDQTEw # HhcNMjExMjAyMDAwMDAwWhcNMjQxMjIwMjM1OTU5WjCBhjELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1pc3Npb24gVmllam8xJDAi # BgNVBAoTG1JpY2hhcmQgTS4gSGlja3MgQ29uc3VsdGluZzEkMCIGA1UEAxMbUmlj # aGFyZCBNLiBIaWNrcyBDb25zdWx0aW5nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A # MIIBigKCAYEA6svrVqBRBbazEkrmhtz7h05LEBIHp8fGlV19nY2gpBLnkDR8Mz/E # 9i1cu0sdjieC4D4/WtI4/NeiR5idtBgtdek5eieRjPcn8g9Zpl89KIl8NNy1UlOW # NV70jzzqZ2CYiP/P5YGZwPy8Lx5rIAOYTJM6EFDBvZNti7aRizE7lqVXBDNzyeHh # fXYPBxaQV2It+sWqK0saTj0oNA2Iu9qSYaFQLFH45VpletKp7ded2FFJv2PKmYrz # Ytax48xzUQq2rRC5BN2/n7771NDfJ0t8udRhUBqTEI5Z1qzMz4RUVfgmGPT+CaE5 # 5NyBnyY6/A2/7KSIsOYOcTgzQhO4jLmjTBZ2kZqLCOaqPbSmq/SutMEGHY1MU7xr # WUEQinczjUzmbGGw7V87XI9sn8EcWX71PEvI2Gtr1TJfnT9betXDJnt21mukioLs # UUpdlRmMbn23or/VHzE6Nv7Kzx+tA1sBdWdC3Mkzaw/Mm3X8Wc7ythtXGBcLmBag # pMGCCUOk6OJZAgMBAAGjggIGMIICAjAfBgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5h # ewiIZfROQjAdBgNVHQ4EFgQUxF7do+eIG9wnEUVjckZ9MsbZ+4kwDgYDVR0PAQH/ # BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMIG1BgNVHR8Ega0wgaowU6BRoE+G # TWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVT # aWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3JsMFOgUaBPhk1odHRwOi8vY3Js # NC5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQw # OTZTSEEzODQyMDIxQ0ExLmNybDA+BgNVHSAENzA1MDMGBmeBDAEEATApMCcGCCsG # AQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgZQGCCsGAQUFBwEB # BIGHMIGEMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wXAYI # KwYBBQUHMAKGUGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRy # dXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3J0MAwGA1Ud # EwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAEvHt/OKalRysHQdx4CXSOcgoayu # FXWNwi/VFcFr2EK37Gq71G4AtdVcWNLu+whhYzfCVANBnbTa9vsk515rTM06exz0 # QuMwyg09mo+VxZ8rqOBHz33xZyCoTtw/+D/SQxiO8uQR0Oisfb1MUHPqDQ69FTNq # IQF/RzC2zzUn5agHFULhby8wbjQfUt2FXCRlFULPzvp7/+JS4QAJnKXq5mYLvopW # sdkbBn52Kq+ll8efrj1K4iMRhp3a0n2eRLetqKJjOqT335EapydB4AnphH2WMQBH # Hroh5n/fv37dCCaYaqo9JlFnRIrHU7pHBBEpUGfyecFkcKFwsPiHXE1HqQJCPmMb # vPdV9ZgtWmuaRD0EQW13JzDyoQdJxQZSXJhDDL+VSFS8SRNPtQFPisZa2IO58d1C # vf5G8iK1RJHN/Qx413lj2JSS1o3wgNM3Q5ePFYXcQ0iPxjFYlRYPAaDx8t3olg/t # VK8sSpYqFYF99IRqBNixhkyxAyVCk6uLBLgwE9egJg1AFoHEdAeabGgT2C0hOyz5 # 