new files for TLS

2026-04-02 11:48:43 -07:00 · 2015-10-22 03:32:11 +02:00
parent 749d4f89cc
commit 5004efe54b
9 changed files with 453 additions and 0 deletions
--- a/server/configs/tls/certs/nats.crt
+++ b/server/configs/tls/certs/nats.crt
@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            c8:77:4b:d6:10:0a:9f:f3
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=apcera.me:4443/emailAddress=derek@nats.io
+        Validity
+            Not Before: Oct 21 12:44:12 2015 GMT
+            Not After : Oct 20 12:44:12 2016 GMT
+        Subject: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=apcera.me:4443/emailAddress=derek@nats.io
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:a1:e3:36:e3:e4:88:53:e8:b7:37:56:96:c9:a8:
+                    1d:0a:53:d2:b8:87:96:b3:aa:35:26:f2:e6:20:65:
+                    f2:6a:6f:31:e1:0d:44:82:fc:97:bc:3e:db:c9:25:
+                    68:ee:81:84:b9:88:49:bf:cc:46:46:68:8c:fa:0e:
+                    05:9a:3d:0f:cc:90:54:0a:58:ee:3e:85:fe:64:75:
+                    85:49:17:a1:ed:10:04:6d:34:22:1e:81:d0:ca:4c:
+                    ec:a4:1c:e6:fd:7d:a0:05:b4:3c:e3:5d:e8:32:8e:
+                    a6:04:a6:af:42:cd:09:15:39:12:9b:7c:32:9d:ce:
+                    3e:06:aa:bf:13:98:36:ff:b1:f7:aa:1d:f1:fe:ba:
+                    1d:c2:38:86:52:ce:7e:d3:86:44:8c:2f:65:e3:50:
+                    4a:67:22:e2:39:51:ab:30:0e:e3:a8:ce:c9:9a:d1:
+                    9f:4c:1c:25:49:da:fa:b7:a1:0f:8e:d6:c0:d6:6d:
+                    05:22:cc:58:06:fa:7c:4a:b0:b9:ab:d5:e6:0b:60:
+                    48:ed:cf:c8:46:ab:e1:fa:55:91:88:21:8d:e0:fc:
+                    21:21:26:3f:a5:9f:b5:95:40:59:27:03:84:3f:2c:
+                    61:b2:2b:5b:e0:75:5c:fb:70:eb:c3:d3:3a:3a:e8:
+                    2e:47:7e:3d:51:82:7a:b8:b4:8e:17:ff:e4:0d:fb:
+                    86:5f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier:
+                1E:A4:01:43:CF:10:7B:1A:A8:47:40:90:13:CE:5B:66:4C:B4:3B:69
+            X509v3 Authority Key Identifier:
+                keyid:1E:A4:01:43:CF:10:7B:1A:A8:47:40:90:13:CE:5B:66:4C:B4:3B:69
+                DirName:/C=US/ST=California/L=San Francisco/O=Apcera Inc/OU=NATS Testing/CN=apcera.me:4443/emailAddress=derek@nats.io
+                serial:C8:77:4B:D6:10:0A:9F:F3
+
+            X509v3 Basic Constraints:
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        8c:4c:4a:36:de:84:81:9e:fa:25:0c:50:d1:dd:96:33:34:f9:
+        7a:f2:40:ed:9b:14:af:86:1e:f0:32:bc:03:67:96:fe:34:16:
+        2e:92:9b:97:c1:76:93:04:d7:d6:e1:d0:75:66:a2:0e:2b:1a:
+        60:ac:df:e6:14:78:ef:32:3a:91:e8:19:4c:e5:25:5b:ee:3f:
+        77:5a:30:2e:f1:e2:0b:cb:33:80:af:ec:71:f4:c2:eb:4f:14:
+        5a:b4:c7:df:d9:86:7a:ef:23:fc:c2:fd:35:00:e0:77:4c:50:
+        d3:b7:f6:ca:4b:5b:19:26:6a:8e:53:66:6a:e5:fc:7f:46:54:
+        7f:78:ad:98:45:e4:66:9b:78:7b:e4:8e:da:13:50:2c:a1:6b:
+        03:6d:a7:36:b9:f8:10:ed:e4:23:02:d8:9f:0f:f7:fe:6e:c8:
+        75:58:8d:34:bf:45:52:58:8c:d0:86:09:e4:aa:6d:61:d8:8c:
+        d1:1d:fb:f1:4c:3d:d5:dc:9e:17:49:d8:2f:8c:b1:34:aa:81:
+        93:de:50:c0:f7:c7:17:83:7f:66:a0:d2:c5:8c:63:70:b6:34:
+        0b:0a:77:41:41:19:ca:92:8a:ed:02:e6:98:62:e6:66:8f:2f:
+        46:16:b6:71:b2:4a:76:15:ba:ce:a8:7a:a1:3a:44:d1:84:12:
+        b8:61:97:bf
+-----BEGIN CERTIFICATE-----
+MIIExzCCA6+gAwIBAgIJAMh3S9YQCp/zMA0GCSqGSIb3DQEBBQUAMIGdMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j
+aXNjbzETMBEGA1UEChMKQXBjZXJhIEluYzEVMBMGA1UECxMMTkFUUyBUZXN0aW5n
+MRcwFQYDVQQDEw5hcGNlcmEubWU6NDQ0MzEcMBoGCSqGSIb3DQEJARYNZGVyZWtA
+bmF0cy5pbzAeFw0xNTEwMjExMjQ0MTJaFw0xNjEwMjAxMjQ0MTJaMIGdMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j
+aXNjbzETMBEGA1UEChMKQXBjZXJhIEluYzEVMBMGA1UECxMMTkFUUyBUZXN0aW5n
+MRcwFQYDVQQDEw5hcGNlcmEubWU6NDQ0MzEcMBoGCSqGSIb3DQEJARYNZGVyZWtA
+bmF0cy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKHjNuPkiFPo
+tzdWlsmoHQpT0riHlrOqNSby5iBl8mpvMeENRIL8l7w+28klaO6BhLmISb/MRkZo
+jPoOBZo9D8yQVApY7j6F/mR1hUkXoe0QBG00Ih6B0MpM7KQc5v19oAW0PONd6DKO
+pgSmr0LNCRU5Ept8Mp3OPgaqvxOYNv+x96od8f66HcI4hlLOftOGRIwvZeNQSmci
+4jlRqzAO46jOyZrRn0wcJUna+rehD47WwNZtBSLMWAb6fEqwuavV5gtgSO3PyEar
+4fpVkYghjeD8ISEmP6WftZVAWScDhD8sYbIrW+B1XPtw68PTOjroLkd+PVGCeri0
+jhf/5A37hl8CAwEAAaOCAQYwggECMB0GA1UdDgQWBBQepAFDzxB7GqhHQJATzltm
+TLQ7aTCB0gYDVR0jBIHKMIHHgBQepAFDzxB7GqhHQJATzltmTLQ7aaGBo6SBoDCB
+nTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
+biBGcmFuY2lzY28xEzARBgNVBAoTCkFwY2VyYSBJbmMxFTATBgNVBAsTDE5BVFMg
+VGVzdGluZzEXMBUGA1UEAxMOYXBjZXJhLm1lOjQ0NDMxHDAaBgkqhkiG9w0BCQEW
+DWRlcmVrQG5hdHMuaW+CCQDId0vWEAqf8zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBBQUAA4IBAQCMTEo23oSBnvolDFDR3ZYzNPl68kDtmxSvhh7wMrwDZ5b+NBYu
+kpuXwXaTBNfW4dB1ZqIOKxpgrN/mFHjvMjqR6BlM5SVb7j93WjAu8eILyzOAr+xx
+9MLrTxRatMff2YZ67yP8wv01AOB3TFDTt/bKS1sZJmqOU2Zq5fx/RlR/eK2YReRm
+m3h75I7aE1AsoWsDbac2ufgQ7eQjAtifD/f+bsh1WI00v0VSWIzQhgnkqm1h2IzR
+HfvxTD3V3J4XSdgvjLE0qoGT3lDA98cXg39moNLFjGNwtjQLCndBQRnKkortAuaY
+YuZmjy9GFrZxskp2FbrOqHqhOkTRhBK4YZe/
+-----END CERTIFICATE-----
--- a/server/configs/tls/certs/nats.key
+++ b/server/configs/tls/certs/nats.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAoeM24+SIU+i3N1aWyagdClPSuIeWs6o1JvLmIGXyam8x4Q1E
+gvyXvD7bySVo7oGEuYhJv8xGRmiM+g4Fmj0PzJBUCljuPoX+ZHWFSReh7RAEbTQi
+HoHQykzspBzm/X2gBbQ8413oMo6mBKavQs0JFTkSm3wync4+Bqq/E5g2/7H3qh3x
+/rodwjiGUs5+04ZEjC9l41BKZyLiOVGrMA7jqM7JmtGfTBwlSdr6t6EPjtbA1m0F
+IsxYBvp8SrC5q9XmC2BI7c/IRqvh+lWRiCGN4PwhISY/pZ+1lUBZJwOEPyxhsitb
+4HVc+3Drw9M6OuguR349UYJ6uLSOF//kDfuGXwIDAQABAoIBABVtHzy2aJzCdk1q
+tnZmO8G8Km2l9Ho/Et3e1DqBg742jWF+Ag1cJTETGL/cpbC7j7eGpEwwWzTCbbZC
+2Nb7MfYfPCBKeO3piiv9qfBsok/gCNXzSnjDMcE0wTVPZfsy/1UB7/Uf3rWiT7LZ
