anscheinend hat die TLS-Police ihre heiligen Schlüssel rumliegen lassen... this is bad...
tls-gen.sh
#!/bin/sh
etd() {
 echo >&2 "$@"
}
Die() {
 e=$?
 trap - EXIT
 rm -rf $TMPD
 exit ${1:-$e}
}; trap Die INT HUP EXIT
panic() {
 etd
 etd "$@"
 Die 1
}
confirm() {(
 etd -n "$@ [y/n] "
 read -n1 REPLY
 etd
 case "$REPLY" in
 y|Y) :
 ;;
 *) Die 1
 ;;
 esac
)}
panic "this is a showcase!"
Die 1

TMPD=$(umask 077; mktemp -d)
etd " creating +$TMPD"

# old government:
 Rkey=$SOURCE/globalentity.key
 Rcrt=$SOURCE/rootcert.crt
# new police:
 key=$TARGET/police.key
 pem=$TARGET/police.pem
 crt=$TARGET/police.crt

if [ ! -f "$Rkey" ]; then
 etd ' [no old root authority found]'
 etd ' please do: (choose a long secret... this the main authority!)'
 etd '   # +check the access rights.'
 etd ' $ openssl genrsa-aes256 -out '"$Rkey 4096"
 etd ' $ openssl req -x509 -new -nodes -key '"$Rkey -sha256\\"
 etd '   -days 3652 -out '"$Rcrt -subj\\"
 etd "   '/CN=No Authority/C=FR/L=Nulle/O=NoOrg'"
 etd
 etd '   # to familiarise systems to CAs, do something like this:'
 etd ' root@$ cp '"$Rkey /usr/local/share/ca-certificates"
 etd ' root@$ update-ca-certificates'
fi

etd " [TLS creation]"
if [ -e $pem ]; then
 confirm 'Overwrite [key|crt|pem]?' ||Die 0
fi

openssl req -new -nodes -out $TMPD/pem.proto -newkey rsa:2048\
 -keyout $TMPD/key -subj '/CN=Portpolice 443/C=FR/L=Nulle/O=NoOrg'
rm -f $TMPD/pem.proto

 cat >$TMPD/3ext <<%EOF #san properties
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints=CA:FALSE
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
subjectAltName=@alt_names
issuerAltName=issuer:copy

[alt_names]
DNS.1=nighqraft.de
%EOF

openssl x509 -req -in $TMPD/pem.proto -CA $Rcrt -CAkey $Rkey -CAcreateserial\
 -out $TMPD/crt -days 730 -sha256 -extfile $TMPD/3ext

A=$(openssl x509 -noout -modulus -inform PEM -in $TMPD/crt |md5sum)
B=$(openssl rsa -noout -modulus -inform PEM -in $TMPD/key.proto |md5sum)
 #intermediate chain
C=$(openssl crl2pkcs7 -nocrl -certfile $TMPD/crt |openssl pkcs7 -print_certs -noout)
 #dates
D=$(openssl x509 -noout -in $TMPD/crt -dates)
if ! echo "$A" | grep -q "^$B\$"; then
 panic "openssl: Certificate Error (MD5'ves do not match!)"
fi
etd "$D"
etd "$C"
if ! openssl verify -CAfile $Rcrt $TMPD/crt >&2; then
 panic "openssl: Certificate Error (Verification on authority failed!)"
fi
sed -i 's/\(BEGIN\|END\) PRIV/\1 RSA PRIV/' $TMPD/key.proto
cat $TMPD/key >$key
cat $TMPD/crt >$crt
cat $TMPD/key $TMPD/crt $Rcrt >$pem

