scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: scsd:3704befde2539b4738cc277ceff6a0466a3b114e
Branches Tags
scsd:main
...
compare: scsd:437e40e712797ad5643bd6307fe12f3bef4bdeb0
Branches Tags
scsd:main

8 Commits
3704befde2 ... 437e40e712

Author SHA1 Message Date
John Poland
437e40e712 sh/sh-noc-a8360-4-a.cfg Tue Dec 9 05:27:18 PM EST 2025 2025-12-09 17:27:19 -05:00
John Poland
e2ee6cdee8 wlc/wlc-c.cfg Tue Dec 9 05:27:18 PM EST 2025 2025-12-09 17:27:18 -05:00
John Poland
919ecd1f12 wlc/wlc-a.cfg Tue Dec 9 05:27:18 PM EST 2025 2025-12-09 17:27:18 -05:00
John Poland
aa43e30e55 wlc/wlc-b.cfg Tue Dec 9 05:27:18 PM EST 2025 2025-12-09 17:27:18 -05:00
John Poland
ebc9789ce6 wlc/wlc-mm-2.cfg Tue Dec 9 05:27:18 PM EST 2025 2025-12-09 17:27:18 -05:00
John Poland
6e2083ac0d wlc/wlc-mm.cfg Tue Dec 9 05:27:18 PM EST 2025 2025-12-09 17:27:18 -05:00
John Poland
02fd88c7e2 fortigate-backup Tue Dec 9 05:27:18 PM EST 2025 2025-12-09 17:27:18 -05:00
John Poland
ad7feac573 fortigate Tue Dec 9 05:27:18 PM EST 2025 2025-12-09 17:27:18 -05:00
8 changed files with 467 additions and 1851 deletions
Show Stats Expand all files Collapse all files

