From a0d40e9ec119f55b8656a869a18e785b41efab8a Mon Sep 17 00:00:00 2001 From: leefine02 Date: Thu, 25 Apr 2024 14:15:50 +0000 Subject: [PATCH] ab#55565 --- images/orchestrator-agent.png | Bin 0 -> 24789 bytes readme_source.md | 15 +++++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 images/orchestrator-agent.png diff --git a/images/orchestrator-agent.png b/images/orchestrator-agent.png new file mode 100644 index 0000000000000000000000000000000000000000..bdeaea4ca824b94458eb8db592e33835d4a67ba7 GIT binary patch literal 24789 zcmagFbySpX*EcL(A|MQ)^pMi1gmev^lF}*CqS7TGHIyhR(jddojifZ9h;)oJNDkdY zyyw7m-_P}Y-?!fHk6CNhxsKR-AHSW)J|eX=6p0D%6W+RYi&$An{^_k-n0mKvVF=*k z0$=o^46JY6V!Wj+FQe;)f%HGE8yOixq6W5(_h}X{c4mZ|wkMe}a~=mXrgNk}4u-xB zHsR&)V2t4bTSZyCKExE_$TEYFif!WH#Fo#b6d2l!N-FEY9r8=Q_Vg-Orqzsp5=%|B zV^2IMu>@nvzr`oT083*>+#*}O7j!jPg>#?r-ycb#ob=fL8uU{7ZB8GC{HK2pf`H=w zS>pPu2&1(2@-49Xf7V5R%z^gYBKw~?w4_ z`M>tgf-MMKQ~J*wJZug)t#lp%_F!cf2Y>t9pSJ88h)ScC^z%}>_vpXd1bG2d z7Tg}VZ>0!W<3dQ@#ql$aqFryQKJLn9#^Jf9tq^*LR&4N9*JW@@oM|Uyx#2$*?B^=o0Mp{ADv!%LrYcwz@DCs8X}SnboY!lL6RzT=YW!F@3G8Vd&#j+o7^NW zSPpbf;mR8h=~^R&q$978=KiC8rX4M{LC&4g4-s{T1Q&%QFA5M2n&Z9WHi%qt3U}m7 z9Wj#|N^X(i1Edg=J(zEShUPuvtS^>@KtM-&BK8?!lu!bE0uV1J=WihjnX%X-I~<}- zINeBB%i%rLr)m?_Z@-w)qcU60$~Wfz(yqkhH){^jn*^Us~#(*8k=bOa!v z2ql7JJ#j;A@&*D+3!D%_QZAq0xTmCa%F0N?id+4}RMai1 zCd4_NPIg-BH%lbTQn`M&e#Y$e&|yi~!2XHJWo*>}kQ!EexG;5_qX3g<+R z+8I`$P^t*bJeFOGF(T)}6MQ@G-%^w;Ao}cY1kRKGAW{AE&d53z#Cozb3CeBP(0nwU zMO@1T$GphLASt_>jMVL{zq(i~gBnQ5#=<~0ZeU0k z-n(@5G2Ge`3mFMxdP4q$+?FwIx6r2g23T3Z3!0_uQV^uKYIkx%H^srXc+slT*&;6T zKPWQ-RCWm5{?;3XJ_F6g5mjQN%lXs2zv-Dt({2uV2t@6;QL&Hh)JXFemWM`r9J)i#8qZYs0OJ8I%DT&5e`fG>O27!=T4%ro|$)RYPwa z1ZSQD!(-{hy6Q#)vGkVje2I&4JG>{#cEWE(8vO^Kj?)6F{7zfP;X` zeKSl4z|w##Lz6Z_0FWjc!)DEd36cYLu)=MH4_LfW2uHmPFoYO5KX@DCLu{~? z9YX#qpRtlDV-4&hPK z%aBnj^9b=%-P#{*A)|D28WQXo>EN*j$z7)y5{RCopP>q{TMa3!7&g^xyp&`NDQ#iP zTyEHaB$bgq@vbz&`aFghkF+y_JsoAvD73f>g})K0pak|GmCmZnarlcPgJUTeXzB4t z&$t%)vr*!%%W6@qG7jhN!9CN3)H{m*9{(YSuuhj>E|kc?Y%R@IzLaKq^*A?fe_b#$ zAfkZpSLY*%3<|xq3M+Mh_P#i2RtP8~I~dmIJBELeZGK>0ATRE(_|fZ2&&M223H@U9 zv7C~@s$qS`e^$F5ZUaOY?Y@hebZ(7jE};oMcj zc#5Y7k6?%B;bHxRqrpTUG!?~Z@?wY=sZa!^D)A7=Zu(e1WEJUye9C@NTc!79Ph(-- zQ~UwE@6FN>6+oO1Bx@{Zz4@4CKsw(aiMd{dU>j-Ixu!qV!E@EzOGR#mnEt)Q`Yt>(BJQJA$Zoo#-J@_;c}kz_v)&kiimR z>jyIH`XuE&64f*7R?n6@7$5L1Oish@4jj~L>*n`B1<^}OVbDtO=mC29pmO*B`6_?iR#EKw3BYW_s5bwghINsgp9#-Du z9L_tSzkn$Lbm~l2*Z-=yxA~a(!lqwv9O@J(dGUL#>(v3V*wU9Y7nNqUPmh(^G&8t| zzo>tFR`vXQ^YIMVfYepf`N?A3n%F@3m+nyaPx9i%xxjDHTJ-^(`~Dxm8D_2HkC^Go z+=`|iCDpa=j^u7Nu(_0t@A6at69sdr4@E753|!(>`I@U&me-5Ql9J5>o~Vzfjt$li zMQ|=m25^XWzqYxe&!o^p#<7nv0tt%kjXG&nkml=OX3)=7?_cpWp|tx z8;KI#&Sw!fE8ZSJ4ffnR@1m_mxO54iai?uWk^*vx2j?Sr4Dyfk3pDHKziIF$mGB6v zFqOXP-T-#f9A^0_YQG51Seq+j&JfYBQlij%mZg#g=n_RJdJ%e+a9BG}tG@kwjzTku zq?2CJu9fyg2V|IQev%Wvh=82UD|K^1!-z~;d|1YqUEFhXB7SXGSvzqn#fk?_N)WKh z=wjM^EBm(gu@HekncSH#{Usau&4#tL53AqwB|HeBDhA)M2 zY|4M3OUqdMaH9+?tmzz)Kl$32r1RijjE_!1RF>&e72gUqhs=al59E}L_8}l9R=w|! zrPP6SE=Wf}1I~!rd^{#wbtpVRy5c?nu|(;tq#Q!bTe2!rDSy^e;m7@t^k8uw%I%!} zU6pCt;VJDr-wrp%J%^iCgpdp1jC2__@!