5PNoDZutZB67G+WN8kGtFYULBloRKHJJiFn42bvXfa0Jg1jZ41AAsMc5LUNlqLhI # j/RFLinDH9l4Yb0ddD4wQVsIFDVlJgDPXA9E1Sn8VKrWE4I0sX4xXUFgjfuVfdcN # k9Q+4sJJ1YHYGmwLMYIFwjCCBb4CAQEwfTBpMQswCQYDVQQGEwJVUzEXMBUGA1UE # ChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQg # Q29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExAhABZnISBJVCuLLq # eeLTB6xEMAkGBSsOAwIaBQCgeDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkG # CSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEE # AYI3AgEVMCMGCSqGSIb3DQEJBDEWBBR4Y+1NaRc+MznHx3wHrWx8PNvREDANBgkq # hkiG9w0BAQEFAASCAYB049JTo29VRzEc0in0Mgz5lSKqVanZ4t/FBCahvMlU5T+q # oLR6bEz5Km6K9IMgpWcjRTnaVm7DxZas+hesrxJc52G0TyAYeLjlMqHlURAYM4TF # i9SHn6Gu9ASkI20zkTJqaxO/TuEVcBlnT5nnSd+p0ZqbaUklcw93bBRMY7+lhjZ4 # O4rrjYR0K89bapI67TuBD5RkR7nGO74kJl4C+ciBlgHjBzWIBMMKvYHsZiCj8GHd # ReqLhGsxOAAbaHf03OLZZEMTNPkiumZnosf3aMSw2MciwiNGwMNS8IWZeXMEyB9D # YkLe4zegmiAkSo5Oc0Yknc+J5kIR833n8OTdoxK0wuT+N6vRtjBrtJyX9Iqpm3E6 # QVI28V7dF31Fau38l1iw+HNy2ShWHW/s7Fh3IO52FFJrWQ5ZyJg/gnbvzBQBgIVm # wJsxlTwUObO0c8rLK0dQBC+qaNAYTNxOZB/3DxJJLpGJPOzvaJXO3PY/eMGayxd8 # hOS04Z0i5psX6CuxmnqhggMgMIIDHAYJKoZIhvcNAQkGMYIDDTCCAwkCAQEwdzBj # MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMT # MkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5n # IENBAhAKekqInsmZQpAGYzhNhpedMA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcN # AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjIwMzI5MjMyODAzWjAv # BgkqhkiG9w0BCQQxIgQgpYUjHvhO3YrpWVtQve2g93H23Jkr7vHimI0nEkXDjI4w # DQYJKoZIhvcNAQEBBQAEggIAMc1dSDK6m6bgznflSgSR+MUL4StOVMopnA/2W958 # uUrPg3AlVO1eGfkWKavfhFCDcMKuLuyY+NZbsd4LzvgR+NdN1EgfSDEsnPIfRTbZ # FFE4qwj4X/B15NDUp07OaRazhM4ziskwlm+unG1nRKJ+Cug5E8URhmS7cZK3BiJY # 9O1nzAJh0IOrAFki/dEALtf/BsAeJnXp7ouRLE3Hz4FjSq1GAiDgWFCj0OcMfS5N # muO1kx9Ov6A4AK0JsBdVN+ypXbTwc15hhjyYrlHdhoedmgKWGVsFiK6WSaA3zsyU # cXnYQdxnnpYjje/oXex+8Ln3tvd2/c/agLi0RWIucP/37fSQcUs28h96iN4Pa5B9 # xlRt1FrM5jUggpKa5dCJ9/pa1Q1uf0+nJqVHjJp93ZSIr/gtodD04gI49E79SVS+ # cxdL2RbkYlSevR4dV8FKL51fRsHBnIPaUkdfyiRThE9WSc3qMPEMe1K4OgpDUnPP # F807jf7Mcbn0OX+9ADt63DYVpjExqIRdp6lOweJN2Mnga4umK53o9RtZ+jyBn1z/ # 86J3n5zpNm2RYJjaj0jj52o/l1iC9Ifj3/YD7M1FtJ7RbqfQh7+2g9pX0n25Bj5y # kILe43qv1EXt4LiJyTu8dqlhIXo0r6NpU+2afnN/USTiZ/TX9Igv32B3HxKAKzoo # dXo= # SIG # End signature block |