+5ORwgr0+WoodvA1K2MbFHpkXUmAxFevx6reGmWYlx8UPbyS9PfONHt2SfG8wVmcJ
+n3qqw5Flywp8uDCTrd8L/yM54onq4RCZ/iSKLphLjOFgWzx2PnuRog4obNJtAlHC
+jTcrW1/QCgwU9J2uBfMvzQLWwgU6prlrh20k42UbWknqoozwdSW7N3vEawt3ri5Z
+c76wkGECgYEA0xj+AbZ6FyqA5lJbebSZs1KpBsgcJK5LI/XAvKnlLNnKXIi5uT2l
+SM37j9/G5BhnrOIUuc756WJrX5CTqkXHvc5eINO1sR4o1uTf3H44JKWXFBanzdvO
+DXI11a0810AbJEiXqz7e/ldEovVsBWJCMtv+F7j7TCNG4qlPMa7xhCcCgYEAxFKP
+mR2nHlvFJQYUkiGRpTYg82utNiQhifwGUjZK0kBeMXH10fL2K1KOx/OfrlTOQmyN
+OC/db88sFtsh0sD44SzkAUS0iP8FWlWYrm+ZLWc1xkOaOcDE294p+BgX3xxTLKWK
+dO9gKsG5MxscZ8yTvX67jRmfeiRAlVr8bPOKtwkCgYAWSH8XozGEHIJ6zZrGYCAR
+Y9pf0uPVo2hfJWPxBmYgs+S+m9gvC6jU5Jl3eIHANitLfpn9ezG6Rx9aeSJ9SNxq
+1svs3yxAxBQ/iu1ukwxOIgSupC2Wd2tq0/GG2sCfYC79R4RrGTnk00V1hj6e2t5u
+C/bofihYwyiKaKDpd7Qa5QKBgBt3dZG1fVkY+8cHR79+JNNZdFi6Gty1R1/3u6aq
+4+LwkH0YdYzvEhPTlBhTdGa+hLD0YPmYcMGg2YlFFUFYMDnIvwmSZDO6gjQ2P4tA
+H80jYHmhoaUs3B3qwjJspIJZgyV+75UWnHy+57tHsryu+YiMf47pI8/B3KtItIJF
+vIWJAoGAXoQbPCdxl//vVxvlnKl8TTlaW0GYJk+GAow6V3s/nMmMQKlFuurZpHcT
+cmYkpTbTOgVhhmgqr8Iw7qIRS95NzfjbsV6wzbFJZNI/pU5tJAtcFgsmaTA5Uxck
+BQZmojzJgiQ1cZT9BCKAeuwi5G/tKyJzA6Q1zSbSs8HrHV1BU98=
+-----END RSA PRIVATE KEY-----
--- a/server/configs/tls/test.conf
+++ b/server/configs/tls/test.conf
@@ -0,0 +1,16 @@
+
+# Simple TLS config file
+
+port: 4443
+net: apcera.me # net interface
+
+tls {
+  cert_file:  "./configs/tls/certs/nats.crt"
+  key_file:   "./configs/tls/certs/nats.key"
+}
+
+authorization {
+  user:     derek
+  password: buckley
+  timeout:  1
+}
--- a/test/configs/certs/localhost.crt
+++ b/test/configs/certs/localhost.crt
@@ -0,0 +1,89 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            bf:bc:38:a0:02:6d:12:1f
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=nats://localhost:4443//emailAddress=derek@nats.io
+        Validity
+            Not Before: Oct 21 23:34:25 2015 GMT
+            Not After : Nov 20 23:34:25 2015 GMT
+        Subject: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=nats://localhost:4443//emailAddress=derek@nats.io
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c9:21:1f:b0:92:24:09:21:84:35:92:86:9c:88:
+                    c7:7b:1d:24:94:31:f6:e5:1e:0f:75:01:0a:bf:26:
+                    b3:47:3b:f7:2c:07:01:3f:58:54:ec:00:ef:7c:72:
+                    70:d9:dd:9a:00:4b:3d:5d:69:3a:ca:7f:7a:71:ce:
+                    88:38:5a:5c:5b:f8:a9:da:fa:db:4a:9c:d1:00:3c:
+                    ae:b4:c4:f3:d0:7a:6a:fc:98:1c:e9:bf:73:13:9e:
+                    84:8b:2b:84:9f:2e:9a:f6:6f:a6:15:5e:67:38:9d:
+                    5b:26:86:ed:fa:ba:ba:ac:67:c8:fe:46:b2:d0:b3:
+                    62:1a:75:f3:ef:13:fb:94:96:8b:52:ee:4f:65:58:
+                    73:0f:b9:31:ff:2f:ef:af:99:ab:54:7c:5e:cb:a3:
+                    a1:ec:ff:cb:78:96:8c:f3:eb:63:0e:dc:df:c1:69:
+                    e8:4b:0e:0b:b5:83:ab:f5:49:5e:41:c4:68:e3:58:
+                    a6:b0:a4:fa:c0:7e:3a:6d:9a:dc:b4:0f:ef:24:a4:
+                    dc:a1:d2:f4:31:0e:b1:7f:00:37:41:1f:77:c7:07:
+                    a2:9f:bf:07:2e:f7:55:7f:69:58:c2:30:ed:6e:d4:
+                    6e:27:79:35:59:44:92:0a:ce:9b:25:ff:1f:1e:00:
+                    2a:70:17:9a:22:d2:1b:b0:c8:63:33:83:91:2f:ca:
+                    e3:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B7:FA:28:75:23:46:9F:20:38:A7:77:55:24:F4:EC:FA:B2:66:A8:61
+            X509v3 Authority Key Identifier: 
+                keyid:B7:FA:28:75:23:46:9F:20:38:A7:77:55:24:F4:EC:FA:B2:66:A8:61
+                DirName:/C=US/ST=California/L=San Francisco/O=Apcera Inc/OU=NATS Testing/CN=nats://localhost:4443//emailAddress=derek@nats.io
+                serial:BF:BC:38:A0:02:6D:12:1F
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        70:63:bd:94:cf:6a:15:05:0a:29:7b:98:e0:40:32:69:90:90:
+        b6:31:02:35:7c:d2:50:01:ee:83:31:a7:db:b2:82:17:3d:46:
+        18:08:fb:e6:e0:b2:ba:30:b1:c7:48:85:3a:be:51:fb:4d:9d:
+        1b:0c:7f:eb:8b:6d:8a:6d:07:e0:40:d0:af:53:71:8a:86:13:
+        0c:9f:59:df:01:84:7f:8c:f3:0d:ed:c4:78:03:6a:79:d8:de:
+        3e:68:c7:7f:bb:fa:91:95:15:69:a3:41:51:6e:bf:d9:6a:42:
+        7c:a3:4c:62:91:23:d1:e2:b8:26:94:cf:95:01:ee:c0:3f:ec:
+        66:99:28:5a:dc:e8:72:89:9c:55:16:e4:69:68:cc:a3:4b:50:
+        c5:d5:77:a7:9c:e8:7f:d0:d1:91:67:a1:95:3d:43:ba:fb:6b:
+        9d:4f:80:35:5c:56:b9:71:ce:04:e0:67:89:89:7d:b2:25:08:
+        b4:89:44:44:c3:ff:f3:d2:25:9a:72:5f:c4:7b:50:b7:6a:cd:
+        20:02:10:61:c3:a9:0c:3c:62:9d:96:68:9b:45:92:83:ba:43:
+        48:c5:01:36:4c:fe:ca:e5:35:fd:43:72:57:2d:7d:13:74:94:
+        bb:08:66:be:92:65:85:1c:f0:8d:c3:06:23:e9:da:3f:2c:2e:
+        61:d8:dc:f8
+-----BEGIN CERTIFICATE-----
+MIIE3zCCA8egAwIBAgIJAL+8OKACbRIfMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j
+aXNjbzETMBEGA1UEChMKQXBjZXJhIEluYzEVMBMGA1UECxMMTkFUUyBUZXN0aW5n
+MR8wHQYDVQQDExZuYXRzOi8vbG9jYWxob3N0OjQ0NDMvMRwwGgYJKoZIhvcNAQkB
+Fg1kZXJla0BuYXRzLmlvMB4XDTE1MTAyMTIzMzQyNVoXDTE1MTEyMDIzMzQyNVow
+gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
+YW4gRnJhbmNpc2NvMRMwEQYDVQQKEwpBcGNlcmEgSW5jMRUwEwYDVQQLEwxOQVRT
+IFRlc3RpbmcxHzAdBgNVBAMTFm5hdHM6Ly9sb2NhbGhvc3Q6NDQ0My8xHDAaBgkq
+hkiG9w0BCQEWDWRlcmVrQG5hdHMuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDJIR+wkiQJIYQ1koaciMd7HSSUMfblHg91AQq/JrNHO/csBwE/WFTs
+AO98cnDZ3ZoASz1daTrKf3pxzog4Wlxb+Kna+ttKnNEAPK60xPPQemr8mBzpv3MT
+noSLK4SfLpr2b6YVXmc4nVsmhu36urqsZ8j+RrLQs2IadfPvE/uUlotS7k9lWHMP
+uTH/L++vmatUfF7Lo6Hs/8t4lozz62MO3N/BaehLDgu1g6v1SV5BxGjjWKawpPrA
+fjptmty0D+8kpNyh0vQxDrF/ADdBH3fHB6Kfvwcu91V/aVjCMO1u1G4neTVZRJIK
+zpsl/x8eACpwF5oi0huwyGMzg5EvyuPPAgMBAAGjggEOMIIBCjAdBgNVHQ4EFgQU
+t/oodSNGnyA4p3dVJPTs+rJmqGEwgdoGA1UdIwSB0jCBz4AUt/oodSNGnyA4p3dV
+JPTs+rJmqGGhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
+bmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKEwpBcGNlcmEgSW5j
+MRUwEwYDVQQLEwxOQVRTIFRlc3RpbmcxHzAdBgNVBAMTFm5hdHM6Ly9sb2NhbGhv
+c3Q6NDQ0My8xHDAaBgkqhkiG9w0BCQEWDWRlcmVrQG5hdHMuaW+CCQC/vDigAm0S
+HzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBwY72Uz2oVBQope5jg
+QDJpkJC2MQI1fNJQAe6DMafbsoIXPUYYCPvm4LK6MLHHSIU6vlH7TZ0bDH/ri22K
+bQfgQNCvU3GKhhMMn1nfAYR/jPMN7cR4A2p52N4+aMd/u/qRlRVpo0FRbr/ZakJ8
+o0xikSPR4rgmlM+VAe7AP+xmmSha3OhyiZxVFuRpaMyjS1DF1XennOh/0NGRZ6GV
+PUO6+2udT4A1XFa5cc4E4GeJiX2yJQi0iUREw//z0iWacl/Ee1C3as0gAhBhw6kM
+PGKdlmibRZKDukNIxQE2TP7K5TX9Q3JXLX0TdJS7CGa+kmWFHPCNwwYj6do/LC5h
+2Nz4
+-----END CERTIFICATE-----
--- a/test/configs/certs/localhost.key
+++ b/test/configs/certs/localhost.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAySEfsJIkCSGENZKGnIjHex0klDH25R4PdQEKvyazRzv3LAcB
+P1hU7ADvfHJw2d2aAEs9XWk6yn96cc6IOFpcW/ip2vrbSpzRADyutMTz0Hpq/Jgc
+6b9zE56EiyuEny6a9m+mFV5nOJ1bJobt+rq6rGfI/kay0LNiGnXz7xP7lJaLUu5P
+ZVhzD7kx/y/vr5mrVHxey6Oh7P/LeJaM8+tjDtzfwWnoSw4LtYOr9UleQcRo41im
+sKT6wH46bZrctA/vJKTcodL0MQ6xfwA3QR93xwein78HLvdVf2lYwjDtbtRuJ3k1
+WUSSCs6bJf8fHgAqcBeaItIbsMhjM4ORL8rjzwIDAQABAoIBAQDGbomnWOd4orqf
+aCqqsT+ttTjrhMgDkD7LvvVtVa82rnDT3S1b47gVB28/pmC0ca+IbrLiP/mi41ZY
+hd1bS7snehOKWkiUOlbxFu1+p3msy7pV73VHIH1Wc+Rsscisi/yS+eAv4O2Rq53M
+Sv7rieK2ScbBJ9svkGtPk+PQkjR5iLTThpQYSZGlMkBXhzBC8AhYzjx55fSAgW5R
+QkMSWzGsNiO6H2yszoSBAsGz9n0ntkI4njOPRAJTYOxLr8WsZksaaBNJxEmVKpOp
+f9xSpXTHadNPTdE2X6pbrcyXKv0lV1QNWAUCw/Gy/nnDasCxBfaQQF0L0iQkZXRf
+KRzZwjyBAoGBAPHCjlcthYCa4j1FABGptbNcj9mqK40tNGx7ySw70e2IipW1VimO
+570PdPMS7LobNqH3IOJl4aFW5YCNBArXwCYZ9Pk9Gq+l5uREBaOv85vK1+mbTeOW
+NHkFS/dlrvr2FkCyqmStAZ9U0v3rJ9mDIor/cL9Ahmu77HxwU2M5qobhAoGBANT5
+6ILkkb7nQ390MkqL94O4ZAnCNO4Kk+v9tenqBGVBHR293FXmXegGkHMYSWUF2C4r
+cjKDUcA2yTZ/Y2IWzGj2d1vR5ygB1KlBhX4vVIP/jKcDkQJiqnQIj8VqswqI8UNE
+8pkKrdDEoa4GjWw3hDtE4c/KD2EoD+pjAM99PrCvAoGAOy1ufjRsW2CORIUhUTGD
+gpYDuDoJUxNfo7ZhNeympEgp9B9hKecLHqIr9FwLijqjEt5VNFXP9xg4MVFTTfwl
+0q3D40Zrw9cOP43O+5RUQyxR0aLsW+smiQEc6UAApvmZ1NhnESGwJfozc2geZwXM
+bM2+IXJ/9NsZNhSgtMcm0MECgYAsVEwSGpM/ghFpkPz6yUFemF2yLksoFOmPIELi
+CkSZ8sCltSQMeSOorN0aJ773GQ1TJtXhL7YvZPfisQc1nnszicF0Si9sA12JUUsA
+5ccYpnNXPAXN0k2aU0HhnIDhu3lEQDCirDdbkeH5QAHluXR7ha3euzcSSO1vIuZD
+SdVnnwKBgEitmCzRIFb2PYTkJnjcaXuXXdZzVZtx0s2rNSKqQyRGK5lQ3tqVibHI
+ddtkUZayQfcc6f9ZFd8Qof83skgLYEjeYQCn2FTV/NfZ2I0scgG7PSZ0iQmFUt8h
+fzdtNAJ4ERhVJ8nJe4MLKgLGGkpNokq+mFSnC9BSVeIVbnx8QfQX
+-----END RSA PRIVATE KEY-----
--- a/test/configs/certs/nats.crt
+++ b/test/configs/certs/nats.crt
@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            c8:77:4b:d6:10:0a:9f:f3
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=apcera.me:4443/emailAddress=derek@nats.io
+        Validity
+            Not Before: Oct 21 12:44:12 2015 GMT
+            Not After : Oct 20 12:44:12 2016 GMT
+        Subject: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=apcera.me:4443/emailAddress=derek@nats.io
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:a1:e3:36:e3:e4:88:53:e8:b7:37:56:96:c9:a8:
+                    1d:0a:53:d2:b8:87:96:b3:aa:35:26:f2:e6:20:65:
+                    f2:6a:6f:31:e1:0d:44:82:fc:97:bc:3e:db:c9:25:
+                    68:ee:81:84:b9:88:49:bf:cc:46:46:68:8c:fa:0e:
+                    05:9a:3d:0f:cc:90:54:0a:58:ee:3e:85:fe:64:75:
+                    85:49:17:a1:ed:10:04:6d:34:22:1e:81:d0:ca:4c:
+                    ec:a4:1c:e6:fd:7d:a0:05:b4:3c:e3:5d:e8:32:8e:
+                    a6:04:a6:af:42:cd:09:15:39:12:9b:7c:32:9d:ce:
+                    3e:06:aa:bf:13:98:36:ff:b1:f7:aa:1d:f1:fe:ba:
+                    1d:c2:38:86:52:ce:7e:d3:86:44:8c:2f:65:e3:50:
+                    4a:67:22:e2:39:51:ab:30:0e:e3:a8:ce:c9:9a:d1:
+                    9f:4c:1c:25:49:da:fa:b7:a1:0f:8e:d6:c0:d6:6d:
+                    05:22:cc:58:06:fa:7c:4a:b0:b9:ab:d5:e6:0b:60:
+                    48:ed:cf:c8:46:ab:e1:fa:55:91:88:21:8d:e0:fc:
+                    21:21:26:3f:a5:9f:b5:95:40:59:27:03:84:3f:2c:
+                    61:b2:2b:5b:e0:75:5c:fb:70:eb:c3:d3:3a:3a:e8:
+                    2e:47:7e:3d:51:82:7a:b8:b4:8e:17:ff:e4:0d:fb:
+                    86:5f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier:
+                1E:A4:01:43:CF:10:7B:1A:A8:47:40:90:13:CE:5B:66:4C:B4:3B:69
+            X509v3 Authority Key Identifier:
+                keyid:1E:A4:01:43:CF:10:7B:1A:A8:47:40:90:13:CE:5B:66:4C:B4:3B:69
+                DirName:/C=US/ST=California/L=San Francisco/O=Apcera Inc/OU=NATS Testing/CN=apcera.me:4443/emailAddress=derek@nats.io
+                serial:C8:77:4B:D6:10:0A:9F:F3
+
+            X509v3 Basic Constraints:
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        8c:4c:4a:36:de:84:81:9e:fa:25:0c:50:d1:dd:96:33:34:f9:
+        7a:f2:40:ed:9b:14:af:86:1e:f0:32:bc:03:67:96:fe:34:16:
+        2e:92:9b:97:c1:76:93:04:d7:d6:e1:d0:75:66:a2:0e:2b:1a:
+        60:ac:df:e6:14:78:ef:32:3a:91:e8:19:4c:e5:25:5b:ee:3f:
+        77:5a:30:2e:f1:e2:0b:cb:33:80:af:ec:71:f4:c2:eb:4f:14:
+        5a:b4:c7:df:d9:86:7a:ef:23:fc:c2:fd:35:00:e0:77:4c:50:
+        d3:b7:f6:ca:4b:5b:19:26:6a:8e:53:66:6a:e5:fc:7f:46:54:
+        7f:78:ad:98:45:e4:66:9b:78:7b:e4:8e:da:13:50:2c:a1:6b:
+        03:6d:a7:36:b9:f8:10:ed:e4:23:02:d8:9f:0f:f7:fe:6e:c8:
+        75:58:8d:34:bf:45:52:58:8c:d0:86:09:e4:aa:6d:61:d8:8c:
+        d1:1d:fb:f1:4c:3d:d5:dc:9e:17:49:d8:2f:8c:b1:34:aa:81:
+        93:de:50:c0:f7:c7:17:83:7f:66:a0:d2:c5:8c:63:70:b6:34:
+        0b:0a:77:41:41:19:ca:92:8a:ed:02:e6:98:62:e6:66:8f:2f:
+        46:16:b6:71:b2:4a:76:15:ba:ce:a8:7a:a1:3a:44:d1:84:12:
+        b8:61:97:bf
+-----BEGIN CERTIFICATE-----
+MIIExzCCA6+gAwIBAgIJAMh3S9YQCp/zMA0GCSqGSIb3DQEBBQUAMIGdMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j
+aXNjbzETMBEGA1UEChMKQXBjZXJhIEluYzEVMBMGA1UECxMMTkFUUyBUZXN0aW5n
+MRcwFQYDVQQDEw5hcGNlcmEubWU6NDQ0MzEcMBoGCSqGSIb3DQEJARYNZGVyZWtA
+bmF0cy5pbzAeFw0xNTEwMjExMjQ0MTJaFw0xNjEwMjAxMjQ0MTJaMIGdMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j
+aXNjbzETMBEGA1UEChMKQXBjZXJhIEluYzEVMBMGA1UECxMMTkFUUyBUZXN0aW5n
+MRcwFQYDVQQDEw5hcGNlcmEubWU6NDQ0MzEcMBoGCSqGSIb3DQEJARYNZGVyZWtA
+bmF0cy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKHjNuPkiFPo
+tzdWlsmoHQpT0riHlrOqNSby5iBl8mpvMeENRIL8l7w+28klaO6BhLmISb/MRkZo
+jPoOBZo9D8yQVApY7j6F/mR1hUkXoe0QBG00Ih6B0MpM7KQc5v19oAW0PONd6DKO
+pgSmr0LNCRU5Ept8Mp3OPgaqvxOYNv+x96od8f66HcI4hlLOftOGRIwvZeNQSmci
+4jlRqzAO46jOyZrRn0wcJUna+rehD47WwNZtBSLMWAb6fEqwuavV5gtgSO3PyEar
+4fpVkYghjeD8ISEmP6WftZVAWScDhD8sYbIrW+B1XPtw68PTOjroLkd+PVGCeri0
+jhf/5A37hl8CAwEAAaOCAQYwggECMB0GA1UdDgQWBBQepAFDzxB7GqhHQJATzltm
+TLQ7aTCB0gYDVR0jBIHKMIHHgBQepAFDzxB7GqhHQJATzltmTLQ7aaGBo6SBoDCB
+nTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
+biBGcmFuY2lzY28xEzARBgNVBAoTCkFwY2VyYSBJbmMxFTATBgNVBAsTDE5BVFMg
+VGVzdGluZzEXMBUGA1UEAxMOYXBjZXJhLm1lOjQ0NDMxHDAaBgkqhkiG9w0BCQEW
+DWRlcmVrQG5hdHMuaW+CCQDId0vWEAqf8zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBBQUAA4IBAQCMTEo23oSBnvolDFDR3ZYzNPl68kDtmxSvhh7wMrwDZ5b+NBYu
+kpuXwXaTBNfW4dB1ZqIOKxpgrN/mFHjvMjqR6BlM5SVb7j93WjAu8eILyzOAr+xx
+9MLrTxRatMff2YZ67yP8wv01AOB3TFDTt/bKS1sZJmqOU2Zq5fx/RlR/eK2YReRm
+m3h75I7aE1AsoWsDbac2ufgQ7eQjAtifD/f+bsh1WI00v0VSWIzQhgnkqm1h2IzR
+HfvxTD3V3J4XSdgvjLE0qoGT3lDA98cXg39moNLFjGNwtjQLCndBQRnKkortAuaY
+YuZmjy9GFrZxskp2FbrOqHqhOkTRhBK4YZe/
+-----END CERTIFICATE-----
--- a/test/configs/certs/nats.key
+++ b/test/configs/certs/nats.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAoeM24+SIU+i3N1aWyagdClPSuIeWs6o1JvLmIGXyam8x4Q1E
+gvyXvD7bySVo7oGEuYhJv8xGRmiM+g4Fmj0PzJBUCljuPoX+ZHWFSReh7RAEbTQi
+HoHQykzspBzm/X2gBbQ8413oMo6mBKavQs0JFTkSm3wync4+Bqq/E5g2/7H3qh3x
+/rodwjiGUs5+04ZEjC9l41BKZyLiOVGrMA7jqM7JmtGfTBwlSdr6t6EPjtbA1m0F
+IsxYBvp8SrC5q9XmC2BI7c/IRqvh+lWRiCGN4PwhISY/pZ+1lUBZJwOEPyxhsitb
+4HVc+3Drw9M6OuguR349UYJ6uLSOF//kDfuGXwIDAQABAoIBABVtHzy2aJzCdk1q
+tnZmO8G8Km2l9Ho/Et3e1DqBg742jWF+Ag1cJTETGL/cpbC7j7eGpEwwWzTCbbZC
+2Nb7MfYfPCBKeO3piiv9qfBsok/gCNXzSnjDMcE0wTVPZfsy/1UB7/Uf3rWiT7LZ
+5ORwgr0+WoodvA1K2MbFHpkXUmAxFevx6reGmWYlx8UPbyS9PfONHt2SfG8wVmcJ
+n3qqw5Flywp8uDCTrd8L/yM54onq4RCZ/iSKLphLjOFgWzx2PnuRog4obNJtAlHC
+jTcrW1/QCgwU9J2uBfMvzQLWwgU6prlrh20k42UbWknqoozwdSW7N3vEawt3ri5Z
+c76wkGECgYEA0xj+AbZ6FyqA5lJbebSZs1KpBsgcJK5LI/XAvKnlLNnKXIi5uT2l
+SM37j9/G5BhnrOIUuc756WJrX5CTqkXHvc5eINO1sR4o1uTf3H44JKWXFBanzdvO
+DXI11a0810AbJEiXqz7e/ldEovVsBWJCMtv+F7j7TCNG4qlPMa7xhCcCgYEAxFKP
+mR2nHlvFJQYUkiGRpTYg82utNiQhifwGUjZK0kBeMXH10fL2K1KOx/OfrlTOQmyN
+OC/db88sFtsh0sD44SzkAUS0iP8FWlWYrm+ZLWc1xkOaOcDE294p+BgX3xxTLKWK
+dO9gKsG5MxscZ8yTvX67jRmfeiRAlVr8bPOKtwkCgYAWSH8XozGEHIJ6zZrGYCAR
+Y9pf0uPVo2hfJWPxBmYgs+S+m9gvC6jU5Jl3eIHANitLfpn9ezG6Rx9aeSJ9SNxq
+1svs3yxAxBQ/iu1ukwxOIgSupC2Wd2tq0/GG2sCfYC79R4RrGTnk00V1hj6e2t5u
+C/bofihYwyiKaKDpd7Qa5QKBgBt3dZG1fVkY+8cHR79+JNNZdFi6Gty1R1/3u6aq
+4+LwkH0YdYzvEhPTlBhTdGa+hLD0YPmYcMGg2YlFFUFYMDnIvwmSZDO6gjQ2P4tA
+H80jYHmhoaUs3B3qwjJspIJZgyV+75UWnHy+57tHsryu+YiMf47pI8/B3KtItIJF
+vIWJAoGAXoQbPCdxl//vVxvlnKl8TTlaW0GYJk+GAow6V3s/nMmMQKlFuurZpHcT
+cmYkpTbTOgVhhmgqr8Iw7qIRS95NzfjbsV6wzbFJZNI/pU5tJAtcFgsmaTA5Uxck
+BQZmojzJgiQ1cZT9BCKAeuwi5G/tKyJzA6Q1zSbSs8HrHV1BU98=
+-----END RSA PRIVATE KEY-----
--- a/test/configs/tls.conf
+++ b/test/configs/tls.conf
@@ -0,0 +1,16 @@
+
+# Simple TLS config file
+
+port: 4443
+net: localhost
+
+tls {
+  cert_file:  "./configs/certs/localhost.crt"
+  key_file:   "./configs/certs/localhost.key"
+}
+
+authorization {
+  user:     derek
+  password: boo
+  timeout:  1
+}
--- a/test/tls_test.go
+++ b/test/tls_test.go
@@ -0,0 +1,75 @@
+// Copyright 2015 Apcera Inc. All rights reserved.
+
+package test
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"testing"
+
+	"github.com/nats-io/nats"
+)
+
+func TestTLSConnection(t *testing.T) {
+	srv, opts := RunServerWithConfig("./configs/tls.conf")
+	defer srv.Shutdown()
+
+	endpoint := fmt.Sprintf("%s:%d", opts.Host, opts.Port)
+	nurl := fmt.Sprintf("nats://%s/", endpoint)
+	nc, err := nats.Connect(nurl)
+	if err == nil {
+		t.Fatalf("Expected error trying to connect to secure server")
+	}
+
+	// Do simple SecureConnect
+	nc, err = nats.SecureConnect(nurl)
+	if err == nil {
+		t.Fatalf("Expected error trying to connect to secure server with no auth")
+	}
+
+	// Add in the user/pass
+	purl := fmt.Sprintf("nats://%s:%s@%s/", opts.Username, opts.Password, endpoint)
+
+	nc, err = nats.SecureConnect(purl)
+	if err != nil {
+		t.Fatalf("Got an error on SecureConnect: %+v\n", err)
+	}
+	subj := "foo-tls"
+	sub, _ := nc.SubscribeSync(subj)
+
+	nc.Publish(subj, []byte("We are Secure!"))
+	nc.Flush()
+	nmsgs, _ := sub.QueuedMsgs()
+	if nmsgs != 1 {
+		t.Fatalf("Expected to receive a message over the TLS connection")
+	}
+	defer nc.Close()
+
+	// Now do more advanced checking
+
+	// Setup our own TLSConfig using Root from our self signed cert.
+	pool := x509.NewCertPool()
+	pool.AddCert(opts.TLSConfig.Certificates[0].Leaf)
+
+	config := &tls.Config{
+		ServerName: nurl,
+		RootCAs:    pool,
+		MinVersion: tls.VersionTLS12,
+	}
+
+	copts := nats.DefaultOptions
+	copts.Url = purl
+	copts.Secure = true
+	copts.TLSConfig = config
+
+	nc, err = copts.Connect()
+	if err != nil {
+		t.Fatalf("Got an error on Connect with Secure Options: %+v\n", err)
+	}
+	nc.Flush()
+	defer nc.Close()
+
+	//	nc.conn = tls.Client(nc.conn, &tls.Config{ServerName: nc.url.String()})
+
+}