>_tzbw#*hVCgE1$j)ov62Vu9>OuiEfLui73ZM=jk4chPaZ79KX|19;0Boau9SEY%aw zQi0oU!76z8veL5#`E}S8vA(%JAIg1J=T|)zk`+fQ2kvi|wIf^SJHk=ao4-}S89`Z3 zt2%Y!Bh1MMyi68eJ@}8O(t~6HmfwQUY>4zpt}AI<8A|^TVuC@?2%D;gzxmKZPF_YW zn|Q457c?+nebzU(VO0?&OXDZ}TPz)bsFrRFo!A)Sjf3xf=3O=7XFs5wRjlGvL=WJ+ zvTeiwSRCF;+d@W#XQ4k^UKWv9_3(Nj>YCk;H)~;j(^xBbKVFIvIUm#}#V&J|DY%#P zZ}dcDaYr4jWCq@W!Yw<(Y%L`d)fZ9;zl*jT_g8HDGp~v5Xx_^l5(*Ee~ zfv~ALQL1jxN6QZ-8bC-ayQcs89#p`#{&>evAJ34VE|MSx(hfleCITGAxVX5LYmE7T zdA%%V%mSjj#g32T~gB-nN+ zPgzdk$5{HCDkT{{L8=p6?NAcFWS(cy5q8_Ta^lRlAHc!f^$@_`ACkfHVeRE}?KLaJ zez8jl~ZckA~uk+;a`wv9hzTUZn0?5ql6ha_&hK^)O49wqGz zNep%0o@oYV?Jjf)HR>XEh;s;Ak|fA9XUW#>08i-`$7%#bw^@d0LyMfManvd=Hu+j< zSZ#c8XOhJXLM4 zRqiz1Q1k!4C>Du0KZl{m=7cu)6pv51E2-X2&1R(6S*(`SqO$g~FZUo?%e%n8sd5~; zpdf&)feeYRoar1-K#Dl#KQbZ;w($=i0lulF=WYqwfpBB`Gr=i&j2?3s9&OLgz7sO5 z{^~j_Ir;UqT`AGoZSy^X|0|azbu*$IhLRTt!!p&ow|~^TE#mGo+CYuwLL}vIX6Nwy zcznSbEzBbWUQcyT=~b&0fK#i$KL~|=5^-C|vhd#T7si7`L1Egt3g6p9iEO7E+`sa! zlKU4i)Wh0^H#^2F*@1JDy@*C1TZQ~T$7UYE$z{Q4@< z|IOl4(~@~pmp~L^cIksEZ=qvEbP*eR^M=jJAH0Og_Z~e@a9N%ENXT_!bcBw{V41sl zusw;Sbq8WA!W_aMfJsm#WAl5kPn55U@svSS+gICteWWld*miH}`>U-#Ux$bv`31Xj z7SFwYhK50E01(pk9ecrZYXCb%0)1ebJYPgE`dS~?d|l+PUTon}&U)i^OCyJV-+ApT z|01DxAU|G5w19@UuLY#(ULAHX`^oFSw|{9_(kyWDPEK-<^l;x@4=3>UsCZ=lBDap( znGR9VKkod?FqGqXI{*n8wafJP(AG_t@U5+8CZ2usg-|kC5WsKz8amSRiz{e&79tY- za`2t=QYgWxb$9gFlo%wxrd@LJEm;YW_KVvH&R@Dtp^_6mRANiGWc6>Qfi)iuh(F@c zFKt+dcgiTHYna=X`y4vl6LK=_Av#l0*&%C(>!s(_dM}e}n&+YDG@+cci-j6vj1G*^ z#rVN<6$=Er-I4T5;m#Edgq7va954&Ki`)_@_fodm3!+ms`K+THLUzn|eKq4|X(CfJ z!Y&EQAK6%wdO+N!4F?N9Km6j)f0kR8hs|Kwk>GY6SWt3aYdH$?Kgd?zcvewhYeJ3=iJMD2PM4D#rSbyK z4(!+7D2p!bl#BYkgTdRKRTfeoe@I_GMgd-XbaHoyuSQNg&n>)4fit=tuUn7-6JHtU zerLR?lNfUNZ??0D*q7Q4pLOQ(ix@ympfFEBc|)w06AjEBAYXI{<8%H$kz}Rr+VKp- zrcUqoJFx1a0a-pOn}5i!QKK?609l+cR^|Lv9h)Mkg;bA5$cdVQ`;pzRk$Tm-u>ZGa zkG2^Vr81_g%hIucL`0cG#hqO5c*%6-&Uqh_tsK$KUdwn2@bHTTuBgOVUFSA%~&&m{v;UhmJ|7tV{@ zfmgo6&dpjjhr*)KlCIciM!L&5M_Ur$x?gvnxPi;)i$+OaroMSym8cToE2tUo#qtGkNwt@ie zj1yfZxD)a&70=hL8gU`+c-a0cyZ&IqDN$0`HZJC6W9-0^w(hdD^ky)S4E;f8@EGg* zIVyagFNEZ<)Y=io7ZH%563MRi(g*NYBF`pq02d{ng|15b+$#I{FM$8_ChVnwpOLbf4zF?9#_PkC>uzw`EKge6OT=5yJ8W?9_zO~(mg%5 z>ak>t4R~{4eQPSCE*@WEw;2huyW}R3&o_(f*9#`${l;J!!9CIVL1B5+H|(6ISmiFQ zGWox@1+mnR*nkt5VxH?_0`jN|kHTzM;vSs4b+2AFt_0!b60Q94=ABNM!hgQVkFrVT zF=oCU7U#q(*Bp@2h8kEQ!xfP<^RE$zcD%f|Y~2|9J*u~9bA-&g8(om{#cmRLmjjm= z;}tw0o+Q;tsgOB4wTqu;&LLXaXf$nrCy@PV8JjG06V~r@7q+9CCbN9GGTr~2iIb`Q z0sNC2!EqD5K=luQfW9*<48A+r0DE3-UD{m<$h}DRTq4el!nL}CX;1BQVa>I=RftCm zbr*@7_rVKsTz9`TQSc%7A)nap>Z4=;Gz~Wl;xIh08-QAbDcCt?%xag*J@LF+9^^Pm zty})%-8Ox(lZ&5`IaIM-hqsT>N)_)t`QYTe#W6aNd-s+qTuT@9_-(B*>h+nxqP#|C zZT{iR<qn>#IJbTy5~hf7i*WXD~6p+e7%W11*1wTNsV#Vh%RGmm5Ar zj{sN4^c#}TzvcOb+$ZDh8qmipL!E6y!G<0o`9<-7;NC*1>b$El^wtGe3UA4-E0WhI zC*L!Cd7Kl))2TPa*QT=cYM`{~{1wG(Dg5sp;kjM{-Hpcww=MIDy~t9N(^W#0SAep| z>iuh~*M0CS?Y)jA1|goyaHlhlkE1KKin}g;O==moi&5z@oyJEf32*eg00xq7P3$w! z4YQMEHi5+9snHEBnM#&*+iO1S_WdO*K8F($v5Xp^f z+pVn*KfO45{@s-I&F{f{VwzmTjq})2*H%y)2`S^3awp$kWSxX*duTv_!akG&EdIv2 zo;upWXft|nvb(wvMYPj;{Crer*8_P>V*Yifzj2{?@Ay`$ldjAt$*i|pR2CW#${WJy zinSKs4Yu=ox|ri2RP&RsRoC-EjE~D=7yR~l@IqK0?