1953
configs/fortigate/fortigate.conf
View File

File diff suppressed because it is too large Load Diff

341
configs/fortigate/vdom_scsd/firewall.cfg
View File

@ -31,26 +31,6 @@ config firewall address
set comment "Barracuda Email Internal"
set subnet 10.1.40.7 255.255.255.255
next
edit "CK-Australia-203"
set comment "ContentKeeper Australian Support"
set color 19
set subnet 203.22.30.0 255.255.255.0
next
edit "CK-North-America-173"
set comment "Content Keeper North American Support"
set color 19
set subnet 173.60.169.48 255.255.255.240
next
edit "CK-North-America-202"
set comment "ContentKeeper North American Support"
set color 19
set subnet 202.166.186.0 255.255.255.0
next
edit "CK-North-America-8"
set comment "ContentKeeper North American Support"
set color 19
set subnet 8.19.154.0 255.255.255.0
next
edit "Nimble_Inside_1"
set subnet 192.168.1.98 255.255.255.255
next
@ -71,91 +51,6 @@ config firewall address
set comment "IP address for Safe Schools video training. Used to access LDAP authentication."
set subnet 52.27.21.77 255.255.255.255
next
edit "ckf01-ipmi-inside"
set comment "ContentKeeper Filter 01 IPMI Port"
set color 19
set subnet 10.251.1.31 255.255.255.255
next
edit "ckf01-mgmt-inside"
set comment "Content Keeper Filter 01 Management Port"
set color 19
set subnet 10.251.1.21 255.255.255.255
next
edit "ckf02-ipmi-inside"
set comment "ContentKeeper Filter 02 IPMI Port"
set color 19
set subnet 10.251.1.32 255.255.255.255
next
edit "ckf02-mgmt-inside"
set comment "ContentKeeper Filter 02 Management Port"
set color 19
set subnet 10.251.1.22 255.255.255.255
next
edit "cklb01-ipmi-inside"
set comment "ContentKeeper Load Balancer 01 IPMI Port"
set color 19
set subnet 10.251.1.30 255.255.255.255
next
edit "cklb01-mgmt-inside"
set comment "ContentKeeper Load Balancer 01 Management Port"
set color 19
set subnet 10.251.1.20 255.255.255.255
next
edit "ckm01-ipmi-inside"
set comment "ContentKeeper Mobile 01 IPMI Port"
set color 19
set subnet 10.251.1.34 255.255.255.255
next
edit "ckm01-mgmt1-inside"
set comment "ContentKeeper Mobile 01 Management Port 1"
set color 19
set subnet 10.251.1.24 255.255.255.255
next
edit "ckm01-mgmt2-inside"
set comment "ContentKeeper Mobile 01 Management Port 2"
set color 19
set subnet 10.251.1.28 255.255.255.255
next
edit "ckm02-ipmi-inside"
set comment "ContentKeeper Mobile 02 IPMI Port"
set color 19
set subnet 10.251.1.35 255.255.255.255
next
edit "ckm02-mgmt1-inside"
set comment "ContentKeeper Mobile 02 Management Port 1"
set color 19
set subnet 10.251.1.25 255.255.255.255
next
edit "ckm02-mgmt2-inside"
set comment "ContentKeeper Mobile 02 Management Port 2"
set color 19
set subnet 10.251.1.29 255.255.255.255
next
edit "ckm03-ipmi-inside"
set comment "ContentKeeper Mobile 03 IPMI Port"
set color 19
set subnet 10.251.1.36 255.255.255.255
next
edit "ckm03-mgmt1-inside"
set comment "ContentKeeper Mobile 03 Management Port 1"
set color 19
set subnet 10.251.1.26 255.255.255.255
next
edit "ckm03-mgmt2-inside"
set comment "ContentKeeper Mobile 03 Management Port 2"
set color 19
set subnet 10.251.1.27 255.255.255.255
next
edit "ckr01-ipmi-inside"
set comment "ContentKeeper Reporter 01 IPMI Port"
set color 19
set subnet 10.251.1.33 255.255.255.255
next
edit "ckr01-mgmt-inside"
set comment "ContentKeeper Reporter 01 Management Port"
set color 19
set subnet 10.251.1.23 255.255.255.255
next
edit "SPD_20_DrKing"
set comment "SPD Firewall STEAM at Dr King"
set color 2
@ -694,11 +589,6 @@ config firewall address
set color 6
set subnet 201.184.69.50 255.255.255.255
next
edit "CK-North-America-202_B"
set comment "Content Keeper North American Support"
set color 19
set subnet 202.166.186.64 255.255.255.255
next
edit "z_BlockIP_059"
set comment "Malicious IP Address"
set associated-interface "outside"
@ -1494,11 +1384,6 @@ config firewall address
edit "SchoolTool_External_Range"
set subnet 172.30.44.0 255.255.254.0
next
edit "ckr01-mgmt-inside-temp"
set comment "ContentKeeper Reporter 01 Management Port"
set color 19
set subnet 10.251.1.43 255.255.255.255
next
edit "z_BlockIP_141"
set comment "now.gg"
set associated-interface "outside"
@ -2966,11 +2851,6 @@ config firewall addrgrp
set member "21JumpSt" "DataTools" "Fileserver03" "Nighttime_Inside" "Tableau" "DC01_A" "DC01_B" "DC01_C" "HVDC02" "HVDC03_A" "HVDC03_B" "DocHolliday" "SchoolTool webjs" "Elastic"
set comment "Access for SchoolTool Cloud"
next
edit "CONTENTKEEPER-REMOTE-SUPPORT"