etd " [police instantiated]"
etd

Die



And it seems they also forgot the private keys... what morons!
police:pem
-----BEGIN RSA PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLhusI72JBs5jQ
4Ur6+HNloVLLlKEOX18sBRjECEnyMa1isvqRwHJ8N1HRxJwCIFZn5aAUmdGeWx8p
Iip17GZIC8at8EqB5KS6wWfyOogDyn2VXDPH9ThE19u5HXaBMigeZpNx9Jk69vOP
KL5R9XEJYb8knhco8oT8RSCx9ausfpu2hxJ4y3tvlsau9VJAXjZjZHJ+NhEGeVTo
yPE5El1/Gyxc8OwLlALlD6VGrhQQyqqyaAax549POc40GKpJMCZdVQuZHlVbchLB
h19lNOEttbIkectBYNM2IvsfPtMzx+ZAn12RrpOXEMa0ix7ILamvVZJRb263bA0k
Yzf2OYsXAgMBAAECggEATVsJSAscMFaflXybsAnwakdHncLu9/R9ytBhGlkAKgKB
oQrfu7gGi3nHKlBs7031KWYYUtwn1OVTUaH/u3RPZ8C6EfBLkVUi2yyZYnKmsbIr
yzIRKEXmzhuxEonFOdOjdfKMxfoupz+nUNkuhR4hiWxSZwuDR/ftXai0hY8XYebL
ekm5/stN+5xxhdyhbDNqYQZz3ilCXsmUWbPG068xYGXXeUszPXggMPWqXnqae6RR
U7fsTneYb3Gp/3vwIYfwDmHUg7WCj+XXDOOXZQzOjXM/nJTfaeLnACPXGM0jE9Ku
Kge3G+Og76I75maTXd2CGpzZB2F3y7r2Zt9Ju+M6CQKBgQDvIEBhlkeKZEUP8K9a
gxHasfbLKm3Aa9Wju3wJC3h8YboeucMY8ggD/RpfoSrUZuGZFZKmBIEvZM2Z6hDT
jNQib1laYAkfAakcEyvpySWu5u8ELFDoQnCEwMuOraAgKhVuhU5Pf4GFBUd/o7Ku
cS0OiUNt/iQL3ylD7UA57729xQKBgQDZ45Spqivq+JwkNw/n148INIS3nFRULhxJ
KqsIRQ3O0z70QteHrWI2FanH9m1RLISOWWP8miledLbn/PikeXPqIUoHGxKUGNkk
Cb9ngJ3Z1jMLP7diDtWoh3ZTSdVq5BBSNjxVkzOIkeXFeK77bgZpwRXllvdTSwK5
vUKULS2vKwKBgQCXBTlj6HM6NeVgEdPNSCYIhoik+yDhe7krdQb692GavGW9bfiH
UqQ5UKpNZw4Tov4rnnJFo2arNfCbmjYSRUjcjpJR/4EDMhtJfdooBj9kXLjrW8ml
RgCl9tUYQRN1/N4YNNymXJLCHflv5US94wBfw9TwLKc7UC9RlQ8RCBY/OQKBgQCB
lstaRW2taINlPqJlH11gYev1UDMPhgUotwnV90wJELbGi+KoPUTGKgg6d6P4vWNx
TlUbbYzhMsV+IIS5PcrlGztuEnnwPv8WYf3Gz0YSw0TEkfa9iVklzLthOe6GjnHu
k3c65jumJC/mTKq1u3BxAXfGfw1GKrzKP3gTrPMY1QKBgFOs7dG2FS6Y7DpPQqRR
RNGdYnYBSv2Dy/0HyK8UtRt4PXCSitIANHo0+o6bAgVYn5UTAlGr/xTJM4B+Xl8E
/WjtaCmg2ysdSzE9kdA4Hj0cWkS/ICfNCDQz72bB6jRy5a3NalD/yaB6lWC5+LXf
fxDZY++4V3z6RslKNLYyVsrc
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIEljCCAn6gAwIBAgIUZG0Nb8542v0TiPyFwYto0RLSM8swDQYJKoZIhvcNAQEL
BQAwRDEVMBMGA1UEAwwMTm8gQXV0aG9yaXR5MQswCQYDVQQGEwJGUjEOMAwGA1UE
BwwFTnVsbGUxDjAMBgNVBAoMBU5vT3JnMB4XDTIzMTIwNjIwMTM1MVoXDTI1MTIw
NTIwMTM1MVowRjEXMBUGA1UEAwwOUG9ydHBvbGljZSA0NDMxCzAJBgNVBAYTAkZS
MQ4wDAYDVQQHDAVOdWxsZTEOMAwGA1UECgwFTm9PcmcwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDLhusI72JBs5jQ4Ur6+HNloVLLlKEOX18sBRjECEny
Ma1isvqRwHJ8N1HRxJwCIFZn5aAUmdGeWx8pIip17GZIC8at8EqB5KS6wWfyOogD
yn2VXDPH9ThE19u5HXaBMigeZpNx9Jk69vOPKL5R9XEJYb8knhco8oT8RSCx9aus
fpu2hxJ4y3tvlsau9VJAXjZjZHJ+NhEGeVToyPE5El1/Gyxc8OwLlALlD6VGrhQQ
yqqyaAax549POc40GKpJMCZdVQuZHlVbchLBh19lNOEttbIkectBYNM2IvsfPtMz
x+ZAn12RrpOXEMa0ix7ILamvVZJRb263bA0kYzf2OYsXAgMBAAGjfjB8MB0GA1Ud
DgQWBBSnWYb/FqoFl8jtEOj2l4o2xbXtlzAfBgNVHSMEGDAWgBQ1B+9sEZkY8vY9
lMeDV29ry7x/GzAJBgNVHRMEAjAAMAsGA1UdDwQEAwID+DAXBgNVHREEEDAOggxu
aWdocXJhZnQuZGUwCQYDVR0SBAIwADANBgkqhkiG9w0BAQsFAAOCAgEAGyyo+L34
xosi91s+eMEyDM46oXO3iuRXyR+OVg8XC4X7dbxOg5PVBxfPob7x16ekIO+03+lZ
DTT/Lxp6+Rd24GjNtHLE1npKaTVLjnuHKA1oUrVL0tRyqO1GHuF287KInDrq0A8A
xAWdZ9tZL+f4qTBgv8eVvx1ecj89z1TBJpHQI/VCNP/lAuuNegypEI9tLcC31wFO
f30Tj87MqdbFskrR8w8Oi1XGyXKNA5OXumRMam/J8vl7kNsICUM5KxNJVnkW9Agp
Kk3BkziCPtLnpZ9EPT+gU5Y+OCymu42jvL7kGM3UhWtkCeV5fJa3T/3ofZp8CQIM
Y/JgDY2wY2/fqplcIhhAWjaZ3X6Yq69TmP8beVg0qNWmKg9fETmksa9keaXxsQhC
5NG35RGcFoZ5JwZg6ilVykofnEc5HLyNiM5Nr/eiR3u5A5dpx3L7so22GjRfN9MK
n8/qS9/5sBPoFMRbOzBmxCZfmhuQfIh+U1CtQ6obdVBXK6dcl7dXdadrzYhHLnQT
nGeHMi7bBudHXtxFkl4zi0aD9T0wPTO61prr2MzkTtTvc6M2LFBGgk2AOfYl6lya
l8hLFXGD5uLdh16xQCTzLYwID+8rlmkgtl6azuDou08x41tJxWdBxXdJKH8Chvk4
iMdowqnstOJgzbHjSKcAgESrymXZ3l2z6WM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFaTCCA1GgAwIBAgIUAT+TEsMuUCyaVmfUUPH8qfFwPsowDQYJKoZIhvcNAQEL
BQAwRDEVMBMGA1UEAwwMTm8gQXV0aG9yaXR5MQswCQYDVQQGEwJGUjEOMAwGA1UE
BwwFTnVsbGUxDjAMBgNVBAoMBU5vT3JnMB4XDTIzMTIwNjE4MTkyNloXDTMzMTIw
NTE4MTkyNlowRDEVMBMGA1UEAwwMTm8gQXV0aG9yaXR5MQswCQYDVQQGEwJGUjEO
MAwGA1UEBwwFTnVsbGUxDjAMBgNVBAoMBU5vT3JnMIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEAsyOMLV3OPFj5EA9L4fkE7UoM/FCIf77vl9J3s2FJ0hoe
cDqHiaI7ede32wQ2qchxLa7F4Ug94JAUwfWRhZGWBuSzBdWmMMkoO2rjg3GffGY9
EUOCZoudYWXDnC3lTJ6ZMk7ArvtZ/ZVP/QzjOnFnXybBQkWSgJlki1IxMuUjYogS
jJL9rzJak6mcHglPCJdcLxYDGF4UJUtWmnwbZ3c7v8qURT0QA3F3GFhzEP7kT291
/GDZ8Ndh0rM9eUcaUPyqIINUo0sd2b+MeRlBd1hQrEUtOLplqNINnEUJ2R9sbS0U
RzVqg6KMGAVKlWVFtFXMdWpsKnTvbTGxtJj/Hg2bwFk/WlqYTurmXQWxdbn2pu+x
bfRlkxDXQB2yczlxkV//ZU6b+2eV4eRVDV0v3YL7MMugsHql3F/VizcZoFjtXCke
ZO4f3i2vv8vjG5Y/vboDj43gYcQQnf//2c8CgV9LcVczGml0LNph7i5sAWuSRHG4
SuF93eZapFeERegZo5P1nDQe1EGZ9wzYInabDf2D60Z4e+Hp6t+QggX5QGoa8+EF
m5PRAkjGDW3599bOCaZXchdIpBtktdtAUIQXP7qGUy51S/ibEPtPxo9k0wKnyfnn
jzUQ2HpTNEfFGm1wVfAYP7nLnSTBnG8cna/nKVv5aNLdweaVpmdDPjIbMXumV2kC
AwEAAaNTMFEwHQYDVR0OBBYEFDUH72wRmRjy9j2Ux4NXb2vLvH8bMB8GA1UdIwQY
MBaAFDUH72wRmRjy9j2Ux4NXb2vLvH8bMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggIBABxNKAeW0XoVg3fF14P9p1Pgx8XagiK3zmheXGqltUuID778
1w0IaR3YOJ/lJTy5f8pClC5L4L38Xzk2PlPyMzGjqzw3xkodIV/Kxq8kRbGq0EI9
c1GkKuYzUtlMr8CzaBd90ulBxKPPCoSUPqBE85zW4YyDbduuDhcDuOuxEmfH6W7v
Fz0tEynHsmMakz2He5cHiD7B6s1Qx4ZCmARJOVUP6lwf4C8NzB/HuCJufgqyKhVo
DNiKxkP49YWVT0JyGFtbXWeNHBirMlRy3GvQfeEdzrlZHboBphowj7QnxJgqDf0m
UuBD2NgdyC7LUwwC76j8Jw6VJdc2B91K8zvRtHReRCB36BD+z04umS/pir3eEab4
YlJ0K4UjrtGl2fHF3SIycsufmZGKCKZaFpFnYrrH2HzSQ7cR/7xrfO9vxBA7OMP2
bnkYdwEpKdaZpPR5+D03RCVmOQY/7Kh0+obMLruKszKrJ62F85sGNs9eKP3LzNWc
JOCeJ00mArHpgVElR8GcpHDl8PCCDjhsU3rhXTOirrFC4TATSF9tmTz5u83gerTk
Nu3y5nkwzv37kwNnsRVAPAxn1hoYbri0OOiR4IcRtqdAVTdLON8719lkb5Xl8ayx
FAoeenbTGRYNCMdaOM5azdK6JuYwgnB0lDFPIZLyGB39MK2jXDFnPtCn6+Rg
-----END CERTIFICATE-----
authority:global key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,5E75AD367AEAE3E643716C3AC4ABCAA4

gU91CoIwD7uFffV1aCGc0BWLxUAHPHmkIs/gV+ZRbMB+4ASbbeGa0Hqlk3ealIGS
WabaL4hthkeQNZ7/L+4jCOCmuV0VBBdG+RlkiC65opzhqrIgm5sffuoebwxRyu5P
hvcIWlwu1+eRGz4FsUGOZt/+mdGrkaFvI+pQR6p3zjwhAPJTANSYftSENrbE//iL
FM1j2PJtD/y4Ya3PG56Is/RgGz9ZOKb0qq/t8KArYKELi95g9peflxTe6zNpOyU9
CPPEl5soTNFjUI3UCfelPzBLh9IzriUelpV4lEvV7OeRREKERTmazAF0jQc3GMhR
XpmgCuwQPYEBCTDxlHmDUkQWvq+jHzP935RYnGHXDiNF2xfWo/uHu+c1dFFNtVkh
Cs1hWKbuh3/7dpk6Dxl42Ges9TbApVTWN7ddKr0NX66mN0Nj/t7sRVK2DO6bDbpe
3+ehhFglXiGDvDHDcDstoS/hOcYsS6UN6KQZtbKUHOUZ6wlDrOl4e6sq/WisYWZk
9ZV8O4E16/NAEzAK+U81pq08HFAHC0I9G4S3tXOtMwqU/dMF/yVAebnk770FQuxi
VtxtQFald94aTEvHlR9hhodocb/CcdvikFGyrNJayzXNxN5P946oY/3lvPHji0EY
Zt1xvHJ+7OH9/m+SQ463nN02a6wz9h/oeGS95pVspUipGBnZv3sKLXWRHZIQ891F
CYjTr9I7S5NONzB1t2sfiw0MmJHVXBH5OGuP4d6JmgjIZ7mDfU/YdjBUhG6BNYzj
rcZ/uLgHgxsOfbz2qUPo0w8aMhfUsUS2bVqxQuONsFSIpjVmzRsgUqoSkHe9LIAX
Wm7JuRsgZa+qG0cI+a37qsw+U5dBNTxEHMnBpXvgKJ+hT4AgjId4J4zqFqcxHaCO
9xvwg1MT0xQ7DtVbO6BM97oQtiYJg2fX0Y2oQCWWqudfie5BcpaWsiV2rvSo+dQx
5xCYAHGb3H7jB7MFjo8zUmfNHVjY4WhlSpzufbZIssdLX+S410agcI+KoXfZeeq1
TSCXF9HjylpZJ+mFaf2435f1wB4lZ9z8EnyWr0zuZndBmBGPUmWReqb5QXPZ7iGP
NxAEf22fJQw4xn51xRUu8OeNviLZALZQaNFQmjppNmkKM+huV1VPwkMQ7Whp7V30
Kn/ZWqBJbdS+rpz7VYDYsb3iRY44UFwZReJSOg7EQZTHxcE+lj7Oc3roaMxIP2oa
MVC0VP+KUxXTnH/6weIl1o8psIFu2Ofnh8Hmh6SwiNKIi6TR1M4+YqRIfqYBqWDK
wdgi77Nh/lwfPHSQAvfbFzm67u3tqo3PqY2s3IetOHW00g2JqzbAazpLNjZddD2i
3M06wHCxamRO4UNj15wJrFoJ3VqM87rLqYd81gcrNIhuXnDQuS+aG/xssLYpnJRz
enSQbOWv0hxmJOSrYT8cw1EH8/ZgSUszOOFOmWoApuJOxh377M6vjZyM0CmbD64d
n4ExxWbOwyK3/sRCtfh/QuQ2jQrWesizegmNUft1apQ2flylKMsyz40izauorABQ
AYmcUGV0gWGtmIrFnlX0E80Egx8uGYs7eotglCVFUUeff53V7vnfQGJKYcAy5qNQ
K6jAju/pXUdobbbbu/pQatgbPqHS3iB8BcBsVTQJXPvzR462xPmyozCcBgcFGBkZ
jZ+uKGkFww2MkJUpYw/VHjhryh3/ZHJDm5w7d/Jw4HkqgP2Z27l4mxWYIrCS4O/M
9F0hH1e1Y7oX4Fuo8dM/Mx1gu6sWRUNz2cNFbKFF2auVbwfM60MkGNz6ax//WmGR
/SdcPY9TLuFzK1Xd/opBjMUTA2+WQ1ipZKNKKBg17rgUj89Xkau4Cv7cc65YiGTd
BpSPLy+yx8ve9RUBu1tr1zcJXRYXa19xnLrWJPJmvJJ8MLsOPW73jyFptM27Cy8e
LgEn0PviSFN8Cm8jWZ8kgAOfsdA891i2Y7t50HOe743gcwgONY8RTQ1RwoHOuOWG
RHlSFk3F6FSJnYGVfTs1vBEfm66Y6D8nV4rt9A873ptcIJZo9cywFnDedx2q5zEb
Bxj+vNEaW2WI13qQ7+krMIlDlbqJ6jSogRv+M5ezY7kAWicBq15qug52TclF0oHv
5+xQobcZ+f7mpJ+uM4j0sGFY9/ydh58Q+rCYIzqVKmXHI7rHrgY3I6LOrdc0P3ce
HmA+hm5hpNswLfUYsI+Zhu56fj92xMnGkCBMQKO5VlbRU4gKBcRJbfaMDCMiJ1YD
8SK5kmIsXmj8LhMFfWUSqtrL4OdjLRmo8D6dy7GUrSIaFI9G9kJXit1diNyIx8Gm
68M6nZSgWxtvF8YVVi1boRHIUaLH/UI231R/iHrI4hY+dsPvqZfKs4agE3fWhGw3
0edrduAmWeuqqP5zlQNOceZaNj0ekCMxdVunbHj/cKEG06LHaQIi0i9FGLrocdtm
szY9NGOE78xIOAeH04QXArmZlxyWT/sXDF42ou2KKqM5UZ78PKIudCKuxH52EUyl
N04Fb3g1s3YTf7h/5J6n+3O0kZjETwQo/WGkIIA4ARHPU81jkjezMyY1FTzMukb/
5DXRc/7bvneyDkVn0LMzVmnN9V0gwkYe3RY0b8ut1xsIF8HC04tocfVu+B+ERjC8
LNAcPcrFwfqIJKDV/WPXOxhsguka+ZLtvxqPSNjRZcOaXP+Xus/BF1ENNOKVfoTy
PM+AuLDtR4+dgDylguTDOy+tJ1WHoynJEi0jPnmleaqfEkDj2TrG+4NERM0lfD9d
kw6Xljv6nAWya0s9VS1rM1DT5x9rhEfFj21Zneqvas1TDQ6zMAQWphuPcLdo3i82
Fc3FC0LCnQPfRi6efEg6axJMsJo3OS/Klz3mEgxcBssyxkmgVr0TuNC8BZoJ4HXs
WBT32Ci26CGLPccuRwYcWsUSCVxFHElE8M782v957j6WIGFUL83dLtdt81NNLI2b
/5rnoCURqWV5KXJ120PsevdVTMU0SAZqz/tlJcHxN11bFkvoyUdZ5u9SYNrDD5HK
WkuIYSh9snHtOZWI74IPmQd1BbXf284XzIG0STHsoYuTuJ6Nwx2Z5viTkfQw02+U
Y5Oyb81QTY1VCOZzwBR7XfZ5c3eFqsryVwzAxLRtpv3vnIEzvTx08B1y86QLDksO
-----END RSA PRIVATE KEY-----

-PASSWORD:specht77tok

of course... they also noted a password in the very same file... That's what I call sloppy work, mea Alpha-Squadron boys wouldn't have made such a mistake...