}mAs;=UVglVg2T$(Y;}@$-j< z41c*XaIl05-=gF=;Dq$Od0V^L^JKZ;wu+6zyicRQTJ5|k7H9lNV_AQpq^>Bwx>->$ zOBVN2FwLQP1`k|kBvMS*s>&+qu)`zLZ2M+^NPnM#a;DJ z+`+CA4@kh?eZ4>^e?vKK=VQ}tKY<4RS$=)&x{vD#&woZQh#l#rgUM3` z#h@h&Gf&3)SFexP#ma&PmLhGw zlz;I{-Q$XY`OptyCRx7MNS5Z95Cpsc4)|JHICrerO$W?LO<@csv&uhSjn}lk6o38Y zPs^9Xt*!h)LmtC~TD`!reKbHWo)F6AN(P!?|A>iXEc+m|xHs+-8YqpuW$K;%n5_`=flBX=2O*cgQryN2~B%0>8!zg>~jpUWv!I+dHRQOxuOc! zq5_GE@^4s1Zso>tE%`+kNnOx(g;3e(OO%*Wbv<(T8O{CP6UYbNul%Sva(c7}RE-*s zBmUH>U|%&E-m$Nf@M!8){|I6G!}4&eyIYEQJdW(1V1vL%K|guBqu;Z|PrxT$XYtIZ z3*TlUq`7XC2-L^QZM;7a(MieoAUlMv{-9r2n_H*A{df60z2jD@u3#d?^w#lJf@_Ps z8(pGg>_xdg=?vbd5@JZsj%ep;S$ibE)nJUx2k%nsciRl`*2RAG-Tto2V&Ikk;=ZbD z(}TUARWYfBi08tA^5UB`sNv@kbIFxbSD(MIk1=6R-e}Zhj5b?R2`R>d=6x5o=_MZ& z=@E>t=H3QgWp@o1&6qi%oHZ?Oe`&oyK{i*?6R=(qH9J^wMl+B!UA=bR_YOVT zA(C%Wjf%v#3B5Ktwt})xCN9oj$FpZTaG&Ip%)B(oKVVqALNVxm-|wc$&-52+znW`v zI5nqqZARPaXD^lan75eT_&Hl{&*V{#{**e8?ETOf2IcA;kjJi+zE;6XYPu=F$ufd4 z(TuVu4&&&G2AJ54Z9b0=I#!s^-WFx=6b_Jm{ikXLdcGp%9{Z^R6m(6GyMWK@zdz$! zFOaU4j^m|Y#==P$=zl7D-@AJrlG%{ZRVLyzqF5~KIzwx~>OKRsNAOOSQv(&Dr&>vh zL)M+l8RF+Wa1yi%>QLM%IqNDS*-Sfg6T8i~*QqLjVq((plaY0OZ53lzwxh;IPPQX^ zO>YA=nF+s}+Z_nhth(czx8bEdri>+|lQr4op*()W8=GjxBMk`Id8Kpttg> zc%PG&pUCp#FO^jY1=X9SwH$Y*H%|9>YnAG~98HS__Cw#jN-LvsN^|WRw#X$yI<=g| zyh_&#F|7&rb26TFlHk&CqC;XGjcV4|BOEi%!UdfieAD8Pd9~%a{yaw2t5%uN)b4v{ z)X@7A+JWnxnL^o_{Q6@0tK=x9`*?fhG1$J}G7%s2}U^ zNnImT?d5!EDra7Kw{v+M>U>h7X^qa+vaWtk!VNI&1~-N&D*ks=ZK)+DmHG5|RIXqQ zkvJub3BI0ER=Nw~%z?zaK4Kk0?S8mm&sSO=BP5g^Qxg;AYGPciGi#x9(R1JVy@e{O z3c(@AFl8p7B~?v)oKLj|0aEe^0YRli_p1*!~?Mqbi|>mGWKO!A5|WjhsjZm zh4^;IS#a_)KK!AWWCW3Sd1UPr-g>ts+0<|Vy!r_3q-@)GKPR>w@3oxPa?gM^diYwQ z+)cU93?=GY3^ONu4{ub8Hx{Q^3lVjnH+G_q%A#3h0W%U3`gRO54zuPB?AJ!w!#r?bP?8$_3*X6a^ zKKvFQ$ACypX-tNGmej!==v&4zyW`;2?%SAxzP`Tp^Hj_hd|~w#3s!|x8on6ap)@EZ zpSI50<}3se$0j_20J#b=;mexG5#_yYjCZ7~H6hvI5rMU=G-kJ1!GGQ(2%x;;zETqw2)IN1>z#}JtYdwXSSo!wNCw?EjKJA|LNHPCpRPx+X z8-}_^NI$v>ccUHQ622HZZn?xr9BL|UliL+@!IK)gg*+u?RPH8Tqj$!9+PX!7>oEep z1y~uC+Xjsj%vHafC6aR@+;yt%EYh!rNX)~0!$B$}l4IX(wrbD@=UUO#F0&c%U-GbV7IMsBGQoJ@~P=+5#^mCYwd{f!{ zFD6q$<+GM{?%a`zeH3nC>(s-kj zsabm2+n@0%fN&P={b|U=-$}YXWx>9zU~?r|ADs=y19LNJ3A+{=_(ijcU0V^(Mu8k# zAOxObypH0h>Nm{JPrfK&|9M>K!vOKb>uj5=btd~ls_%}PsK%0iOm+jXuD8a?#Rg^| z@4dqA;H$a5gkKpkeu&y;wG2T&@57p2sQ_#4#@$`CEtrIejy#;X6C2gS>w9#&q~r4z zY5j2v{`kE|ja6;>7dKvT^rXIxY9_I~;_|3*4?D_SsL-|kLi@|X&#HLW4#fz+WB=5q zqGY~nXQufE2rlXDRJZ!7R?dzO5w76zxX7JlRMEQB-)4nXbfus1=n4GXicrwbte8;_69{+fnA#(&+1}gOE6$4JjAH{YO$4 zkB+A0*U^hjXPIXU;RWLfU+sH8`FwT0AF;FZp`$V{|M`){WpJgJp1IU@Bx|Nr#$Q)( zGTpGL)$^pdeZ8f-z@Ta)I*BXhCc8M}S6VrT`Z8NRs|A~;6+8O-@$V5ZDDuepTpaeY zlkT!-Cbbp$psvqhPZ~8*@po}^bx_;~IUsq5-l6*}gyf7IPhpz=I(%}7b6<7@Zil70 z87LWsE|0;PNi#Z4QtX=0XgY?|&bX?-kJzrI6$cxaqM)+_67t-h%dL(D|MBUI7@S6o(K&jsM20Sp>yc~A&dnQ0^&u$sMaN#}I)|>f22l6YOYo;Jz=Nf`GF;D2T#t_*EE3@#Jaay=S_g>wmQbYjoMC&TrR1LBHpVpjhAv{;228=k`KSO(5-3D zsKbIxpJOy6o>{xb`ASwL3r@vf_@jPuJ@pDu{PuDKd~F2W$%f8cC#Z;LUO86mF6hvn zF^IMJ>f3zsc3k?g9!RmKe06voc2?2{H6|9$hTwVd-IO}K{|>38q> z%gL|vHJg}d9hqtw*HW(ZkZUS&J+}ssYf^U&t&dWGRc&aKI8^)zOwjOirf6LmVe(}#N)R9}lwM z1TI49>rOtSDTyKyT(=0K6I%osFbFu9rV9*CvQOOJ=Vs#=ZxAv^SUB5_I!Tf8b3_$I zRcg&;mBw@(g*!VccJ)qFSmO!EPv$_PKCOStI0~VzmN*l6v#K?$2HJe#{dpFsQBPTL ziw=i2^vYE_3u^k4Kob8Ni$Sr**0ElWP+wghx0=&Roy6E693>EvEi2~UBctW}bs+N$<7(7k@YG|mv)D)3 zj*3c?#nhUH>M1^kX?PMN?