set member "CK-North-America-202" "CK-Australia-203" "CK-North-America-173" "CK-North-America-8" "CK-North-America-202_B"
set comment "ContentKeeper Remote Support Networks"
set color 19
next
edit "Nimble_Inside_Grp"
set member "Nimble_Inside_4" "Nimble_Inside_2" "Nimble_Inside_1" "nimble_Inside_3"
next
@ -3028,11 +2908,6 @@ config firewall addrgrp
set comment "City CGRs on our side"
set color 28
next
edit "CK_Inside_Group"
set member "ckf01-ipmi-inside" "ckf01-mgmt-inside" "ckf02-ipmi-inside" "ckf02-mgmt-inside" "cklb01-ipmi-inside" "cklb01-mgmt-inside" "ckm01-ipmi-inside" "ckm01-mgmt1-inside" "ckm01-mgmt2-inside" "ckm02-ipmi-inside" "ckm02-mgmt1-inside" "ckm02-mgmt2-inside" "ckm03-ipmi-inside" "ckm03-mgmt1-inside" "ckm03-mgmt2-inside" "ckr01-ipmi-inside" "ckr01-mgmt-inside" "ckr01-mgmt-inside-temp"
set comment "Content Keeper Inside Address Group"
set color 19
next
edit "Block_List_Group"
set member "z_BlockIP_001" "z_BlockIP_002" "z_BlockIP_003" "z_BlockIP_004" "z_BlockIP_005" "z_BlockIP_006" "z_BlockIP_008" "z_BlockIP_009" "z_BlockIP_010" "z_BlockIP_011" "z_BlockIP_012" "z_BlockIP_013" "z_BlockIP_014" "z_BlockIP_015" "z_BlockIP_016" "z_BlockIP_017" "z_BlockIP_018" "z_BlockIP_019" "z_BlockIP_020" "z_BlockIP_021" "z_BlockIP_022" "z_BlockIP_024" "z_BlockIP_025" "z_BlockIP_026" "z_BlockIP_027" "z_BlockIP_028" "z_BlockIP_030" "z_BlockIP_031" "z_BlockIP_032" "z_BlockIP_033" "z_BlockIP_034" "z_BlockIP_035" "z_BlockIP_036" "z_BlockIP_037" "z_BlockIP_038" "z_BlockIP_039" "z_BlockIP_040" "z_BlockIP_041" "z_BlockIP_042" "z_BlockIP_043" "z_BlockIP_044" "z_BlockIP_045" "z_BlockIP_046" "z_BlockIP_047" "z_BlockIP_048" "z_BlockIP_052" "z_BlockIP_053" "z_BlockIP_054" "z_BlockIP_055" "z_BlockIP_056" "z_BlockIP_057" "z_BlockIP_058" "z_BlockIP_059" "z_BlockIP_060" "z_BlockIP_061" "z_BlockIP_062" "z_BlockIP_063" "z_BlockIP_064" "z_BlockIP_065" "z_BlockIP_066" "z_BlockIP_067" "z_BlockIP_068" "z_BlockIP_069" "z_BlockIP_070" "z_BlockIP_071" "z_BlockIP_072" "z_BlockIP_073" "z_BlockIP_074" "z_BlockIP_075" "z_BlockIP_076" "z_BlockIP_077" "z_BlockIP_078" "z_BlockIP_079" "z_BlockIP_080" "z_BlockIP_081" "z_BlockIP_082" "z_BlockIP_083" "z_BlockIP_084" "z_BlockIP_085" "z_BlockIP_086" "z_BlockIP_087" "z_BlockIP_088" "z_BlockIP_089" "z_BlockIP_090" "z_BlockIP_091" "z_BlockIP_092" "z_BlockIP_093" "z_BlockIP_094" "z_BlockIP_095" "z_BlockIP_096" "z_BlockIP_097" "z_BlockIP_098" "z_BlockIP_099" "z_BlockIP_100" "z_BlockIP_101" "z_BlockIP_007" "z_BlockIP_049" "z_BlockIP_050" "z_BlockIP_051" "z_BlockIP_103" "z_BlockIP_104" "z_BlockIP_105" "z_BlockIP_106" "z_BlockIP_107" "z_BlockIP_108" "z_BlockIP_109" "z_BlockIP_111" "z_BlockIP_112" "z_BlockIP_113" "z_BlockIP_114" "z_BlockIP_115" "z_BlockIP_116" "z_BlockIP_117" "z_BlockIP_118" "z_BlockIP_119" "z_BlockIP_120" "z_BlockIP_122" "z_BlockIP_125" "z_BlockIP_126" "z_BlockIP_127" "z_BlockIP_128" "z_BlockIP_129" "z_BlockIP_130" "z_BlockIP_131" "z_BlockIP_132" "z_BlockIP_133" "z_BlockSub_001" "z_BlockSub_002" "z_BlockSub_003" "z_BlockSub_004" "z_BlockSub_005" "z_BlockSub_006" "z_BlockSub_007" "z_BlockSub_008" "z_BlockSub_009" "z_BlockSub_010" "z_BlockSub_011" "z_BlockSub_012" "z_BlockSub_013" "z_BlockSub_014" "z_BlockSub_015" "z_BlockSub_016" "z_BlockSub_017" "z_BlockSub_019" "z_BlockSub_020" "z_BlockSub_021" "z_BlockSub_022" "z_BlockSub_024" "z_BlockSub_025" "z_BlockSub_026" "z_BlockSub_027" "z_BlockSub_028" "z_BlockSub_030" "z_BlockSub_031" "z_BlockSub_032" "z_BlockSub_033" "z_BlockSub_034" "z_BlockSub_035" "z_BlockSub_037" "z_BlockSub_038" "z_BlockSub_039" "z_Ryuk_01" "z_Ryuk_02" "z_BlockIP_023" "z_BlockIP_029" "z_BlockIP_134" "z_BlockIP_135" "z_BlockIP_000" "z_BlockIP_138" "z_BlockIP_139" "z_BlockIP_140" "z_BlockIP_141" "z_BlockIP_142" "z_BlockIP_143" "z_BlockIP_144" "z_BlockIP_145" "z_BlockIP_146" "z_BlockIP_147" "z_BlockIP_148" "z_BlockIP_149" "z_BlockIP_150" "z_BlockRange_01" "z_BlockRange_02" "z_BlockRange_03" "z_BlockSub_040" "z_BlockSub_041" "z_BlockSub_042" "z_BlockIP_152"
set comment "IPs and Subnets to be blocked as Malicious"
@ -4024,143 +3899,6 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-ckf01-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.31
set mappedip "10.251.1.31"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
set color 19
next
edit "vip-ckf01-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.21
set mappedip "10.251.1.21"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckf02-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.32
set mappedip "10.251.1.32"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckf02-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.22
set mappedip "10.251.1.22"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-cklb01-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.30
set mappedip "10.251.1.30"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-cklb01-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.20
set mappedip "10.251.1.20"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm01-mgmt2"
set comment "ContentKeeper"
set extip 198.36.26.28
set mappedip "10.251.1.28"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckr01-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.23
set mappedip "10.251.1.23"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckr01-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.33
set mappedip "10.251.1.33"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm01-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.34
set mappedip "10.251.1.34"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm01-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.24
set mappedip "10.251.1.24"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm02-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.35
set mappedip "10.251.1.35"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm02-mgmt"
set comment "ContentKeeper"
set extip 198.36.26.25
set mappedip "10.251.1.25"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm02-mgmt2"
set comment "ContentKeeper"
set extip 198.36.26.29
set mappedip "10.251.1.29"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm03-ipmi"
set comment "ContentKeeper"
set extip 198.36.26.36
set mappedip "10.251.1.36"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm03-mgmt1"
set comment "ContentKeeper"
set extip 198.36.26.26
set mappedip "10.251.1.26"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-ckm03-mgmt2"
set comment "ContentKeeper"
set extip 198.36.26.27
set mappedip "10.251.1.27"
set extintf "outside lag"
set nat-source-vip enable
set color 19
next
edit "vip-scsdess"
set comment "ESS"
set extip 198.36.24.100
@ -4288,21 +4026,6 @@ description Eastern Suffolk BOCES access to NTSS.scsd.ad"
next
end
config firewall vipgrp
edit "vip-grp-ck-mgmt-filters"
set interface "outside lag"
set color 19
set member "vip-ckf01-mgmt" "vip-ckf02-mgmt"
next
edit "vip-grp-ck-all"
set interface "outside lag"
set color 19
set member "vip-ckf01-ipmi" "vip-ckf01-mgmt" "vip-ckf02-ipmi" "vip-ckf02-mgmt" "vip-cklb01-ipmi" "vip-cklb01-mgmt" "vip-ckm01-ipmi" "vip-ckm01-mgmt" "vip-ckm01-mgmt2" "vip-ckm02-ipmi" "vip-ckm02-mgmt" "vip-ckm02-mgmt2" "vip-ckm03-ipmi" "vip-ckm03-mgmt1" "vip-ckm03-mgmt2" "vip-ckr01-ipmi" "vip-ckr01-mgmt"
next
edit "vip-grp-ckm-mgmt"
set interface "outside lag"
set color 19
set member "vip-ckm01-mgmt" "vip-ckm01-mgmt2" "vip-ckm02-mgmt" "vip-ckm02-mgmt2" "vip-ckm03-mgmt1" "vip-ckm03-mgmt2"
next
edit "vip-grp-barracuda_Archivers"
set interface "outside lag"
set member "vip-Barracuda-Archive-1" "vip-Barracuda-Archive-2"
@ -5336,22 +5059,6 @@ config firewall policy
set logtraffic all
set comments "Nimble Support"
next
edit 107
set status disable
set name "Content_Keeper_In -> Out"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "CK_Inside_Group"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
set ippool enable
set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
set comments "ContentKeeper"
next
edit 10026
set name "Barracuda In->Out"
set srcintf "inside"
@ -5948,54 +5655,6 @@ config firewall policy
set logtraffic all
set comments "City Allowed Networks From Us to Them"
next
edit 10012
set status disable
set name "CK_Mgmt_Filters"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "vip-grp-ck-mgmt-filters"
set schedule "always"
set service "HTTPS" "TCP-8080"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "ContentKeeper"
next
edit 10014
set status disable
set name "CK_Support"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "CONTENTKEEPER-REMOTE-SUPPORT"
set dstaddr "vip-grp-ck-all"
set schedule "always"
set service "CK_Support_Services_Group"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "ContentKeeper"
next
edit 10018
set status disable
set name "CKMobile"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "vip-grp-ckm-mgmt"
set schedule "always"
set service "CK_Mobile_Services_Group"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "ContentKeeper"
next
edit 10024
set name "Email_Hybrid_Allow"
set srcintf "outside"