#uY@U=N>pdH?BJ=W5A5Ej)rFz0XYMe5)K$P2mOj(zyw3^@&u2f_7pffie_SBN{D5@gV6v@oZhiXBWSrh&99vy7w#--tO z+hy8LJhPaZ2@rq9!twK^=lTK1-2UT@i>pCHu%63rZW}j&kRuc|W+3@@f3l8MGUt-=s?B^t2F98Gp zgmQLWS(I^Q)6FPI8iO3kaM`d`i}PgDEqYHGcj!(F(U@Y8nUB8 zuh1Mq+PPfE~R~Y1oTaBgNy6nh%T<+9U1c#23pysi*!J?c5 zS4%m`Y_zAW!vkxhXD z0UDqOUQEG=z#}i!sct?@x2W<`0xHvVI+QTYx-FoUbsnw^&?e)Wuja(ui&1bH1 z^|)Fj8GmUNGtWHaW7$z4o6-j)l0byDE8o>Zq7m2p()57+llWpx73ddW@!r>;{ba_3 z+;~Muj78*`#I78Ri1e9jOKS7$jxa_446$VAK)xo@!_bph|3v4&>I}fCql;EE`$vLI zDY9g?$NMeF@fmBNZS3O4s~v6&j8L5ZCU>$g0CY8UeUkhLDmCMjz-gCM8KULTNg||y6!maa*ET3V?VKM@d`<=>l(T* z$6JRo1EGKTg&OcT{RA3Qc5ywMzeUp}n@W{8z0w;QFP@w{f^4KSUoR^fm*pOnXZ+T^ z6*+!C@l}H4!OKqK0cXB&&4V0~8{yRpaGMUC(5FJvY1kuf-?mxIxgepZN-rKlxGL^4 zmSQp3j*=ri0JZ=Lt_j8FdAN}j@7J2&H9Gx^(A1j`{ib$t6EPhgyFF$(ODj;2#U5UG z#v(qPx4=^*{3%m{>!JOt5t2(TTTX^+*V99jy_2rjgj|Vvd3>}pWVxLEY_Kk@QMflL z@g~gS^rt=%bCoIxT1gK$?P?`K`GkDkKSy@t_$yJDxqd^cf7!c%dZl!4OBJ;4qEfnE zEUh&&T3&B#z{6vO$#^;PI=EPV;s9E6Jo*#iMDP7`b}dd4x;b0XIeXbA7w>=0e%4KM z>Hj+iDEp%?O4#Agxx7d~v2rsKhoEsL|)oo4=*HH}et+d1D?`w<}haaCQf6_m6 zx_5bM(MK61)*n9I=BxHEv^?Bn^@OzB)a=WBc5MMowgkGX3XAgoIWn=K*=}FZ%ohve zAIH5eHkj^gw{T$w<>g3h2ug|v?AeHw8P4!vl895s0IgOYj-kl)x7XZ{&cEno#BH|C zri#&&Jlw!u%J-0QFe4Z~cA(loo~Kq*Ri{o~$NVLj{wvd~Cq~tVHf`;{o)>L$>oy{J zfR^OOmciLdP)U>3Gd_GLfAIa`f{d-My9j-{o0{NR{QK;yBRWmb*~Rg}eK9Z?Q9d}Z zRk<8L?Y)1oIrP-yCfv$Xa{Hla2irT_5s`cx8+eDYG^J8zt}7Y*YmV<-Ra-r${YkXtvy=s-oSJ1 z&VX~TxQ-2iVlCg(WnGu*;)A&}r9AZv@ZPvNPf=C5{0-MEFLZU6d0e3D!UW+B%ZthV zq$P%5G|G(ML>B;DpyL|y5mYrV{U@MTO(@rsbVnJ#X1quVHP_Kg>0~9ESqR)!phI4k zB~dbASel3Oy5_#vngQZvIz7g@sNvTaYTdI;>f0bk%9}D7NWcfQv43DsMjHEJfJn@j z=+<`ZQ{(N+Mqy*G?3^hh_dwU$3DLkC0p7*5@9Ov6R_w{8Pc9jQ&2r`=>k^5RSef6B z>#d&5k<0!Yn%YZ8RKANY6m4~f4eF{}(Gi;+B#kvgDa2Z`wBG5xBvKx(Q9MyH*Y=tv z`*&o$%=BZ`r{+TDsAjuKGH;-*;kBumFH#WQ8ryVvwy`&6?E1aMABFCJ+uI+IGN$5c zzUW~fql#(C9?JfGN)ObV-nWqJv1?`|3`nBXX1o@Ofd;PvCq%7!hSx%5o9)I}Nu}+N zBonHG!ix^76YSYJW`M6rw6P&H!<&bSCFvb zN^12iSLq*cvYC&)ebQjA;*SRRjU}3<hIbKA8Yn!w z-DOdsC%K=MSX$vU#mzvwD~{6+`xWG;kDC(Ewp6H7U^5EWOC;CHUX{Hak-uuwT6Da_ zJnj8@KOv&G1y%Z*rtFh&WeAXDc&`XeD30>f+0rbHSZJ_-op{(^%l%QqkFUdK` zZLo$}WrL0G2L_;@g*C9VrH`66n-dj@RJtl=5jX;%)XkpvOfP^|)7P#$YDt%#CqMYo zYpxCr$i%haNMYBtVhP7&;5Gs6+umu2X@|awW8E}IrF(BQR{9*SnjjM=FCSt(E6g%6IUJk5=7_~ihg=hfyAR*8OOQ-?~N z7HFh%dd~XS6`MBd(|a$GO;+0v&sBQw|24@hXx}$p)j@^x?GUuIDS~u7Vp5AYOAc)tO?2iWnHQI=^J7u1$d9GuJH!%VW1h#;?!S8++B_(mRI5uB~VSGq) z7Qb?-qbb4qkzJF%UHb|sU_E@jcszUc;dqweJs!OXYt>3dQd&Vqd>UKk2W8=_!C|YO zY+>WTz5`=io81qywmrXwUoG`YKR5hc4rENUPmQ&4EUmimYh7C}JiMtgQ_GZs%XXeb zV^!Fu8<9<%5ESr1b1XXsJk?$_zo$MMJ|btofMEVOlkS~pLAy?6!n*W&8SgSxlUd|h zjN?axnXj)`Z2CV5%AGtQiUs;mrN>G`BksSa>HhqYEce%s9Wu$NmOs=RX3l0}dri^z z{WZEZMfhI3N^zC7cqrhW2rYb(d-b;j?8$B4$JrH26+ZG*7dg}H+Z)+pDd*m5ia9H1 z8A@HHVvk=;1>SQ|#Z>jgmVW0GP%mm)w&rksoyt-cbypbZ?tdp|a_L+*J=UpNufCev za^WFOIqPi{X8PK!l#XD2_@ocZD=(VJg}Ggk+q#FO_gDH_!6K88OX?GfW-4>1pT8MI z_^Y{j6*sI+Yvr{^t>i1&Dk)9txIc+`x(q7^tfYI^7Mq94c3OmvHhJ$qbZgASzkO@r zv{bJsTsBfXAzvLvvir0fn2CZ>umbk7j=WP6DBG~PU}}0xd?TH7A)?Huse*kl+{Gk|iy?aObbhtp%b)kU7*Sn}}4Nw-1AFDLK1pNc634{C2 z@GWZ=X5LikndS6J8#bu_(ygKXP#jqd8IOdZj<;P!zwYYHHn4PBg@UXO)!f1S;^awe z-jVRf{vbU(>;XhzbM|aW{V7s7{$e{){35znY&(K>d#40z`UqiMonCh*v&3iX>x!uG z-C?VaZk>=S3H>}>XPO*`^=gbKfs$ zPPI=n^do0bp7Y;%$TlVpJi8o*>2aYX>tb_`I)5GA2bBUF520|N)v{LEYp$f#T{)r) zNH5k?*X1qBn$CPVUkpJxS^0|-<)vvqC0LZl`AyU)M=I}Ew@eWd5L~>S&??0)KuvYu zO+4h&XEZruF?X&WY_{=6uX+>v*lz0w4wT*e(ylulLrJo@3VLi8$kYR!lRejXaVyP3U?)*Z^&GCf5_fv7^CxfJ#YunPE zPwp17ZH4*zye`f-P-xy`u3v{{nbhp&9aW<3lZ@=jKTC&lpT6s8jLGVndipmY0!5CI zUyH22th5r6FXK-uN_;-<)6Rxf0;xWj!1-lUSQL~WX}nRSX((ryojx}DkQS9KahRB+ zq78j!r*0!)TH8+;c(Q-yMb#JG#|h?JROWtzo$A2Tpx0~Xe+vtE&FYc6ruokJan(6}dto?QPh>)s z>*E?qm{RtV@9{x9X?zs$6~ugkau;nfR&Lr7>AXSSTL>Om21-b>o?`cez(2-gp@ z-piRHZaI-@rOjh2X?!Qb(a8Vw0=O@*fI!G@Z1B%lahJn+D`HbziiT+~a*@@4Nb%)A>`)^I?;%e@9N1xxl9 z;m#*T1gKh*{U7B=3#5Ev$|-pu;S);Mo$kHA#>!*zfBB-<`!har7Y`k!{n3$R4ZJ+H zBNry75&D_GDC+hB3Vr--RUmI;=UgwgTqx1i!rZ&<74_bsN4j&k-?9vn#PPuL2X}br zVVk0Z4ocs+&(lald-R*&k?WW|CBi=KXHjVbd~HecHQTi6_*4oHM8K*dhp@uuizu0) zkv7h`Z1AmnhL|$xF7k;}HJFM$s*wtjc#b2APuoWtKG|(dU195CJ3N^}NX9dKsH`zv zs-+6|npAEF$JDn)4_DtKu6VrHz@i%CC*Bn6min-yLgTK!{h9N$PC&kai5rAm3f-H& z@@u10nUm88Hx&0F5ZcN)xTCfY)`r#DYwA{eZCJz}--jx6ZYBcuG(Cco@BBr<>wi)c zY-A@fHs~GMyStM4!H0`!3nlaO?g@*;^Im)vwNd2yfcM|dPWc1Gox;1@z{9pbRm{M# zL*W@D;cCQQZb~IU5?j~vkZv%cyQ-=A89Qb!OvPIoWYUi=hp@C|FFgM-mMvJE70mB* zJWD)C!Ct(x({TBaaJxd55MgcpaYjS_%2pGIw;b;3^~BO`OfHMM-G%54gv))w1)?$i zob}bgTy^$Cpa%JQjgi8VR$$WjZNwzkXyi8zcvCFY33;7%BGlOliCGr}1A;O{B<%>Hz$`yOv0Cy^eX zu`%8uU{T2t+@@>~Ju`YEw0GN8LI*a#f<0%4znzrk#~^ArJIh-(3FCp+OMfKImr5HU zTI}{g>5wRz!!k9}*TBPQ2HdaIK)zxW2}eh^Yk4jEzry@-t zbBix*`r%*n3!ca{;L+S@Rhqqs{Srq!vpLi+P<9Df2kD-jNU^UJk>xfGu$5EtKT7S5 zB##lEa-I4^TFD7#Y@(cIs$3x^Yl^|kBoCg>Tka$Qo70kgb*}BTHRxub`dXM3 ziIR36sThon9db*cSH7;x)VW|jPkTIaHLgkOLf58Uy+6m{<{h&pByLmYDz`@Y;G3lunqm}qND3Bc<@zt?^@=-lR-g(J7sY` zeW^?Uv2npks|)~dudVA% z2b!F^F1|F&MukOkZfBp(iX&ZWH?0Yi!mXLEU4sWuJh`Q>%M`8g`37$*DEtWX16zZy1FN4P;G z(cBGl@wmPyEjyXxVLrVIVP-2^IKl9N2n3v_tKDIlvm@mr!GTkjl-co!@$<>w6TlJZ+_- zJ$nDi4M{D2-owfl-88P%3KhZm5#ND;^~S&gp(>v#LO97Ygb$)8I&w{wXxT@{d7+Wl z2*|-gu^<(X(a4*bt=ZPV@?RMea)E*{XLzlGT2dP6>#{-}4bh$W-WXx%`Nh-tv;t_; zaljHrKy-w;byzSV5R7vAo3CYe#2D~$FdS5F0S}T6nc$ngCEpZxn9hgfC`?f$+z^nH zuV0N!tE{E9D?_R#@eRS{7BT?Am#Dwddu`1xxgx&brMk9K<<&VVnhP(DXs_=5pVF>7 zp6c)a7qarnDA}8Ygob2fuVlr&Wsl5U<09EIu91+;tXq=J&A7<8q+3EZ*SH}o8CMdr z{m#Aj^Zkv#e}BFo=bm$3XTQet^}O~=vW{YRW`Y?lvq`G@m~B+)-pvGC$u! z=BI%$>a8YZR#KyU*(p94=Bap)o6P(TbkPysdx1w%UD=MeYd9>oWpJ+xvE1~-jnAbh zpb?rFzoHHQzzH{>MoU=~O@eoO__pb!|6Briuj;2m@n<@^(uDqJJh9?R#wi9W&y(mc z=d3p-owfcGu4LdMa88mWd@;bx``&?`)<|Kc0yD%V(nsp@(oI)Q*4gU%t~OCw z#>HFbg=4wL?qN)Vx@cxFd5h*@KPr+d`juIYWR+JL9p9b0Y>fPP%lHf*n%jMtad@Pl zxnw_f{Bz-MZg~sw-F}FTWd`%`tMzz_t}v}QKJyZs{JiK1m2Of&@6y4sab@;u2)Yee zdnfFV5uaZgtyjLAn$qy-xiyIoE&(jM#qKNhKgN%2J6?!ygRUxN9=0yWpcz}y)^}|t zFexNsVhQ`#VA32Lkou8fdb(%n&2+a&x>_d9W zzlM7Yp*+O8wDktb6FEVR-Co+UcwQz8Lg=fhoGZ z-#*%eLwPpekmRUoudOs3;XP}Xm*FUo}(<-F&GOZuRBXT0U2oG=nh#U15 zVQqruKauRIk1)WS-yLdhxZe*Y{4_tj!vew43`3>|49hUX9us7%aOJV+76#;{U3e`M zdaxtV^Sf^_Sx9>x5GtGv7J2>kbm#(&&D@czCJg8)+tzoBa;RjY9^aX1v1ypBKYAT4 z9l_WD4`(z}S3#guXf=sU59?MP`%n?79a&o!?LMidHHSj_oJf(&X36$_+7|UGFU4zX z^2I$0yC&-J-~YiD&x%$Q-{l?g6UcC}G*7(s;X_VI_0PrHL!f$I%l!)P<2+pd$QY3n zjM*I2Bl>giO06?v+83n}eTf2oNkn5ssPqX(>`BqU%=Q$k&NiG0h03Hff?!;^g}%I} zWu4{F33bPZUYDwk@e^klV8pWQjYKu5u_W!I`s(zS_1yicw^`JQ2_8!BlSB@QxNMMv z8(IZOP%vWM>5?gBC`@BXBI^am$>_dy9vK%k7|sSerMH}#;3cNETGE zb_w>T4*mXS1ddFl(`3CBeW-k#@g>aWMf1V5Ud&NVgpY)!JToNFW8CL_sQUW%X49(I zmi9MKZ1wlzJ_eK>IBC92jAMlq(@dioE6&zOTj33J2o25s$^?@DiOZLJ)R9@kiEAD3 z^z^q@KyPq&Dm6b82i~E)6ud`M#gaq4Xy|zTjDmfC>IjM(906C&w5O+n+9{l$$BW43 z9LT{xMk!h_;`vXCXp5Y#HSsp$f?jmB9^~{xBjxb$fOo8WF}Ikr3mY0ze_pb)P|yu2 z=`kQD>71P&!X18(WXx)CK04U-ULF>sYn?Om<9)cmXRmrEwg;!a+EQR}b7|c!S!Ry2 z##pXb#sU$)k2y?cW4e>#;SuVkbPl44DWcD7f86xF8Evoq9-H@u^L2}6%pWNJQyjNM zX}@(}2)^E%eR(1nU%zp&%Z^g4Qn}}z!US?V+U+m7%?a<-aoe*)F>%K;DGFrm`f zsp(CS4XL{`s1($G&z-A^zp#9&141%iy#~cpm*PC)R1I(Eyqk$DcdWCLn0a&PqEHT* zzt8n$v@wfsJ0Y}|;ZaId;tw|~5t)_9^zmEeA*pVbE=95fo+uJ5bCc81a=(5muuRwG zJF)-(Z>}vs65?kMH1EtPqheb!hQ&l@n&P*Co5W9`9OO6HD;GAqWqc_f5X`Xg?{9|X zm$H2wt0SWF3S{%egNJsWaa^6>=$1n9zy&T~opgIvdVZ76GURa)zeNBUucv5F@7}yK z8?V1uru3Mw9YuH6VWu4s@mHb3x}`Dov{M0yW1umj?n0#FcrMh)?AY$fJM%ihz#yg2 zk$P9XxtA9e8-T6ceR1SX1$Z5`OcB#qJ^9W>0Q~|67;|~|p5+Lj$&=d4JQvgRcki=Z zF731YQcjIUqU}+wLMSQ9dnl$NO_|Waw)w%+%6TR}Lw|=BiJzoXS#1%PGH9n-Zr{cFWk<$7E^9BVLXZ&2!PU++i$x>M0Z5N62eYS>^4_ zZR2IT8B#bij%u~yeJ*&S<_!=|&R(r~VYZnYqmQ*c?ySLs z$xcmAIXb8rIGtBQ?|HlgW7Qb>vZ7%fAQIS1+q#k6YD9%BFncGx=Oh%Wnz^m&i$>OZ zC>9f^0sdUu0_b81#YC^;1H)BdRmYDKsuZbZOBk_F?q9N7lC}Sy=eJL>(ZW>Isbu-jL3p(_wq;2w<$2~gXkK2KU&5&9u!z8Uu51tDI+z;_-Y6BF zJTmzZiGOlKpJf*W=p+7V(*whK3CS2Jult<`gOkM8LhFTfS&?MR7s4$N2cRI3*y>ROJN zyV|Ec+&>>ah#w2m1qR;^ZL;=_SlGC@_wmEzl}gWV%O(PjqxY=7zrFcKgLit^r6!=} z%QFj&&-zROKkbq$46m&g1Xwhpb8CBEmRcu1IhX+9CU=byLjClusD@^b_=OwggrKKQ zJ#k}7cOOy&m8)v)h?q%GP(;F4hWWv> z_BB`p7-bO^PBKnR)lu6Ptayhy@4qW96NB;#AfQLh{eac}>&pufz4=6iwdX+BY;v50 zA|5(_Yk<#IwTX_w($)iby7kF>HPxi6p|E&)f%XgP-$Q5Q{cj2CatHlkx#u~vT6 zPw&$l#~l)d#JY|Yt~rwYmZzIP`fLF=mt<2_pRHYV3EqJab<4MDdW}O2dwyaK7gk%w zDEjs+MBIDbmE#hVqS?kNOg^BKl2ZdJYF+*^<6(k(JBRxxqY({O`#-{$5yiKt(hW?P z7NIKUx9#~k=ADyaVP<2fe0}oJqh~r^;6qLvE)^luS1Owfv=X^*?nKObgxpmSxaZr% zh_tPN&@01|z&S`M%HclHE_hbIHMkcQR-l!@t8Mf{a=rJqqcMhsQm=qQ_Ld#$P^?Xp`S2)Vle+I#}3TJ8h=Y@{?xvB*H!inGJTtijau{}@4TknYil4{1G>Ck)@B1&!Qown$oF zCqwOB*@hj+|ZuX3~|89Qd?Vnr91=S3` zIear=7;9u>F=e=wPsNwaszu^WJ7vU4^Qx0l_epH(ojU{k<4;UeHEJtyCk0+tu>7;3 zdSxaotN0DJXv_E>9dHbvoE@y2VB4tuI$_LLiXo#qzX!~JNxty<Q z0loHn2(S_vcX}pYn4vtQb|*cO*$3r1x>7{td8Z@5WMl!TmOhKQ1a^9_lX7aily0^s z5(iK1%MYard&6$kNiNQ>}&zD#`-xOJvynV{Lq-`f@>ho^raO!2auY86Lh>mbpms z=TcHqvK&2Y=;bp7Essltw>fXH|^_AE~SFyUUR5LZ5X zdBPL(NbB>Yob<(V=}(p-6dx~*48C=~%gpXY8E~J%n7JUICMr@y3=!q9a8~S15nU zpLg!d%ixj9NnX0j)lOdn6~EurK+TxYe5Tu`I(V03ccXjrcqiiOCXN?3b4S+yL;3>? z#F?%a8mw~KH+A8kKod&F$xz5+nr+U z;=iIQZ(iy4Nl93^r-RdheL_7nv&f;SE{)%~o;7>|Q`$^UJZ-z;>erDs4VmnHh;z67 z-n@zrgYx=&sr=|smbjsROM(b4$b>uVp})!f&bfnxYo(*)B>LQyC8k40IrwIFYHEhy z9d9H%>hxzqo2nc3a2WR_cZ>6*vgI~!iP1d3t)((+WjJ%AzVx;!&J#PlrUY%_{o+j1 z3(!W+4wID5j#CF$ueffgh|$3gqFNo6eVNAE_`^f+LgAm1HFN~)5+@TsDpo3rG42w& zX1nJ0D(>cyR_SyTCCwRzfHR$Wix7P8%I-V9&>fRJ|Bc6HwL7U_GXu;E4USthy2V~z zUwl?>xs|;-86=KUk2{njqDs-MkhWa_j<0qZ$RB%|SDJkOK=V?p7|M4Ri>zLVn|2uB z`G+F=3Zeck^O$>$VRuMbXiCWbP|Ga=sc&P3f#k4KU|$d_ZV^EQ&2T9A!5nYWV}z)& zFCGtuY1~Hla#3wBMgz>>u(_$&gn!ZyKyyINW+Q%C|H{96N8T#qX~X8IR4(<0y|-jg z_PLWxRGqKYW2mRCwg9bS_wq=YUQ1g?uEOIpdzMj|;`YzRoDWGTEGCE?x7Ws;&p#k! zk_He{C8>RP$DNyior35SuG~ZRA9B7XPSMgR-1eKst7%dtX2@Y^n{=q4krr8a4w-yI zKwjZM&f9lXhOUN#+zl#nVMO*iZ{eVTbrPT;14!|wz%R!w@qz9^ASrL;*t!vERlIIpIoTPc%o6CiU{rm!!MyMd`6tbUNGYz z-?_KS`84P;hiRRdv14F2zyJhi1*;9nA;e|ZeKUysxI~@HL=?tx8k8-O>uqM%5SdbY zNx(9m#dViN(B@Nqa`HZhSEDY~GFg@qq0i5V88_QxS%S*VBEi=)a(^5M-5MZvDmQ7q z#dlSPlmv~O$?Kb2}Mo{+(O%O zWB?nfG_h<+*AxUl?(l*q>I3H)xB#^xwLgQeH^ar4SNc-Agy-@82amiDsxBw7DN(1Y z2QCP*0kGC51p7LXA(_9zMY9)pL@OG+8MT0i%`fDEirv;7whkyrRdzU%eZrfC^ Q0U1u{Y8q%%s@X>T7fX${4gdfE literal 0 HcmV?d00001 diff --git a/readme_source.md b/readme_source.md index 12d5304..e5a01b4 100644 --- a/readme_source.md +++ b/readme_source.md @@ -36,7 +36,9 @@ Use cases supported: 2. Single certificate stores with private key in the file. 3. Single certificate stores with certificate chain and private key in the file. 4. Single certificate stores with private key in an external file. -5. Single certificate stores with certificate chain in the file and private key in an external file +5. Single certificate stores with certificate chain in the file and private key in an external file + +NOTE: PEM stores may only have one private key (internal or external) associated with the store, as only one certificate/chain/private key combination can be stored in a PEM store supported by RFPEM. @@ -76,7 +78,11 @@ Use cases supported: -While the Keyfactor Universal Orchestrator (UO) and RemoteFile Orchestrator Extension can be installed on either Windows or Linux, the Remote File Orchestrator Extension can also *manage* certificate stores residing on both Windows and Linux servers. When the RemoteFile Orchestrator Extension is installed on a Windows or Linux server and is used to manager *other* Windows or Linux servers hosting certificate stores, it is said to be acting as an *orchestrator*, managing certificate stores on one or more *other* orchestrated servers. When the Remote File Orchestrator Extension manages only certificate stores residing on the *same* server, it is said to be acting as an *agent*. When acting as an orchestrator, connectivity from the orchestrator server hosting the RemoteFile extension to the orchestrated server hosting the certificate store(s) being managed is achieved via either an SSH (for Linux and possibly Windows orchestrated servers) or WinRM (for Windows orchestrated servers) connection. When acting as an agent, SSH/WinRM may still be used, OR the certificate store can be configured to bypass these and operate directly on the server's file system. Please review the [Prerequisites and Security Considerations](#prerequisites-and-security-considerations) and [Certificate Stores and Discovery Jobs](#certificate-stores-and-discovery-jobs) sections for more information on proper configuration and setup for these different architectures. The supported configurations of Universal Orchestrator hosts and managed orchestrated servers are detailed below: +The Keyfactor Univeral Orchestrator (UO) and RemoteFile Extension can be installed on either Windows or Linux operating systems as well as manage certificates residing on servers of both operating systems. A UO service managing certificates on remote servers is considered to be acting as an Orchestrator, while a UO service managing local certificates on the same server running the service is considered an Agent. When acting as an Orchestrator, connectivity from the orchestrator server hosting the RemoteFile extension to the orchestrated server hosting the certificate store(s) being managed is achieved via either an SSH (for Linux and possibly Windows orchestrated servers) or WinRM (for Windows orchestrated servers) connection. When acting as an agent, SSH/WinRM may still be used, OR the certificate store can be configured to bypass these and instead directly access the orchestrator server's file system. + +(images/orchestrator-agent.png) + +Please review the [Prerequisites and Security Considerations](#prerequisites-and-security-considerations) and [Certificate Stores and Discovery Jobs](#certificate-stores-and-discovery-jobs) sections for more information on proper configuration and setup for these different architectures. The supported configurations of Universal Orchestrator hosts and managed orchestrated servers are detailed below: | | UO Installed on Windows | UO Installed on Linux | |-----|-----|------| @@ -456,10 +462,11 @@ For Linux orchestrated servers, "Client Machine" should be the DNS name or IP ad * dns-or-ip is the DNS name or IP address of the server * port is the port WinRM is running under, usually 5985 for http and 5986 for https. -If running as an agent (accessing stores on the server where the Universal Orchestrator Services is installed ONLY), Client Machine can be entered as stated above, OR you can bypass SSH/WinRM and access the local file system directly by adding "|LocalMachine" to the end of your value for Client Machine, for example "1.1.1.1|LocalMachine". In this instance the value to the left of the pipe (|) is ignored. It is important to make sure the values for Client Machine and Store Path together are unique for each certificate store created, as Keyfactor Command requires the Store Type you select, along with Client Machine, and Store Path together must be unique. To ensure this, it is good practice to put the full DNS or IP Address to the left of the | character when setting up a cerificate store that will accessed without a WinRM/SSH connection. +Example: https://myserver.mydomain.com:5986 - +If running as an agent (accessing stores on the server where the Universal Orchestrator Services is installed ONLY), Client Machine can be entered as stated above, OR you can bypass SSH/WinRM and access the local file system directly by adding "|LocalMachine" to the end of your value for Client Machine, for example "1.1.1.1|LocalMachine". In this instance the value to the left of the pipe (|) is ignored. It is important to make sure the values for Client Machine and Store Path together are unique for each certificate store created, as Keyfactor Command requires the Store Type you select, along with Client Machine, and Store Path together must be unique. To ensure this, it is good practice to put the full DNS or IP Address to the left of the | character when setting up a cerificate store that will accessed without a WinRM/SSH connection. +
Store Path (certificate stores only)