5
configs/sh/sh-noc-a8360-4-a.cfg
View File

@ -717,6 +717,11 @@ interface 1/1/2
interface 1/1/3
description iLo_New_DC
no shutdown
interface 1/1/44
description Ribbon-SBC
no shutdown
no routing
vlan access 150
interface 1/1/45
description VuWall
no shutdown

5
configs/wlc/wlc-a.cfg
View File

@ -7,7 +7,7 @@ clock timezone America/New_York -05 0
!
conductorip 10.1.35.33 ipsec ****** interface vlan 35
location "Building1.floor1"
controller config 709
controller config 712
crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx
@ -1629,10 +1629,11 @@ interface vlan 1024
!
interface vlan 367
ip address 10.67.112.7 255.255.240.0
!
interface vlan 467
ip address 10.67.128.4 255.255.240.0
ip address 10.67.128.7 255.255.240.0
!
!

5
configs/wlc/wlc-b.cfg
View File

@ -7,7 +7,7 @@ clock timezone America/New_York -05 0
!
conductorip 10.1.35.33 ipsec ****** interface vlan 35
location "Building1.floor1"
controller config 709
controller config 712
crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx
@ -1629,10 +1629,11 @@ interface vlan 1024
!
interface vlan 367
ip address 10.67.112.8 255.255.240.0
!
interface vlan 467
ip address 10.67.128.5 255.255.240.0
ip address 10.67.128.8 255.255.240.0
!
!

5
configs/wlc/wlc-c.cfg
View File

@ -7,7 +7,7 @@ clock timezone America/New_York -05 0
!
conductorip 10.1.35.33 ipsec ****** interface vlan 35
location "Building1.floor1"
controller config 709
controller config 712
crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx
@ -1623,10 +1623,11 @@ interface vlan 1024
!
interface vlan 367
ip address 10.67.112.9 255.255.240.0
!
interface vlan 467
ip address 10.67.128.6 255.255.240.0
ip address 10.67.128.9 255.255.240.0
!
!

2
configs/wlc/wlc-mm-2.cfg
View File

@ -6,7 +6,7 @@ hostname "NOC-ARUBA-MM-2"
clock timezone America/New_York -05 0
!
location "Building1.floor1"
controller config 709
controller config 712
crypto-local pki ServerCert scsd_wc2_full_2025 Star-Exp042025-fullchain.pfx
crypto-local pki ServerCert scsd_wc2_full_2026 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_wildcard_2025 StartCert-Expire042025.pfx

2
configs/wlc/wlc-mm.cfg
View File

@ -6,7 +6,7 @@ hostname "noc-aruba-mm"
clock timezone America/New_York -05 0
!
location "Building1.floor1"
controller config 709
controller config 712
crypto-local pki ServerCert scsd_wc2_full_2026 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_wildcard_2026 StarCert-Ex03_26_fullchain.pfx
crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert