Merge branch 'master' into update-server-docs-re-cc

2024-10-13 13:34:05 +00:00 · 2017-07-03 09:32:30 +02:00 · 2017-07-03 09:32:30 +02:00 · c24138eb0a
commit c24138eb0a
parent 932a17853b b33f718097
61 changed files with 1704 additions and 828 deletions
--- a/.ci/travis-install.sh
+++ b/.ci/travis-install.sh
@ -7,6 +7,6 @@ pip install --upgrade pip
 if [[ -n ${TOXENV} ]]; then
    pip install --upgrade tox
 else
-    pip install -e .[test]
+    pip install .[test]
    pip install --upgrade codecov
 fi
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,7 +1,7 @@
 # Change Log (Release Notes)
 All _notable_ changes to this project will be documented in this file (`CHANGELOG.md`).
-This project adheres to [Semantic Versioning](http://semver.org/) (or at least we try).
+This project adheres to [the Python form of Semantic Versioning](https://packaging.python.org/tutorials/distributing-packages/#choosing-a-versioning-scheme) (or at least we try).
 Contributors to this file, please follow the guidelines on [keepachangelog.com](http://keepachangelog.com/).
 Note that each version (or "release") is the name of a [Git _tag_](https://git-scm.com/book/en/v2/Git-Basics-Tagging) of a particular commit, so the associated date and time are the date and time of that commit (as reported by GitHub), _not_ the "Uploaded on" date listed on PyPI (which may differ).
 For reference, the possible headings are:
@ -15,14 +15,70 @@ For reference, the possible headings are:
 * **External Contributors** to list contributors outside of BigchainDB GmbH.
 * **Notes**
 ## [1.0.0rc1] - 2017-06-23
 Tag name: v1.0.0rc1
 ### Added
 * Support for secure TLS/SSL communication between MongoDB and {BigchainDB, MongoDB Backup Agent, MongoDB Monitoring Agent}. Pull Requests
 [#1456](https://github.com/bigchaindb/bigchaindb/pull/1456),
 [#1497](https://github.com/bigchaindb/bigchaindb/pull/1497),
 [#1510](https://github.com/bigchaindb/bigchaindb/pull/1510),
 [#1536](https://github.com/bigchaindb/bigchaindb/pull/1536),
 [#1551](https://github.com/bigchaindb/bigchaindb/pull/1551) and
 [#1552](https://github.com/bigchaindb/bigchaindb/pull/1552).
 * Text search support (only if using MongoDB). Pull Requests [#1469](https://github.com/bigchaindb/bigchaindb/pull/1469) and [#1471](https://github.com/bigchaindb/bigchaindb/pull/1471) 
 * The `database.connection_timeout` configuration setting now works with RethinkDB too. [#1512](https://github.com/bigchaindb/bigchaindb/pull/1512)
 * New code and tools for benchmarking CREATE transactions. [Pull Request #1511](https://github.com/bigchaindb/bigchaindb/pull/1511)
 ### Changed
 * There's an upgrade guide in `docs/upgrade-guides/v0.10-->v1.0.md`. It only covers changes to the transaction model and HTTP API. If that file hasn't been merged yet, see [Pull Request #1547](https://github.com/bigchaindb/bigchaindb/pull/1547)
 * Cryptographic signatures now sign the whole (serialized) transaction body, including the transaction ID, but with all `"fulfillment"` values changed to `None`. [Pull Request #1225](https://github.com/bigchaindb/bigchaindb/pull/1225)
 * In transactions, the value of `"amount"` must be a string. (Before, it was supposed to be a number.) [Pull Request #1286](https://github.com/bigchaindb/bigchaindb/pull/1286)
 * In `setup.py`, the  "Development Status" (as reported on PyPI) was changed from Alpha to Beta. [Pull Request #1437](https://github.com/bigchaindb/bigchaindb/pull/1437)
 * If you explicitly specify a config file, e.g. `bigchaindb -c path/to/config start` and that file can't be found, then BigchainDB Server will fail with a helpful error message. [Pull Request #1486](https://github.com/bigchaindb/bigchaindb/pull/1486)
 * Reduced the response time on the HTTP API endpoint to get all the unspent outputs associated with a given public key (a.k.a. "fast unspents"). [Pull Request #1411](https://github.com/bigchaindb/bigchaindb/pull/1411)
 * Internally, the value of an asset's `"data"` is now stored in a separate assets table. This enabled the new text search. Each asset data is stored along with the associated CREATE transaction ID (asset ID). That data gets written when the containing block gets written to the bigchain table. [Pull Request #1460](https://github.com/bigchaindb/bigchaindb/pull/1460)
 * Schema validation was sped up by switching to `rapidjson-schema`. [Pull Request #1494](https://github.com/bigchaindb/bigchaindb/pull/1494)
 * If a node comes back from being down for a while, it will resume voting on blocks in the order determined by the MongoDB oplog, in the case of MongoDB. (In the case of RethinkDB, blocks missed in the changefeed will not be voted on.) [Pull Request #1389](https://github.com/bigchaindb/bigchaindb/pull/1389)
 * Parallelized transaction schema validation in the vote pipeline. [Pull Request #1492](https://github.com/bigchaindb/bigchaindb/pull/1492)
 * `asset.data` or `asset.id` are now *required* in a CREATE or TRANSFER transaction, respectively. [Pull Request #1518](https://github.com/bigchaindb/bigchaindb/pull/1518)
 * The HTTP response body, in the response to the `GET /` and the `GET /api/v1` endpoints, was changed substantially. [Pull Request #1529](https://github.com/bigchaindb/bigchaindb/pull/1529) 
 * Changed the HTTP `GET /api/v1/transactions/{transaction_id}` endpoint. It now only returns the transaction if it's in a valid block. It also returns a new header with a relative link to a status monitor. [Pull Request #1543](https://github.com/bigchaindb/bigchaindb/pull/1543)
 * All instances of `txid` and `tx_id` were replaced with `transaction_id`, in the transaction model and the HTTP API. [Pull Request #1532](https://github.com/bigchaindb/bigchaindb/pull/1532)
 * The hostname and port were removed from all URLs in all HTTP API responses. [Pull Request #1538](https://github.com/bigchaindb/bigchaindb/pull/1538)
 * Relative links were replaced with JSON objects in HTTP API responses. [Pull Request #1541](https://github.com/bigchaindb/bigchaindb/pull/1541)
 * In the outputs endpoint of the HTTP API, the query parameter `unspent` was changed to `spent` (so no more double negatives). If that query parameter isn't included, then all outputs matching the specificed public key will be returned. If `spent=true`, then only the spent outputs will be returned. If `spent=false`, then only the unspent outputs will be returned. [Pull Request #1545](https://github.com/bigchaindb/bigchaindb/pull/1545)
 * The supported crypto-conditions changed from version 01 of the crypto-conditions spec to version 02. [Pull Request #1562](https://github.com/bigchaindb/bigchaindb/pull/1562)
 * The value of "version" inside a transaction must now be "1.0". (Before, it could be "0.anything".) [Pull Request #1574](https://github.com/bigchaindb/bigchaindb/pull/1574)
 ### Removed
 * The `server.threads` configuration setting (for the Gunicorn HTTP server) was removed from the default set of BigchainDB configuration settings. [Pull Request #1488](https://github.com/bigchaindb/bigchaindb/pull/1488)
 ### Fixed
 * The `GET /api/v1/outputs` endpoint was failing for some transactions with threshold conditions. Fixed in [Pull Request #1450](https://github.com/bigchaindb/bigchaindb/pull/1450)
 ### External Contributors
 * @elopio - Pull Requests [#1415](https://github.com/bigchaindb/bigchaindb/pull/1415) and [#1491](https://github.com/bigchaindb/bigchaindb/pull/1491)
 * @CsterKuroi - [Pull Request #1447](https://github.com/bigchaindb/bigchaindb/pull/1447)
 * @tdsgit - [Pull Request #1512](https://github.com/bigchaindb/bigchaindb/pull/1512)
 * @lavinasachdev3 - [Pull Request #1357](https://github.com/bigchaindb/bigchaindb/pull/1357)
 ### Notes
 * We dropped support for Python 3.4. [Pull Request #1564](https://github.com/bigchaindb/bigchaindb/pull/1564)
 * There were many improvements to our Kubernetes-based production deployment template (and the associated documentaiton).
 * There is now a [BigchainDB Ruby driver](https://github.com/LicenseRocks/bigchaindb_ruby), created by @addywaddy at [license.rocks](https://github.com/bigchaindb/bigchaindb/pull/1437).
 * The [BigchainDB JavaScript driver](https://github.com/bigchaindb/js-bigchaindb-driver) was moved to a different GitHub repo and is now officially maintained by the BigchainDB team.
 * We continue to recommend using MongoDB.
 ## [0.10.2] - 2017-05-16
 Tag name: v0.10.2
-## Added
+### Added
 * Add Cross Origin Resource Sharing (CORS) support for the HTTP API. 
 [Commit 6cb7596](https://github.com/bigchaindb/bigchaindb/commit/6cb75960b05403c77bdae0fd327612482589efcb)
-## Fixed
+### Fixed
 * Fixed `streams_v1` API link in response to `GET /api/v1`.
 [Pull Request #1466](https://github.com/bigchaindb/bigchaindb/pull/1466)
 * Fixed mismatch between docs and implementation for `GET /blocks?status=`
@ -32,10 +88,10 @@ Tag name: v0.10.2
 ## [0.10.1] - 2017-04-19
 Tag name: v0.10.1
-## Added
+### Added
 * Documentation for the BigchainDB settings `wsserver.host` and `wsserver.port`. [Pull Request #1408](https://github.com/bigchaindb/bigchaindb/pull/1408)
-## Fixed
+### Fixed
 * Fixed `Dockerfile`, which was failing to build. It now starts `FROM python:3.6` (instead of `FROM ubuntu:xenial`). [Pull Request #1410](https://github.com/bigchaindb/bigchaindb/pull/1410)
 * Fixed the `Makefile` so that `release` depends on `dist`. [Pull Request #1405](https://github.com/bigchaindb/bigchaindb/pull/1405)
--- a/2
+++ b/2
@ -8,7 +8,7 @@ RUN apt-get -qq update \
    && pip install --no-cache-dir . \
    && apt-get autoremove \
    && apt-get clean
-VOLUME ["/data"]
+VOLUME ["/data", "/certs"]
 WORKDIR /data
 ENV BIGCHAINDB_CONFIG_PATH /data/.bigchaindb
 ENV BIGCHAINDB_SERVER_BIND 0.0.0.0:9984
--- a/RELEASE_PROCESS.md
+++ b/RELEASE_PROCESS.md
@ -2,8 +2,14 @@
 The release process for BigchainDB server differs slightly depending on whether it's a minor or a patch release.
-BigchainDB follows [semantic versioning](http://semver.org/) (i.e. MAJOR.MINOR.PATCH), taking into account
+BigchainDB follows 
-that [major version 0.x does not export a stable API](http://semver.org/#spec-item-4).
+[the Python form of Semantic Versioning](https://packaging.python.org/tutorials/distributing-packages/#choosing-a-versioning-scheme)
 (i.e. MAJOR.MINOR.PATCH),
 which is almost identical
 to [regular semantic versioning](http://semver.org/)
 except release candidates are labelled like
 `3.4.5rc2` not `3.4.5-rc2` (with no hyphen).
 ## Minor release
@ -14,6 +20,7 @@ A minor release is preceeded by a feature freeze and created from the 'master' b
 1. Create and checkout a new branch for the minor release, named after the minor version, without a preceeding 'v', e.g. `git checkout -b 0.9` (*not* 0.9.0, this new branch will be for e.g. 0.9.0, 0.9.1, 0.9.2, etc. each of which will be identified by a tagged commit)
 1. In `bigchaindb/version.py`, update `__version__` and `__short_version__`, e.g. to `0.9` and `0.9.0` (with no `.dev` on the end)
 1. Commit that change, and push the new branch to GitHub
 1. On GitHub, use the new branch to create a new pull request and wait for all the tests to pass
 1. Follow steps outlined in [Common Steps](#common-steps)
 1. In 'master' branch, Edit `bigchaindb/version.py`, increment the minor version to the next planned release, e.g. `0.10.0.dev`. This is so people reading the latest docs will know that they're for the latest (master branch) version of BigchainDB Server, not the docs at the time of the most recent release (which are also available).
 1. Go to [Docker Hub](https://hub.docker.com/), sign in, go to Settings - Build Settings, and under the build with Docker Tag Name equal to `latest`, change the Name to the number of the new release, e.g. `0.9`
--- a/bigchaindb/backend/exceptions.py
+++ b/bigchaindb/backend/exceptions.py
@ -9,10 +9,6 @@ class ConnectionError(BackendError):
    """Exception raised when the connection to the backend fails."""
 class AuthenticationError(ConnectionError):
    """Exception raised when MongoDB Authentication fails"""
 class OperationError(BackendError):
    """Exception raised when a backend operation fails."""
--- a/bigchaindb/backend/mongodb/connection.py
+++ b/bigchaindb/backend/mongodb/connection.py
@ -9,8 +9,7 @@ from bigchaindb.utils import Lazy
 from bigchaindb.common.exceptions import ConfigurationError
 from bigchaindb.backend.exceptions import (DuplicateKeyError,
                                           OperationError,
-                                           ConnectionError,
+                                           ConnectionError)
                                           AuthenticationError)
 from bigchaindb.backend.connection import Connection
 logger = logging.getLogger(__name__)
@ -113,6 +112,8 @@ class MongoDBConnection(Connection):
                                             replicaset=self.replicaset,
                                             serverselectiontimeoutms=self.connection_timeout,
                                             ssl=self.ssl)
                if self.login is not None and self.password is not None:
                    client[self.dbname].authenticate(self.login, self.password)
            else:
                logger.info('Connecting to MongoDB over TLS/SSL...')
                client = pymongo.MongoClient(self.host,
@ -126,10 +127,9 @@ class MongoDBConnection(Connection):
                                             ssl_pem_passphrase=self.keyfile_passphrase,
                                             ssl_crlfile=self.crlfile,
                                             ssl_cert_reqs=CERT_REQUIRED)
-
+                if self.login is not None:
-            # authenticate with the specified user if the connection succeeds
+                    client[self.dbname].authenticate(self.login,
-            if self.login is not None and self.password is not None:
+                                                     mechanism='MONGODB-X509')
                client[self.dbname].authenticate(self.login, self.password)
            return client
@ -138,9 +138,7 @@ class MongoDBConnection(Connection):
        except (pymongo.errors.ConnectionFailure,
                pymongo.errors.OperationFailure) as exc:
            logger.info('Exception in _connect(): {}'.format(exc))
-            if "Authentication fail" in str(exc):
+            raise ConnectionError(str(exc)) from exc
                raise AuthenticationError() from exc
            raise ConnectionError() from exc
        except pymongo.errors.ConfigurationError as exc:
            raise ConfigurationError from exc
@ -163,6 +161,8 @@ def initialize_replica_set(host, port, connection_timeout, dbname, ssl, login,
                                       port,
                                       serverselectiontimeoutms=connection_timeout,
                                       ssl=ssl)
            if login is not None and password is not None:
                conn[dbname].authenticate(login, password)
        else:
            logger.info('Connecting to MongoDB over TLS/SSL...')
            conn = pymongo.MongoClient(host,
@ -175,16 +175,17 @@ def initialize_replica_set(host, port, connection_timeout, dbname, ssl, login,
                                       ssl_pem_passphrase=keyfile_passphrase,
                                       ssl_crlfile=crlfile,
                                       ssl_cert_reqs=CERT_REQUIRED)
            if login is not None:
                logger.info('Authenticating to the database...')
                conn[dbname].authenticate(login, mechanism='MONGODB-X509')
    except (pymongo.errors.ConnectionFailure,
            pymongo.errors.OperationFailure) as exc:
-        raise ConnectionError() from exc
+        logger.info('Exception in _connect(): {}'.format(exc))
        raise ConnectionError(str(exc)) from exc
    except pymongo.errors.ConfigurationError as exc:
        raise ConfigurationError from exc
    if login is not None and password is not None:
        conn[dbname].authenticate(login, password)
    _check_replica_set(conn)
    host = '{}:{}'.format(bigchaindb.config['database']['host'],
                          bigchaindb.config['database']['port'])
--- a/bigchaindb/backend/mongodb/query.py
+++ b/bigchaindb/backend/mongodb/query.py
@ -158,7 +158,7 @@ def get_spent(conn, transaction_id, output):
                'block.transactions.inputs': {
                    '$elemMatch': {
                        'fulfills.transaction_id': transaction_id,
-                        'fulfills.output': output,
+                        'fulfills.output_index': output,
                    },
                },
            }},
@ -167,7 +167,7 @@ def get_spent(conn, transaction_id, output):
                'block.transactions.inputs': {
                    '$elemMatch': {
                        'fulfills.transaction_id': transaction_id,
-                        'fulfills.output': output,
+                        'fulfills.output_index': output,
                    },
                },
            }},
--- a/bigchaindb/backend/mongodb/schema.py
+++ b/bigchaindb/backend/mongodb/schema.py
@ -72,7 +72,7 @@ def create_bigchain_secondary_index(conn, dbname):
    conn.conn[dbname]['bigchain']\
        .create_index([
            ('block.transactions.inputs.fulfills.transaction_id', ASCENDING),
-            ('block.transactions.inputs.fulfills.output', ASCENDING),
+            ('block.transactions.inputs.fulfills.output_index', ASCENDING),
        ], name='inputs')
--- a/bigchaindb/backend/rethinkdb/query.py
+++ b/bigchaindb/backend/rethinkdb/query.py
@ -123,7 +123,7 @@ def get_spent(connection, transaction_id, output):
             .concat_map(lambda doc: doc['block']['transactions'])
             .filter(lambda transaction: transaction['inputs'].contains(
                lambda input_: input_['fulfills'] == {
-                    'transaction_id': transaction_id, 'output': output})))
+                    'transaction_id': transaction_id, 'output_index': output})))
@register_query(RethinkDBConnection)
@ -287,7 +287,7 @@ def unwind_block_transactions(block):
 def get_spending_transactions(connection, links):
    query = (
        r.table('bigchain')
-        .get_all(*[(l['transaction_id'], l['output']) for l in links],
+        .get_all(*[(l['transaction_id'], l['output_index']) for l in links],
                 index='inputs')
        .concat_map(unwind_block_transactions)
        # filter transactions spending output
--- a/bigchaindb/backend/rethinkdb/schema.py
+++ b/bigchaindb/backend/rethinkdb/schema.py
@ -86,9 +86,9 @@ def create_bigchain_secondary_index(connection, dbname):
         .index_create('inputs',
                       r.row['block']['transactions']
                        .concat_map(lambda tx: tx['inputs']['fulfills'])
-                        .with_fields('transaction_id', 'output')
+                        .with_fields('transaction_id', 'output_index')
                        .map(lambda fulfills: [fulfills['transaction_id'],
-                                               fulfills['output']]),
+                                               fulfills['output_index']]),
                       multi=True))
    # wait for rethinkdb to finish creating secondary indexes
--- a/bigchaindb/common/exceptions.py
+++ b/bigchaindb/common/exceptions.py
@ -106,3 +106,7 @@ class SybilError(ValidationError):
 class DuplicateTransaction(ValidationError):
    """Raised if a duplicated transaction is found"""
 class ThresholdTooDeep(ValidationError):
    """Raised if threshold condition is too deep"""
--- a/bigchaindb/common/schema/transaction.yaml
+++ b/bigchaindb/common/schema/transaction.yaml
@ -56,7 +56,7 @@ properties:
      See: `Metadata`_.
  version:
    type: string
-    pattern: "^0\\."
+    pattern: "^1\\.0$"
    description: |
        BigchainDB transaction schema version.
 definitions:
@ -150,11 +150,10 @@ definitions:
        - uri
        properties:
          details:
-            type: object
+            "$ref": "#/definitions/condition_details"
            additionalProperties: true
          uri:
            type: string
-            pattern: "^cc:([1-9a-f][0-9a-f]{0,3}|0):[1-9a-f][0-9a-f]{0,15}:[a-zA-Z0-9_-]{0,86}:([1-9][0-9]{0,17}|0)$"
+            pattern: "^ni:///sha-256;([a-zA-Z0-9_-]{0,86})?(.+)$"
      public_keys:
        "$ref": "#/definitions/public_keys"
        description: |
@ -174,28 +173,14 @@ definitions:
        description: |
            List of public keys of the previous owners of the asset.
      fulfillment:
        description: |
          Fulfillment of an `Output.condition`_, or, put a different way, a payload
          that satisfies the condition of a previous output to prove that the
          creator(s) of this transaction have control over the listed asset.
        anyOf:
        - type: object
          additionalProperties: false
          properties:
            bitmask:
              type: integer
            public_key:
              type: string
            type:
              type: string
            signature:
              anyOf:
              - type: string
              - type: 'null'
            type_id:
              type: integer
          description: |
              Fulfillment of an `Output.condition`_, or, put a different way, a payload
              that satisfies the condition of a previous output to prove that the
              creator(s) of this transaction have control over the listed asset.
        - type: string
-          pattern: "^cf:([1-9a-f][0-9a-f]{0,3}|0):[a-zA-Z0-9_-]*$"
+          pattern: "^[a-zA-Z0-9_-]*$"
        - "$ref": "#/definitions/condition_details"
      fulfills:
        anyOf:
        - type: 'object'
@ -203,10 +188,10 @@ definitions:
            Reference to the output that is being spent.
          additionalProperties: false
          required:
-          - output
+          - output_index
          - transaction_id
          properties:
-            output:
+            output_index:
              "$ref": "#/definitions/offset"
              description: |
                Index of the output containing the condition being fulfilled
@ -224,3 +209,37 @@ definitions:
      additionalProperties: true
      minProperties: 1
    - type: 'null'
  condition_details:
    description: |
      Details needed to reconstruct the condition associated with an output.
      Currently, BigchainDB only supports ed25519 and threshold condition types.
    anyOf:
    - type: object
      additionalProperties: false
      required:
      - type
      - public_key
      properties:
        type:
          type: string
          pattern: "^ed25519-sha-256$"
        public_key:
          "$ref": "#/definitions/base58"
    - type: object
      additionalProperties: false
      required:
      - type
      - threshold
      - subconditions
      properties:
        type:
          type: "string"
          pattern: "^threshold-sha-256$"
        threshold:
          type: integer
          minimum: 1
          maximum: 100
        subconditions:
          type: array
          items:
            "$ref": "#/definitions/condition_details"
--- a/bigchaindb/common/transaction.py
+++ b/bigchaindb/common/transaction.py
@ -1,16 +1,17 @@
 from copy import deepcopy
 from functools import reduce
-from cryptoconditions import (Fulfillment, ThresholdSha256Fulfillment,
+import base58
-                              Ed25519Fulfillment)
+from cryptoconditions import Fulfillment, ThresholdSha256, Ed25519Sha256
-from cryptoconditions.exceptions import ParsingError
+from cryptoconditions.exceptions import (
    ParsingError, ASN1DecodeError, ASN1EncodeError, UnsupportedTypeError)
 from bigchaindb.common.crypto import PrivateKey, hash_data
 from bigchaindb.common.exceptions import (KeypairMismatchException,
                                          InvalidHash, InvalidSignature,
-                                          AmountError, AssetIdMismatch)
+                                          AmountError, AssetIdMismatch,
-from bigchaindb.common.utils import serialize, gen_timestamp
+                                          ThresholdTooDeep)
-import bigchaindb.version
+from bigchaindb.common.utils import serialize
 class Input(object):
@ -65,16 +66,8 @@ class Input(object):
        """
        try:
            fulfillment = self.fulfillment.serialize_uri()
-        except (TypeError, AttributeError):
+        except (TypeError, AttributeError, ASN1EncodeError):
-            # NOTE: When a non-signed transaction is casted to a dict,
+            fulfillment = _fulfillment_to_details(self.fulfillment)
            #       `self.inputs` value is lost, as in the node's
            #       transaction model that is saved to the database, does not
            #       account for its dictionary form but just for its signed uri
            #       form.
            #       Hence, when a non-signed fulfillment is to be cast to a
            #       dict, we just call its internal `to_dict` method here and
            #       its `from_dict` method in `Fulfillment.from_dict`.
            fulfillment = self.fulfillment.to_dict()
        try:
            # NOTE: `self.fulfills` can be `None` and that's fine
@ -114,19 +107,74 @@ class Input(object):
            Raises:
                InvalidSignature: If an Input's URI couldn't be parsed.
        """
-        try:
+        fulfillment = data['fulfillment']
-            fulfillment = Fulfillment.from_uri(data['fulfillment'])
+        if not isinstance(fulfillment, Fulfillment):
-        except ValueError:
+            try:
-            # TODO FOR CC: Throw an `InvalidSignature` error in this case.
+                fulfillment = Fulfillment.from_uri(data['fulfillment'])
-            raise InvalidSignature("Fulfillment URI couldn't been parsed")
+            except ASN1DecodeError:
-        except TypeError:
+                # TODO Remove as it is legacy code, and simply fall back on
-            # NOTE: See comment about this special case in
+                # ASN1DecodeError
-            #       `Input.to_dict`
+                raise InvalidSignature("Fulfillment URI couldn't been parsed")
-            fulfillment = Fulfillment.from_dict(data['fulfillment'])
+            except TypeError:
                # NOTE: See comment about this special case in
                #       `Input.to_dict`
                fulfillment = _fulfillment_from_details(data['fulfillment'])
        fulfills = TransactionLink.from_dict(data['fulfills'])
        return cls(fulfillment, data['owners_before'], fulfills)
 def _fulfillment_to_details(fulfillment):
    """
    Encode a fulfillment as a details dictionary
    Args:
        fulfillment: Crypto-conditions Fulfillment object
    """
    if fulfillment.type_name == 'ed25519-sha-256':
        return {
            'type': 'ed25519-sha-256',
            'public_key': base58.b58encode(fulfillment.public_key),
        }
    if fulfillment.type_name == 'threshold-sha-256':
        subconditions = [
            _fulfillment_to_details(cond['body'])
            for cond in fulfillment.subconditions
        ]
        return {
            'type': 'threshold-sha-256',
            'threshold': fulfillment.threshold,
            'subconditions': subconditions,
        }
    raise UnsupportedTypeError(fulfillment.type_name)
 def _fulfillment_from_details(data):
    """
    Load a fulfillment for a signing spec dictionary
    Args:
        data: tx.output[].condition.details dictionary
    """
    if data['type'] == 'ed25519-sha-256':
        public_key = base58.b58decode(data['public_key'])
        return Ed25519Sha256(public_key=public_key)
    if data['type'] == 'threshold-sha-256':
        try:
            threshold = ThresholdSha256(data['threshold'])
            for cond in data['subconditions']:
                cond = _fulfillment_from_details(cond)
                threshold.add_subfulfillment(cond)
            return threshold
        except RecursionError:
            raise ThresholdTooDeep()
    raise UnsupportedTypeError(data.get('type'))
 class TransactionLink(object):
    """An object for unidirectional linking to a Transaction's Output.
@ -175,7 +223,7 @@ class TransactionLink(object):
                :class:`~bigchaindb.common.transaction.TransactionLink`
        """
        try:
-            return cls(link['transaction_id'], link['output'])
+            return cls(link['transaction_id'], link['output_index'])
        except TypeError:
            return cls()
@ -190,7 +238,7 @@ class TransactionLink(object):
        else:
            return {
                'transaction_id': self.txid,
-                'output': self.output,
+                'output_index': self.output,
            }
    def to_uri(self, path=''):
@ -259,7 +307,7 @@ class Output(object):
        #              and fulfillment!
        condition = {}
        try:
-            condition['details'] = self.fulfillment.to_dict()
+            condition['details'] = _fulfillment_to_details(self.fulfillment)
        except AttributeError:
            pass
@ -310,13 +358,14 @@ class Output(object):
            raise ValueError('`public_keys` needs to contain at least one'
                             'owner')
        elif len(public_keys) == 1 and not isinstance(public_keys[0], list):
-            try:
+            if isinstance(public_keys[0], Fulfillment):
                ffill = Ed25519Fulfillment(public_key=public_keys[0])
            except TypeError:
                ffill = public_keys[0]
            else:
                ffill = Ed25519Sha256(
                    public_key=base58.b58decode(public_keys[0]))
            return cls(ffill, public_keys, amount=amount)
        else:
-            initial_cond = ThresholdSha256Fulfillment(threshold=threshold)
+            initial_cond = ThresholdSha256(threshold=threshold)
            threshold_cond = reduce(cls._gen_condition, public_keys,
                                    initial_cond)
            return cls(threshold_cond, public_keys, amount=amount)
@ -331,13 +380,13 @@ class Output(object):
                :meth:`~.Output.generate`.
            Args:
-                initial (:class:`cryptoconditions.ThresholdSha256Fulfillment`):
+                initial (:class:`cryptoconditions.ThresholdSha256`):
                    A Condition representing the overall root.
                new_public_keys (:obj:`list` of :obj:`str`|str): A list of new
                    owners or a single new owner.
            Returns:
-                :class:`cryptoconditions.ThresholdSha256Fulfillment`:
+                :class:`cryptoconditions.ThresholdSha256`:
        """
        try:
            threshold = len(new_public_keys)
@ -345,7 +394,7 @@ class Output(object):
            threshold = None
        if isinstance(new_public_keys, list) and len(new_public_keys) > 1:
-            ffill = ThresholdSha256Fulfillment(threshold=threshold)
+            ffill = ThresholdSha256(threshold=threshold)
            reduce(cls._gen_condition, new_public_keys, ffill)
        elif isinstance(new_public_keys, list) and len(new_public_keys) <= 1:
            raise ValueError('Sublist cannot contain single owner')
@ -354,16 +403,17 @@ class Output(object):
                new_public_keys = new_public_keys.pop()
            except AttributeError:
                pass
-            try:
+            # NOTE: Instead of submitting base58 encoded addresses, a user
-                ffill = Ed25519Fulfillment(public_key=new_public_keys)
+            #       of this class can also submit fully instantiated
-            except TypeError:
+            #       Cryptoconditions. In the case of casting
-                # NOTE: Instead of submitting base58 encoded addresses, a user
+            #       `new_public_keys` to a Ed25519Fulfillment with the
-                #       of this class can also submit fully instantiated
+            #       result of a `TypeError`, we're assuming that
-                #       Cryptoconditions. In the case of casting
+            #       `new_public_keys` is a Cryptocondition then.
-                #       `new_public_keys` to a Ed25519Fulfillment with the
+            if isinstance(new_public_keys, Fulfillment):
                #       result of a `TypeError`, we're assuming that
                #       `new_public_keys` is a Cryptocondition then.
                ffill = new_public_keys
            else:
                ffill = Ed25519Sha256(
                    public_key=base58.b58decode(new_public_keys))
        initial.add_subfulfillment(ffill)
        return initial
@ -384,7 +434,7 @@ class Output(object):
                :class:`~bigchaindb.common.transaction.Output`
        """
        try:
-            fulfillment = Fulfillment.from_dict(data['condition']['details'])
+            fulfillment = _fulfillment_from_details(data['condition']['details'])
        except KeyError:
            # NOTE: Hashlock condition case
            fulfillment = data['condition']['uri']
@ -415,13 +465,13 @@ class Transaction(object):
                ``id`` property.
            metadata (dict):
                Metadata to be stored along with the Transaction.
-            version (int): Defines the version number of a Transaction.
+            version (string): Defines the version number of a Transaction.
    """
    CREATE = 'CREATE'
    TRANSFER = 'TRANSFER'
    GENESIS = 'GENESIS'
    ALLOWED_OPERATIONS = (CREATE, TRANSFER, GENESIS)
-    VERSION = '.'.join(bigchaindb.version.__short_version__.split('.')[:2])
+    VERSION = '1.0'
    def __init__(self, operation, asset, inputs=None, outputs=None,
                 metadata=None, version=None):
@ -441,7 +491,7 @@ class Transaction(object):
                    lock.
                metadata (dict): Metadata to be stored along with the
                    Transaction.
-                version (int): Defines the version number of a Transaction.
+                version (string): Defines the version number of a Transaction.
        """
        if operation not in Transaction.ALLOWED_OPERATIONS:
            allowed_ops = ', '.join(self.__class__.ALLOWED_OPERATIONS)
@ -661,7 +711,7 @@ class Transaction(object):
                This method works only for the following Cryptoconditions
                currently:
                    - Ed25519Fulfillment
-                    - ThresholdSha256Fulfillment
+                    - ThresholdSha256
                Furthermore, note that all keys required to fully sign the
                Transaction have to be passed to this method. A subset of all
                will cause this method to fail.
@ -712,7 +762,7 @@ class Transaction(object):
                This method works only for the following Cryptoconditions
                currently:
                    - Ed25519Fulfillment
-                    - ThresholdSha256Fulfillment.
+                    - ThresholdSha256.
            Args:
                input_ (:class:`~bigchaindb.common.transaction.
@ -720,10 +770,10 @@ class Transaction(object):
                message (str): The message to be signed
                key_pairs (dict): The keys to sign the Transaction with.
        """
-        if isinstance(input_.fulfillment, Ed25519Fulfillment):
+        if isinstance(input_.fulfillment, Ed25519Sha256):
            return cls._sign_simple_signature_fulfillment(input_, message,
                                                          key_pairs)
-        elif isinstance(input_.fulfillment, ThresholdSha256Fulfillment):
+        elif isinstance(input_.fulfillment, ThresholdSha256):
            return cls._sign_threshold_signature_fulfillment(input_, message,
                                                             key_pairs)
        else:
@ -749,7 +799,10 @@ class Transaction(object):
        try:
            # cryptoconditions makes no assumptions of the encoding of the
            # message to sign or verify. It only accepts bytestrings
-            input_.fulfillment.sign(message.encode(), key_pairs[public_key])
+            input_.fulfillment.sign(
                message.encode(),
                base58.b58decode(key_pairs[public_key].encode()),
            )
        except KeyError:
            raise KeypairMismatchException('Public key {} is not a pair to '
                                           'any of the private keys'
@ -758,7 +811,7 @@ class Transaction(object):
    @classmethod
    def _sign_threshold_signature_fulfillment(cls, input_, message, key_pairs):
-        """Signs a ThresholdSha256Fulfillment.
+        """Signs a ThresholdSha256.
            Args:
                input_ (:class:`~bigchaindb.common.transaction.
@ -778,7 +831,8 @@ class Transaction(object):
            # TODO FOR CC: `get_subcondition` is singular. One would not
            #              expect to get a list back.
            ccffill = input_.fulfillment
-            subffills = ccffill.get_subcondition_from_vk(owner_before)
+            subffills = ccffill.get_subcondition_from_vk(
                base58.b58decode(owner_before))
            if not subffills:
                raise KeypairMismatchException('Public key {} cannot be found '
                                               'in the fulfillment'
@ -793,7 +847,7 @@ class Transaction(object):
            # cryptoconditions makes no assumptions of the encoding of the
            # message to sign or verify. It only accepts bytestrings
            for subffill in subffills:
-                subffill.sign(message.encode(), private_key)
+                subffill.sign(message.encode(), base58.b58decode(private_key.encode()))
        return input_
    def inputs_valid(self, outputs=None):
@ -882,7 +936,8 @@ class Transaction(object):
        ccffill = input_.fulfillment
        try:
            parsed_ffill = Fulfillment.from_uri(ccffill.serialize_uri())
-        except (TypeError, ValueError, ParsingError):
+        except (TypeError, ValueError,
                ParsingError, ASN1DecodeError, ASN1EncodeError):
            return False
        if operation in (Transaction.CREATE, Transaction.GENESIS):
@ -897,8 +952,7 @@ class Transaction(object):
        # cryptoconditions makes no assumptions of the encoding of the
        # message to sign or verify. It only accepts bytestrings
-        ffill_valid = parsed_ffill.validate(message=tx_serialized.encode(),
+        ffill_valid = parsed_ffill.validate(message=tx_serialized.encode())
                                            now=gen_timestamp())
        return output_valid and ffill_valid
    def to_dict(self):
@ -940,7 +994,7 @@ class Transaction(object):
        tx_dict = deepcopy(tx_dict)
        for input_ in tx_dict['inputs']:
            # NOTE: Not all Cryptoconditions return a `signature` key (e.g.
-            #       ThresholdSha256Fulfillment), so setting it to `None` in any
+            #       ThresholdSha256), so setting it to `None` in any
            #       case could yield incorrect signatures. This is why we only
            #       set it to `None` if it's set in the dict.
            input_['fulfillment'] = None
--- a/bigchaindb/utils.py
+++ b/bigchaindb/utils.py
@ -96,8 +96,8 @@ def condition_details_has_owner(condition_details, owner):
        bool: True if the public key is found in the condition details, False otherwise
    """
-    if 'subfulfillments' in condition_details:
+    if 'subconditions' in condition_details:
-        result = condition_details_has_owner(condition_details['subfulfillments'], owner)
+        result = condition_details_has_owner(condition_details['subconditions'], owner)
        if result:
            return True
--- a/bigchaindb/version.py
+++ b/bigchaindb/version.py
@ -1,2 +1,2 @@
-__version__ = '0.11.0.dev'
+__version__ = '1.0.0.dev'
-__short_version__ = '0.11.dev'
+__short_version__ = '1.0.dev'
--- a/bigchaindb/web/views/outputs.py
+++ b/bigchaindb/web/views/outputs.py
@ -22,5 +22,5 @@ class OutputListApi(Resource):
        with pool() as bigchain:
            outputs = bigchain.get_outputs_filtered(args['public_key'],
                                                    args['spent'])
-            return [{'transaction_id': output.txid, 'output': output.output}
+            return [{'transaction_id': output.txid, 'output_index': output.output}
                    for output in outputs]
--- a/bigchaindb/web/websocket_server.py
+++ b/bigchaindb/web/websocket_server.py
@ -111,10 +111,15 @@ def websocket_handler(request):
    while True:
        # Consume input buffer
-        msg = yield from websocket.receive()
+        try:
            msg = yield from websocket.receive()
        except RuntimeError as e:
            logger.debug('Websocket exception: %s', str(e))
            return websocket
        if msg.type == aiohttp.WSMsgType.ERROR:
            logger.debug('Websocket exception: %s', websocket.exception())
-            return
+            return websocket
 def init_app(event_source, *, loop=None):
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -22,6 +22,7 @@ services:
      - ./setup.cfg:/usr/src/app/setup.cfg
      - ./pytest.ini:/usr/src/app/pytest.ini
      - ./tox.ini:/usr/src/app/tox.ini
      - ../cryptoconditions:/usr/src/app/cryptoconditions
    environment:
      BIGCHAINDB_DATABASE_BACKEND: mongodb
      BIGCHAINDB_DATABASE_HOST: mdb
--- a/docs/root/source/assets.rst
+++ b/docs/root/source/assets.rst
@ -21,4 +21,4 @@ We’re actively exploring ways that BigchainDB can be used with other blockchai
 .. note::
-   We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or tranfer-enablers. See BigchainDB Server `issue #626 <https://github.com/bigchaindb/bigchaindb/issues/626>`_.
+   We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or transfer-enablers. See BigchainDB Server `issue #626 <https://github.com/bigchaindb/bigchaindb/issues/626>`_.
--- a/docs/root/source/smart-contracts.rst
+++ b/docs/root/source/smart-contracts.rst
@ -7,16 +7,13 @@ BigchainDB will run the subset of smart contracts expressible using "crypto-cond
 The owners of an asset can impose conditions on it that must be met for the asset to be transferred to new owners. Examples of possible conditions (crypto-conditions) include:
- The current owner must sign the transfer transaction (one which transfers ownership to new owners)
+- The current owner must sign the transfer transaction (one which transfers ownership to new owners).
- Three out of five current owners must sign the transfer transaction
+- Three out of five current owners must sign the transfer transaction.
- (Shannon and Kelly) or Morgan must sign the transfer transaction
+- (Shannon and Kelly) or Morgan must sign the transfer transaction.
 - Anyone who provides the secret password (technically, the preimage of a known hash) can create a valid transfer transaction
 Crypto-conditions can be quite complex if-this-then-that type conditions, where the "this" can be a long boolean expression. Crypto-conditions can't include loops or recursion and are therefore will always run/check in finite time.
 BigchainDB also supports a timeout condition which enables it to support a form of escrow.
 .. note::
-   We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or tranfer-enablers. See BigchainDB Server `issue #626 <https://github.com/bigchaindb/bigchaindb/issues/626>`_.
+   We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or transfer-enablers. See BigchainDB Server `issue #626 <https://github.com/bigchaindb/bigchaindb/issues/626>`_.
--- a/docs/root/source/transaction-concepts.md
+++ b/docs/root/source/transaction-concepts.md
@ -15,30 +15,57 @@ one might register an identity or a creative work. The things are often called
 "assets" but they might not be literal assets.
 BigchainDB supports divisible assets as of BigchainDB Server v0.8.0.
-That means you can create/register an asset with an initial quantity,
+That means you can create/register an asset with an initial number of "shares."
-e.g. 700 oak trees. Divisible assets can be split apart or recombined
+For example, A CREATE transaction could register a truckload of 50 oak trees.
-by transfer transactions (described more below).
+Each share of a divisible asset must be interchangeable with each other share;
 the shares must be fungible.
-A CREATE transaction also establishes, in its outputs, the conditions that must
+A CREATE transaction can have one or more outputs.
-be met to transfer the asset(s). The conditions may also be associated with a
+Each output has an associated amount: the number of shares tied to that output.
-list of public keys that, depending on the condition, may have full or partial
+For example, if the asset consists of 50 oak trees,
-control over the asset(s). For example, there may be a condition that any
+one output might have 35 oak trees for one set of owners,
-transfer must be signed (cryptographically) by the private key associated with a
+and the other output might have 15 oak trees for another set of owners.
-given public key. More sophisticated conditions are possible. BigchainDB's
+
-conditions are based on the crypto-conditions of the [Interledger Protocol
+Each output also has an associated condition: the condition that must be met
-(ILP)](https://interledger.org/).
+(by a TRANSFER transaction) to transfer/spend the output.
 BigchainDB supports a variety of conditions,
 a subset of the [Interledger Protocol (ILP)](https://interledger.org/)
 crypto-conditions. For details, see
 [the documentation about Inputs and Outputs](https://docs.bigchaindb.com/projects/server/en/latest/data-models/inputs-outputs.html).
 Each output also has a list of all the public keys associated
 with the conditions on that output.
 Loosely speaking, that list might be interpreted as the list of "owners."
 A more accurate word might be fulfillers, signers, controllers,
 or transfer-enablers.
 See BigchainDB Server [issue #626](https://github.com/bigchaindb/bigchaindb/issues/626).
 A CREATE transaction must be signed by all the owners.
 (If you're looking for that signature,
 it's in the one "fulfillment" of the one input, albeit encoded.)
 ## TRANSFER Transactions
-A TRANSFER transaction can transfer an asset
+A TRANSFER transaction can transfer/spend one or more outputs
-by providing inputs which fulfill the current output conditions on the asset.
+on other transactions (CREATE transactions or other TRANSFER transactions).
-It must also specify new transfer conditions.
+Those outputs must all be associated with the same asset;
 a TRANSFER transaction can only transfer shares of one asset at a time.
 Each input on a TRANSFER transaction connects to one output
 on another transaction.
 Each input must satisfy the condition on the output it's trying
 to transfer/spend.
 A TRANSFER transaction can have one or more outputs,
 just like a CREATE transaction (described above).
 The total number of shares coming in on the inputs must equal
 the total number of shares going out on the outputs.
 **Example 1:** Suppose a red car is owned and controlled by Joe.
 Suppose the current transfer condition on the car says
 that any valid transfer must be signed by Joe.
-Joe and a buyer named Rae could build a TRANSFER transaction containing
+Joe could build a TRANSFER transaction containing
 an input with Joe's signature (to fulfill the current output condition)
 plus a new output condition saying that any valid transfer
 must be signed by Rae.
@ -62,3 +89,11 @@ When a node is asked to check if a transaction is valid, it checks several
 things. We documented those things in a post on *The BigchainDB Blog*:
 ["What is a Valid Transaction in BigchainDB?"](https://blog.bigchaindb.com/what-is-a-valid-transaction-in-bigchaindb-9a1a075a9598)
 (Note: That post was about BigchainDB Server v1.0.0.)
 ## Example Transactions
 There are example BigchainDB transactions in
 [the HTTP API documentation](https://docs.bigchaindb.com/projects/server/en/latest/http-client-server-api.html)
 and
 [the Python Driver documentation](https://docs.bigchaindb.com/projects/py-driver/en/latest/usage.html).
--- a/docs/server/source/http-client-server-api.rst
+++ b/docs/server/source/http-client-server-api.rst
@ -206,11 +206,11 @@ unspent outputs.
     [
       {
-         "output": 0,
+         "output_index": 0,
         "transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e"
       },
       {
-         "output": 1,
+         "output_index": 1,
         "transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e"
       }
     ]
@ -238,7 +238,7 @@ unspent outputs.
     [
       {
-         "output": 0,
+         "output_index": 0,
         "transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e"
       }
     ]
@ -266,7 +266,7 @@ unspent outputs.
     [
       {
-         "output": 1,
+         "output_index": 1,
         "transaction_id": "2d431073e1477f3073a4693ac7ff9be5634751de1b8abaa1f4e19548ef0b4b0e"
       }
     ]
--- a/docs/server/source/production-deployment-template/add-node-on-kubernetes.rst
+++ b/docs/server/source/production-deployment-template/add-node-on-kubernetes.rst
@ -173,6 +173,6 @@ set up NGINX in your new node.
 Step 8: Test Your New BigchainDB Node
 -------------------------------------
-Please refer to the testing steps :ref:`here <Step 16: Verify the BigchainDB
+Please refer to the testing steps :ref:`here <Step 17: Verify the BigchainDB
 Node Setup>` to verify that your new BigchainDB node is working as expected.
--- a/docs/server/source/production-deployment-template/ca-installation.rst
+++ b/docs/server/source/production-deployment-template/ca-installation.rst
@ -33,15 +33,17 @@ by going to the ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3`` directory and using:
   ./easyrsa build-ca
-You will be prompted to enter the Distinguished Name for this CA. You can hit
+You will also be asked to enter a PEM pass phrase (for encrypting the ``ca.key`` file).
 enter to accept the default values or change it at each prompt.
 You will also be asked to enter a PEM pass phrase for encrypting the ``ca.key`` file.
 Make sure to securely store that PEM pass phrase.
 If you lose it, you won't be able to add or remove entities from your PKI infrastructure in the future.
-It will ask several other questions.
+You will be prompted to enter the Distinguished Name (DN) information for this CA.
-You can accept all the defaults [in brackets] by pressing Enter.
+For each field, you can accept the default value [in brackets] by pressing Enter.
 .. warning::
   Don't accept the default value of OU (``IT``). Instead, enter the value ``ROOT-CA``.
 While ``Easy-RSA CA`` *is* a valid and acceptable Common Name,
 you should probably enter a name based on the name of the managing organization,
 e.g. ``Omega Ledger CA``.
--- a/docs/server/source/production-deployment-template/client-tls-certificate.rst
+++ b/docs/server/source/production-deployment-template/client-tls-certificate.rst
@ -24,7 +24,7 @@ Step 2: Create the Client Private Key and CSR
 ---------------------------------------------
 You can create the client private key and certificate signing request (CSR)
-by going into the directory ``client-cert/easy-rsa-3.0.1/easyrsa``
+by going into the directory ``client-cert/easy-rsa-3.0.1/easyrsa3``
 and using:
 .. code:: bash
@ -33,25 +33,37 @@ and using:
   ./easyrsa gen-req bdb-instance-0 nopass
-You should change ``bdb-instance-0`` to a value that reflects what the 
+You should change the Common Name (e.g. ``bdb-instance-0``)
-client certificate is being used for.
+to a value that reflects what the 
 client certificate is being used for, e.g. ``mdb-mon-instance-3`` or ``mdb-bak-instance-4``. (The final integer is specific to your BigchainDB node in the BigchainDB cluster.)
-Tip: You can get help with the ``easyrsa`` command (and its subcommands)
+You will be prompted to enter the Distinguished Name (DN) information for this certificate. For each field, you can accept the default value [in brackets] by pressing Enter.
-by using the subcommand ``./easyrsa help``
+
 .. warning::
   Don't accept the default value of OU (``IT``). Instead, enter the value
   ``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` or ``MongoDB-Backup-Instance``
   as appropriate.
 Aside: The ``nopass`` option means "do not encrypt the private key (default is encrypted)". You can get help with the ``easyrsa`` command (and its subcommands)
 by using the subcommand ``./easyrsa help``.
 Step 3: Get the Client Certificate Signed
 -----------------------------------------
-The CSR file (created in the previous step)
+The CSR file created in the previous step
-should be located in ``pki/reqs/bdb-instance-0.req``.
+should be located in ``pki/reqs/bdb-instance-0.req``
 (or whatever Common Name you used in the ``gen-req`` command above).
 You need to send it to the organization managing the cluster
 so that they can use their CA
 to sign the request.
 (The managing organization should already have a self-signed CA.)
 If you are the admin of the managing organization's self-signed CA,
-then you can import the CSR and use Easy-RSA to sign it. For example:
+then you can import the CSR and use Easy-RSA to sign it.
 Go to your ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3/``
 directory and do something like:
 .. code:: bash
--- a/docs/server/source/production-deployment-template/cloud-manager.rst
+++ b/docs/server/source/production-deployment-template/cloud-manager.rst
@ -37,8 +37,14 @@ Configure MongoDB Cloud Manager for Monitoring
  * Enter the port number as ``27017``, with no authentication.
  * If you have authentication enabled, select the option to enable
    authentication and specify the authentication mechanism as per your
    deployment. The default BigchainDB production deployment currently
    supports ``X.509 Client Certificate`` as the authentication mechanism.
  * If you have TLS enabled, select the option to enable TLS/SSL for MongoDB
-    connections, and click ``Continue``.
+    connections, and click ``Continue``. This should already be selected for
    you in case you selected ``X.509 Client Certificate`` above.
  * Once the deployment is found, click the ``Continue`` button again.
    This may take about a minute or two.
@ -66,8 +72,17 @@ Configure MongoDB Cloud Manager for Backup
  * Hover over the ``Status`` column of your backup and click ``Start``
    to start the backup.
-  * Select the replica set on the side pane and check the box to allow TLS/SSL
+  * Select the replica set on the side pane.
-    connections.
+    
  * If you have authentication enabled, select the authentication mechanism as
    per your deployment. The default BigchainDB production deployment currently
    supports ``X.509 Client Certificate`` as the authentication mechanism.
  * If you have TLS enabled, select the checkbox ``Replica set allows TLS/SSL
    connections``. This should be selected by default in case you selected
    ``X.509 Client Certificate`` as the auth mechanism above.
  * Choose the ``WiredTiger`` storage engine.
  * Verify the details of your MongoDB instance and click on ``Start``.
@ -75,4 +90,3 @@ Configure MongoDB Cloud Manager for Backup
    During this process, the UI will show the status of the backup process.
  * Verify that data is being backed up on the UI.
--- a/docs/server/source/production-deployment-template/easy-rsa.rst
+++ b/docs/server/source/production-deployment-template/easy-rsa.rst
@ -69,16 +69,22 @@ The comments in the file explain what each of the variables mean.
   echo 'set_var EASYRSA_REQ_OU "IT"' >> vars
   echo 'set_var EASYRSA_REQ_EMAIL "dev@bigchaindb.com"' >> vars
 Note: Later, when building a CA or generating a certificate signing request, you will be prompted to enter a value for the OU (or to accept the default). You should change the default OU from ``IT`` to one of the following, as appropriate:
 ``ROOT-CA``,
 ``MongoDB-Instance``, ``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` or
 ``MongoDB-Backup-Instance``.
 To understand why, see `the MongoDB Manual <https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/>`_.
 There are reminders to do this in the relevant docs.
 Step 4: Maybe Edit x509-types/server
 ------------------------------------
 .. warning::
-   Only do this step if you are setting up a self-signed CA
+   Only do this step if you are setting up a self-signed CA.
   or creating a server/member certificate.
-Edit the file ``x509-types/server`` and change
+   Edit the file ``x509-types/server`` and change
-``extendedKeyUsage = serverAuth`` to 
+   ``extendedKeyUsage = serverAuth`` to
-``extendedKeyUsage = serverAuth,clientAuth``.
+   ``extendedKeyUsage = serverAuth,clientAuth``.
-See `the MongoDB documentation about x.509 authentication <https://docs.mongodb.com/manual/core/security-x.509/>`_ to understand why.
+   See `the MongoDB documentation about x.509 authentication <https://docs.mongodb.com/manual/core/security-x.509/>`_ to understand why.
--- a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst
+++ b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst
@ -29,8 +29,8 @@ where all data values must be base64-encoded.
 This is true of all Kubernetes ConfigMaps and Secrets.)
-vars
+vars.mdb-instance-name and Similar
-~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Your BigchainDB cluster organization should have a standard way
 of naming instances, so the instances in your BigchainDB node
@ -59,12 +59,14 @@ of all *other* nodes in your BigchainDB cluster
 * If you're deploying the first node in the cluster,
  the value should be ``""`` (an empty string).
 * If you're deploying the second node in the cluster,
-  the value should be one public key inside double quotes.
+  the value should be the BigchainDB public key of the first/original
  node in the cluster.
  For example,
  ``"EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"``
 * If there are two or more other nodes already in the cluster,
-  the value should be a colon-separated list of public keys
+  the value should be a colon-separated list
-  inside double quotes.
+  of the BigchainDB public keys
  of those other nodes.
  For example,
  ``"DPjpKbmbPYPKVAuf6VSkqGCf5jzrEh69Ldef6TrLwsEQ:EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"``
@ -89,6 +91,63 @@ Note that ``ca.pem`` is just another name for ``ca.crt``
 (the certificate of your BigchainDB cluster's self-signed CA).
 bdb-certs.bdb-user
 ~~~~~~~~~~~~~~~~~~
 This is the user name that BigchainDB uses to authenticate itself to the
 backend MongoDB database.
 We need to specify the user name *as seen in the certificate* issued to
 the BigchainDB instance in order to authenticate correctly. Use
 the following ``openssl`` command to extract the user name from the
 certificate:
 .. code:: bash
   $ openssl x509 -in <path to the bigchaindb certificate> \
     -inform PEM -subject -nameopt RFC2253
 You should see an output line that resembles:
 .. code:: bash
   subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE
 The ``subject`` line states the complete user name we need to use for this
 field (``bdb-certs.bdb-user``), i.e.
 .. code:: bash
   emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE
 threescale-credentials.*
 ~~~~~~~~~~~~~~~~~~~~~~~~
 If you're not using 3scale,
 you can delete the ``threescale-credentials`` Secret
 or leave all the values blank (``""``).
 If you *are* using 3scale, you can get the value for ``frontend-api-dns-name``
 using something like ``echo "your.nodesubdomain.net" | base64 -w 0``
 To get the values for ``secret-token``, ``service-id``,
 ``version-header`` and ``provider-key``, login to your 3scale admin,
 then click **APIs** and click on **Integration** for the relevant API.
 Scroll to the bottom of the page and click the small link
 in the lower right corner, labelled **Download the NGINX Config files**.
 You'll get a ``.zip`` file.
 Unzip it, then open the ``.conf`` file and the ``.lua`` file.
 You should be able to find all the values in those files.
 You have to be careful because it will have values for *all* your APIs,
 and some values vary from API to API.
 The ``version-header`` is the timestamp in a line that looks like:
 .. code::
    proxy_set_header  X-3scale-Version "2017-06-28T14:57:34Z";
 Deploy Your config-map.yaml and secret.yaml
 -------------------------------------------
--- a/docs/server/source/production-deployment-template/node-on-kubernetes.rst
+++ b/docs/server/source/production-deployment-template/node-on-kubernetes.rst
@ -129,6 +129,21 @@ Step 4.1: Vanilla NGINX
     ``ngx-instance-name`` is ``ngx-instance-0``, set  the
     ``spec.selector.app`` to ``ngx-instance-0-dep``.
   * Set ``ngx-public-mdb-port.port`` to 27017, or the port number on which you
     want to expose MongoDB service.
     Set the ``ngx-public-mdb-port.targetPort`` to the port number on which the
     Kubernetes MongoDB service will be present.
   * Set ``ngx-public-api-port.port`` to 80, or the port number on which you want to
     expose BigchainDB API service.
     Set the ``ngx-public-api-port.targetPort`` to the port number on which the
     Kubernetes BigchainDB API service will present.
   * Set ``ngx-public-ws-port.port`` to 81, or the port number on which you want to
     expose BigchainDB Websocket service.
     Set the ``ngx-public-ws-port.targetPort`` to the port number on which the
     BigchainDB Websocket service will be present.
   * Start the Kubernetes Service:
     .. code:: bash
@ -139,19 +154,43 @@ Step 4.1: Vanilla NGINX
 Step 4.2: OpenResty NGINX + 3scale
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   * This configuration is located in the file ``nginx/nginx-3scale-svc.yaml``.
   * You have to enable HTTPS for this one and will need an HTTPS certificate
-     for your domain
+     for your domain.
-   * You should have already created the Kubernetes Secret in the previous
+   * You should have already created the necessary Kubernetes Secrets in the previous
-     step.
+     step (e.g. ``https-certs`` and ``threescale-credentials``).
   * This configuration is located in the file ``nginx-3scale/nginx-3scale-svc.yaml``.
   * Set the ``metadata.name`` and ``metadata.labels.name`` to the value
     set in ``ngx-instance-name`` in the ConfigMap above.
   * Set the ``spec.selector.app`` to the value set in ``ngx-instance-name`` in
     the ConfigMap followed by ``-dep``. For example, if the value set in the
     ``ngx-instance-name`` is ``ngx-instance-0``, set  the
     ``spec.selector.app`` to ``ngx-instance-0-dep``.
   * Set ``ngx-public-mdb-port.port`` to 27017, or the port number on which you
     want to expose MongoDB service.
     Set the ``ngx-public-mdb-port.targetPort`` to the port number on which the
     Kubernetes MongoDB service will be present.
   * Set ``ngx-public-3scale-port.port`` to 8080, or the port number on which
     you want to let 3scale communicate with Openresty NGINX for authenctication.
     Set the ``ngx-public-3scale-port.targetPort`` to the port number on which
     this Openresty NGINX service will be listening to for communication with
     3scale.
   * Set ``ngx-public-bdb-port.port`` to 443, or the port number on which you want
     to expose BigchainDB API service.
     Set the ``ngx-public-api-port.targetPort`` to the port number on which the
     Kubernetes BigchainDB API service will present.
   * Set ``ngx-public-bdb-port-http.port`` to 80, or the port number on which you
     want to expose BigchainDB Websocket service.
     Set the ``ngx-public-bdb-port-http.targetPort`` to the port number on which the
     BigchainDB Websocket service will be present.
   * Start the Kubernetes Service:
     .. code:: bash
@ -167,20 +206,18 @@ Step 5: Assign DNS Name to the NGINX Public IP
    <https://docs.bigchaindb.com/en/latest/terminology.html>`_ or are using
    HTTPS certificates tied to a domain.
-  * The following command can help you find out if the nginx service started
+  * The following command can help you find out if the NGINX service started
    above has been assigned a public IP or external IP address:
    .. code:: bash
       $ kubectl --context k8s-bdb-test-cluster-0 get svc -w
-  * Once a public IP is assigned, you can log in to the Azure portal and map it to
+  * Once a public IP is assigned, you can map it to
    a DNS name.
-   
+    We usually assign ``bdb-test-cluster-0``, ``bdb-test-cluster-1`` and
  * We usually assign ``bdb-test-cluster-0``, ``bdb-test-cluster-1`` and
    so on in our documentation.
-   
+    Let's assume that we assign the unique name of ``bdb-test-cluster-0`` here.
  * Let us assume that we assigned the unique name of ``bdb-test-cluster-0`` here.
 **Set up DNS mapping in Azure.**
@ -195,7 +232,7 @@ have the Azure DNS prefix name along with a long random string, without the
 (for example, ``bdb-test-cluster-0``), click ``Save``, and wait for the
 changes to be applied.
-To verify the DNS setting is operational, you can run ``nslookup <dns
+To verify the DNS setting is operational, you can run ``nslookup <DNS
 name added in ConfigMap>`` from your local Linux shell.
 This will ensure that when you scale the replica set later, other MongoDB
@ -276,12 +313,6 @@ Step 8.1: Vanilla NGINX
    ``BIGCHAINDB_BACKEND_HOST`` env var to
    ``bdb-instance-0.default.svc.cluster.local``.
  * Set ``MONGODB_FRONTEND_PORT`` to 27017, or the port number on which you
    want to expose MongoDB service.
  * Set ``BIGCHAINDB_FRONTEND_PORT`` to 80, or the port number on which you
    want to expose BigchainDB service.
  * Start the Kubernetes Deployment:
    .. code:: bash
@ -314,12 +345,6 @@ Step 8.2: OpenResty NGINX + 3scale
     ``BIGCHAINDB_BACKEND_HOST`` env var to
     ``bdb-instance-0.default.svc.cluster.local``.
   * Set ``MONGODB_FRONTEND_PORT`` to 27017, or the port number on which you
     want to expose the MongoDB service.
   * Set ``BIGCHAINDB_FRONTEND_PORT`` to 443, or the port number on which you
     want to expose the BigchainDB service over HTTPS.
   * Start the Kubernetes Deployment:
     .. code:: bash
@ -452,11 +477,11 @@ Step 11: Start a Kubernetes StatefulSet for MongoDB
  * Note how the MongoDB container uses the ``mongo-db-claim`` and the
    ``mongo-configdb-claim`` PersistentVolumeClaims for its ``/data/db`` and
-    ``/data/configdb`` diretories (mount path).
+    ``/data/configdb`` directories (mount paths).
  * Note also that we use the pod's ``securityContext.capabilities.add``
    specification to add the ``FOWNER`` capability to the container. That is
-    because MongoDB container has the user ``mongodb``, with uid ``999`` and
+    because the MongoDB container has the user ``mongodb``, with uid ``999`` and
    group ``mongodb``, with gid ``999``.
    When this container runs on a host with a mounted disk, the writes fail
    when there is no user with uid ``999``. To avoid this, we use the Docker
@ -487,7 +512,135 @@ Step 11: Start a Kubernetes StatefulSet for MongoDB
       $ kubectl --context k8s-bdb-test-cluster-0 get pods -w
-Step 12: Start a Kubernetes Deployment for MongoDB Monitoring Agent
+Step 12: Configure Users and Access Control for MongoDB
 -------------------------------------------------------
  * In this step, you will create a user on MongoDB with authorization
    to create more users and assign
    roles to them.
    Note: You need to do this only when setting up the first MongoDB node of
    the cluster.
  * Find out the name of your MongoDB pod by reading the output
    of the ``kubectl ... get pods`` command at the end of the last step.
    It should be something like ``mdb-instance-0-ss-0``.
  * Log in to the MongoDB pod using:
    .. code:: bash
       $ kubectl --context k8s-bdb-test-cluster-0 exec -it <name of your MongoDB pod> bash
  * Open a mongo shell using the certificates
    already present at ``/etc/mongod/ssl/``
    .. code:: bash
       $ mongo --host localhost --port 27017 --verbose --ssl \
         --sslCAFile /etc/mongod/ssl/ca.pem \
         --sslPEMKeyFile /etc/mongod/ssl/mdb-instance.pem
  * Initialize the replica set using:
    .. code:: bash
       > rs.initiate( {
           _id : "bigchain-rs",
           members: [ {
             _id : 0,
             host  :"<hostname>:27017"
           } ]
         } )
    The ``hostname`` in this case will be the value set in
    ``mdb-instance-name`` in the ConfigMap.
    For example, if the value set in the ``mdb-instance-name`` is
    ``mdb-instance-0``, set the ``hostname`` above to the value ``mdb-instance-0``.
  * The instance should be voted as the ``PRIMARY`` in the replica set (since
    this is the only instance in the replica set till now).
    This can be observed from the mongo shell prompt,
    which will read ``PRIMARY>``.
  * Create a user ``adminUser`` on the ``admin`` database with the
    authorization to create other users. This will only work the first time you
    log in to the mongo shell. For further details, see `localhost
    exception <https://docs.mongodb.com/manual/core/security-users/#localhost-exception>`_
    in MongoDB.
    .. code:: bash
       PRIMARY> use admin
       PRIMARY> db.createUser( {
                  user: "adminUser",
                  pwd: "superstrongpassword",
                  roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
                } )
  * Exit and restart the mongo shell using the above command.
    Authenticate as the ``adminUser`` we created earlier:
    .. code:: bash
       PRIMARY> use admin
       PRIMARY> db.auth("adminUser", "superstrongpassword")
    ``db.auth()`` returns 0 when authentication is not successful,
    and 1 when successful.
  * We need to specify the user name *as seen in the certificate* issued to
    the BigchainDB instance in order to authenticate correctly. Use
    the following ``openssl`` command to extract the user name from the
    certificate:
    .. code:: bash
       $ openssl x509 -in <path to the bigchaindb certificate> \
         -inform PEM -subject -nameopt RFC2253
    You should see an output line that resembles:
    .. code:: bash
       subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE
    The ``subject`` line states the complete user name we need to use for
    creating the user on the mongo shell as follows:
    .. code:: bash
       PRIMARY> db.getSiblingDB("$external").runCommand( {
                  createUser: 'emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE',
                  writeConcern: { w: 'majority' , wtimeout: 5000 },
                  roles: [
                    { role: 'clusterAdmin', db: 'admin' },
                    { role: 'readWriteAnyDatabase', db: 'admin' }
                  ]
                } )
  * You can similarly create users for MongoDB Monitoring Agent and MongoDB
    Backup Agent. For example:
    .. code:: bash
       PRIMARY> db.getSiblingDB("$external").runCommand( {
                  createUser: 'emailAddress=dev@bigchaindb.com,CN=test-mdb-mon-ssl,OU=MongoDB-Mon-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE',
                  writeConcern: { w: 'majority' , wtimeout: 5000 },
                  roles: [
                    { role: 'clusterMonitor', db: 'admin' }
                  ]
                } )
       PRIMARY> db.getSiblingDB("$external").runCommand( {
                  createUser: 'emailAddress=dev@bigchaindb.com,CN=test-mdb-bak-ssl,OU=MongoDB-Bak-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE',
                  writeConcern: { w: 'majority' , wtimeout: 5000 },
                  roles: [
                    { role: 'backup',    db: 'admin' }
                  ]
                } )
 Step 13: Start a Kubernetes Deployment for MongoDB Monitoring Agent
 -------------------------------------------------------------------
  * This configuration is located in the file
@ -508,7 +661,7 @@ Step 12: Start a Kubernetes Deployment for MongoDB Monitoring Agent
       $ kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb-monitoring-agent/mongo-mon-dep.yaml
-Step 13: Start a Kubernetes Deployment for MongoDB Backup Agent
+Step 14: Start a Kubernetes Deployment for MongoDB Backup Agent
 ---------------------------------------------------------------
  * This configuration is located in the file
@ -529,7 +682,7 @@ Step 13: Start a Kubernetes Deployment for MongoDB Backup Agent
       $ kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb-backup-agent/mongo-backup-dep.yaml
-Step 14: Start a Kubernetes Deployment for Bigchaindb
+Step 15: Start a Kubernetes Deployment for Bigchaindb
 -----------------------------------------------------
  * This configuration is located in the file
@ -569,7 +722,7 @@ Step 14: Start a Kubernetes Deployment for Bigchaindb
  * You can check its status using the command ``kubectl get deploy -w``
-Step 15: Configure the MongoDB Cloud Manager
+Step 16: Configure the MongoDB Cloud Manager
 --------------------------------------------
  * Refer to the
@ -578,10 +731,10 @@ Step 15: Configure the MongoDB Cloud Manager
    monitoring and backup.
-Step 16: Verify the BigchainDB Node Setup
+Step 17: Verify the BigchainDB Node Setup
 -----------------------------------------
-Step 16.1: Testing Internally
+Step 17.1: Testing Internally
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Run a container that provides utilities like ``nslookup``, ``curl`` and ``dig``
@ -670,7 +823,7 @@ themselves.
  * Send some transactions to BigchainDB and verify it's up and running!
-Step 16.2: Testing Externally
+Step 17.2: Testing Externally
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Try to access the ``<dns/ip of your exposed bigchaindb service endpoint>:80``
--- a/docs/server/source/production-deployment-template/revoke-tls-certificate.rst
+++ b/docs/server/source/production-deployment-template/revoke-tls-certificate.rst
@ -39,3 +39,5 @@ Generate a new CRL for your infrastructure using:
 The generated ``crl.pem`` file needs to be uploaded to your infrastructure to
 prevent the revoked certificate from being used again.
 In particlar, the generated ``crl.pem`` file should be sent to all BigchainDB node operators in your BigchainDB cluster, so that they can update it in their MongoDB instance and their BigchainDB Server instance.
--- a/docs/server/source/production-deployment-template/server-tls-certificate.rst
+++ b/docs/server/source/production-deployment-template/server-tls-certificate.rst
@ -26,7 +26,7 @@ Step 2: Create the Server Private Key and CSR
 ---------------------------------------------
 You can create the server private key and certificate signing request (CSR)
-by going into the directory ``member-cert/easy-rsa-3.0.1/easyrsa``
+by going into the directory ``member-cert/easy-rsa-3.0.1/easyrsa3``
 and using something like:
 .. code:: bash
@ -35,15 +35,17 @@ and using something like:
   ./easyrsa --req-cn=mdb-instance-0 --subject-alt-name=DNS:localhost,DNS:mdb-instance-0 gen-req mdb-instance-0 nopass
-You will be prompted to enter the Distinguished Name for this certificate. You
+You should replace the Common Name (``mdb-instance-0`` above) with the correct name for *your* MongoDB instance in the cluster, e.g. ``mdb-instance-5`` or ``mdb-instance-12``. (This name is decided by the organization managing the cluster.)
 can hit enter to accept the default values or change them at each prompt.
-You can replace the common name (``mdb-instance-0`` above) with any other name
+You will be prompted to enter the Distinguished Name (DN) information for this certificate.
-so long as the instance can verify that it is the hostname.
+For each field, you can accept the default value [in brackets] by pressing Enter.
-You need to provide the ``DNS:localhost`` SAN during certificate generation
+.. warning::
   Don't accept the default value of OU (``IT``). Instead, enter the value ``MongoDB-Instance``.
 Aside: You need to provide the ``DNS:localhost`` SAN during certificate generation
 for using the ``localhost exception`` in the MongoDB instance.
 All certificates can have this attribute without compromising security as the
 ``localhost exception`` works only the first time.
@ -51,15 +53,18 @@ All certificates can have this attribute without compromising security as the
 Step 3: Get the Server Certificate Signed
 -----------------------------------------
-The CSR file (created in the last step)
+The CSR file created in the last step
-should be located in ``pki/reqs/mdb-instance-0.req``.
+should be located in ``pki/reqs/mdb-instance-0.req``
 (where the integer ``0`` may be different for you).
 You need to send it to the organization managing the cluster
 so that they can use their CA
 to sign the request.
 (The managing organization should already have a self-signed CA.)
 If you are the admin of the managing organization's self-signed CA,
-then you can import the CSR and use Easy-RSA to sign it. For example:
+then you can import the CSR and use Easy-RSA to sign it.
 Go to your ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3/``
 directory and do something like:
 .. code:: bash
--- a/docs/server/source/production-deployment-template/template-kubernetes-azure.rst
+++ b/docs/server/source/production-deployment-template/template-kubernetes-azure.rst
@ -102,7 +102,7 @@ Finally, you can deploy an ACS using something like:
   --agent-vm-size Standard_D2_v2 \
   --dns-prefix <make up a name> \
   --ssh-key-value ~/.ssh/<name>.pub \
-   --orchestrator-type kubernetes
+   --orchestrator-type kubernetes \
   --debug --output json
--- a/docs/server/source/production-deployment-template/workflow.rst
+++ b/docs/server/source/production-deployment-template/workflow.rst
@ -53,6 +53,26 @@ Similarly, other instances must also have unique names in the cluster.
 #. Name of the MongoDB backup agent instance (``mdb-bak-instance-*``)
 ☐ Generate four keys and corresponding certificate signing requests (CSRs):
 #. Server Certificate (a.k.a. Member Certificate) for the MongoDB instance
 #. Client Certificate for BigchainDB Server to identify itself to MongoDB
 #. Client Certificate for MongoDB Monitoring Agent to identify itself to MongoDB
 #. Client Certificate for MongoDB Backup Agent to identify itself to MongoDB
 Ask the managing organization to use its self-signed CA to sign those four CSRs.
 They should send you:
 * Four certificates (one for each CSR you sent them).
 * One ``ca.crt`` file: their CA certificate.
 * One ``crl.pem`` file: a certificate revocation list.
 For help, see the pages:
 * :ref:`How to Generate a Server Certificate for MongoDB`
 * :ref:`How to Generate a Client Certificate for MongoDB`
 ☐ Every node in a BigchainDB cluster needs its own
 BigchainDB keypair (i.e. a public key and corresponding private key).
 You can generate a BigchainDB keypair for your node, for example,
@ -73,29 +93,17 @@ Don't share your private key.
 That list of public keys is known as the BigchainDB "keyring."
 ☐ Ask the managing organization
 for the FQDN used to serve the BigchainDB APIs
 (e.g. ``api.orgname.net`` or ``bdb.clustername.com``).
 ☐ Make up an FQDN for your BigchainDB node (e.g. ``mynode.mycorp.com``).
 Make sure you've registered the associated domain name (e.g. ``mycorp.com``),
 and have an SSL certificate for the FQDN.
-(You can get an SSL certificate from any SSL certificate provider).
+(You can get an SSL certificate from any SSL certificate provider.)
 ☐ Share your BigchaindB *public* key with all the other nodes
 in the BigchainDB cluster.
 Don't share your private key.
 ☐ Get the BigchainDB public keys of all the other nodes in the cluster.
 That list of public keys is known as the BigchainDB "keyring."
 ☐ Ask the managing organization
 for the FQDN used to serve the BigchainDB APIs
 (e.g. ``api.orgname.net`` or ``bdb.clustername.com``)
 and for a copy of the associated SSL/TLS certificate.
 Also, ask for the user name to use for authenticating to MongoDB.
 ☐ If the cluster uses 3scale for API authentication, monitoring and billing,
@ -112,37 +120,11 @@ allow easier periodic rotation of the ``Agent API Key`` with a constant
 ``Group ID``)
 ☐ Generate four keys and corresponding certificate signing requests (CSRs):
 #. Server Certificate (a.k.a. Member Certificate) for the MongoDB instance
 #. Client Certificate for BigchainDB Server to identify itself to MongoDB
 #. Client Certificate for MongoDB Monitoring Agent to identify itself to MongoDB
 #. Client Certificate for MongoDB Backup Agent to identify itself to MongoDB
 #. CRL for the infrastructure to not accept revoked certificates.
 Ask the managing organization to use its self-signed CA to sign those certificates.
 For help, see the pages:
 * :ref:`How to Generate a Server Certificate for MongoDB`
 * :ref:`How to Generate a Client Certificate for MongoDB`
 ☐ :doc:`Deploy a Kubernetes cluster on Azure <template-kubernetes-azure>`.
-☐ Create the Kubernetes Configuration for this node. 
+☐ You can now proceed to set up your BigchainDB node based on whether it is the
-We will use Kubernetes ConfigMaps and Secrets to hold all the information
+:ref:`first node in a new cluster
 gathered above.
 ☐ Deploy your BigchainDB node on your Kubernetes cluster.
 Next Steps To Set Up a Node
 ---------------------------
 You can now proceed to set up your BigchainDB node based on whether it is the
 :ref:`first node in you cluster
 <Kubernetes Template: Deploy a Single BigchainDB Node>` or a
 :ref:`node that will be added to an existing cluster
 <Kubernetes Template: Add a BigchainDB Node to an Existing BigchainDB Cluster>`.
--- a/docs/server/source/server-reference/configuration.md
+++ b/docs/server/source/server-reference/configuration.md
@ -21,7 +21,6 @@ For convenience, here's a list of all the relevant environment variables (docume
 `BIGCHAINDB_SERVER_BIND`<br>
 `BIGCHAINDB_SERVER_LOGLEVEL`<br>
 `BIGCHAINDB_SERVER_WORKERS`<br>
 `BIGCHAINDB_SERVER_THREADS`<br>
 `BIGCHAINDB_WSSERVER_SCHEME`<br>
 `BIGCHAINDB_WSSERVER_HOST`<br>
 `BIGCHAINDB_WSSERVER_PORT`<br>
@ -45,6 +44,7 @@ For convenience, here's a list of all the relevant environment variables (docume
 `BIGCHAINDB_DATABASE_KEYFILE`<br>
 `BIGCHAINDB_DATABASE_KEYFILE_PASSPHRASE`<br>
 `BIGCHAINDB_DATABASE_CRLFILE`<br>
 `BIGCHAINDB_GRAPHITE_HOST`<br>
 The local config file is `$HOME/.bigchaindb` by default (a file which might not even exist), but you can tell BigchainDB to use a different file by using the `-c` command-line option, e.g. `bigchaindb -c path/to/config_file.json start`
 or using the `BIGCHAINDB_CONFIG_PATH` environment variable, e.g. `BIGHAINDB_CONFIG_PATH=.my_bigchaindb_config bigchaindb start`.
@ -52,7 +52,7 @@ Note that the `-c` command line option will always take precedence if both the `
 You can read the current default values in the file [bigchaindb/\_\_init\_\_.py](https://github.com/bigchaindb/bigchaindb/blob/master/bigchaindb/__init__.py). (The link is to the latest version.)
-Running `bigchaindb -y configure rethinkdb` will generate a local config file in `$HOME/.bigchaindb` with all the default values, with two exceptions: It will generate a valid private/public keypair, rather than using the default keypair (`None` and `None`).
+Running `bigchaindb -y configure mongodb` will generate a local config file in `$HOME/.bigchaindb` with all the default values (for using MongoDB as the database backend), with two exceptions: it will generate a valid private/public keypair, rather than using the default keypair (`None` and `None`).
 ## keypair.public & keypair.private
@ -73,7 +73,7 @@ export BIGCHAINDB_KEYPAIR_PRIVATE=5C5Cknco7YxBRP9AgB1cbUVTL4FAcooxErLygw1DeG2D
 }
 ```
-Internally (i.e. in the Python code), both keys have a default value of `None`, but that's not a valid key. Therefore you can't rely on the defaults for the keypair. If you want to run BigchainDB, you must provide a valid keypair, either in the environment variables or in the local config file. You can generate a local config file with a valid keypair (and default everything else) using `bigchaindb -y configure rethinkdb`.
+Internally (i.e. in the Python code), both keys have a default value of `None`, but that's not a valid key. Therefore you can't rely on the defaults for the keypair. If you want to run BigchainDB, you must provide a valid keypair, either in the environment variables or in the local config file. You can generate a local config file with a valid keypair (and default everything else) using `bigchaindb -y configure mongodb`.
 ## keyring
@ -102,12 +102,12 @@ Note how the keys in the list are separated by colons.
 ## database.*
 The settings with names of the form `database.*` are for the database backend
-(currently either RethinkDB or MongoDB). They are:
+(currently either MongoDB or RethinkDB). They are:
-* `database.backend` is either `rethinkdb` or `mongodb`.
+* `database.backend` is either `mongodb` or `rethinkdb`.
 * `database.host` is the hostname (FQDN) of the backend database.
 * `database.port` is self-explanatory.
-* `database.name` is a user-chosen name for the database inside RethinkDB or MongoDB, e.g. `bigchain`.
+* `database.name` is a user-chosen name for the database inside MongoDB or RethinkDB, e.g. `bigchain`.
 * `database.replicaset` is only relevant if using MongoDB; it's the name of the MongoDB replica set, e.g. `bigchain-rs`.
 * `database.connection_timeout` is the maximum number of milliseconds that BigchainDB will wait before giving up on one attempt to connect to the database backend.
 * `database.max_tries` is the maximum number of times that BigchainDB will try to establish a connection with the database backend. If 0, then it will try forever.
@ -176,20 +176,19 @@ If you used `bigchaindb -y configure mongodb` to create a default local config f
 These settings are for the [Gunicorn HTTP server](http://gunicorn.org/), which is used to serve the [HTTP client-server API](../http-client-server-api.html).
-`server.bind` is where to bind the Gunicorn HTTP server socket. It's a string. It can be any valid value for [Gunicorn's bind setting](http://docs.gunicorn.org/en/stable/settings.html#bind). If you want to allow IPv4 connections from anyone, on port 9984, use '0.0.0.0:9984'. In a production setting, we recommend you use Gunicorn behind a reverse proxy server. If Gunicorn and the reverse proxy are running on the same machine, then use 'localhost:PORT' where PORT is _not_ 9984 (because the reverse proxy needs to listen on port 9984). Maybe use PORT=9983 in that case because we know 9983 isn't used. If Gunicorn and the reverse proxy are running on different machines, then use 'A.B.C.D:9984' where A.B.C.D is the IP address of the reverse proxy. There's [more information about deploying behind a reverse proxy in the Gunicorn documentation](http://docs.gunicorn.org/en/stable/deploy.html). (They call it a proxy.)
+`server.bind` is where to bind the Gunicorn HTTP server socket. It's a string. It can be any valid value for [Gunicorn's bind setting](http://docs.gunicorn.org/en/stable/settings.html#bind). If you want to allow IPv4 connections from anyone, on port 9984, use `0.0.0.0:9984`. In a production setting, we recommend you use Gunicorn behind a reverse proxy server. If Gunicorn and the reverse proxy are running on the same machine, then use `localhost:PORT` where PORT is _not_ 9984 (because the reverse proxy needs to listen on port 9984). Maybe use PORT=9983 in that case because we know 9983 isn't used. If Gunicorn and the reverse proxy are running on different machines, then use `A.B.C.D:9984` where A.B.C.D is the IP address of the reverse proxy. There's [more information about deploying behind a reverse proxy in the Gunicorn documentation](http://docs.gunicorn.org/en/stable/deploy.html). (They call it a proxy.)
 `server.loglevel` sets the log level of Gunicorn's Error log outputs. See
 [Gunicorn's documentation](http://docs.gunicorn.org/en/latest/settings.html#loglevel)
 for more information.
-`server.workers` is [the number of worker processes](http://docs.gunicorn.org/en/stable/settings.html#workers) for handling requests. If `None` (the default), the value will be (cpu_count * 2 + 1). Each worker process has a single thread. The HTTP server will be able to handle `server.workers` requests simultaneously.
+`server.workers` is [the number of worker processes](http://docs.gunicorn.org/en/stable/settings.html#workers) for handling requests. If `None` (the default), the value will be (2 × cpu_count + 1). Each worker process has a single thread. The HTTP server will be able to handle `server.workers` requests simultaneously.
 **Example using environment variables**
 ```text
 export BIGCHAINDB_SERVER_BIND=0.0.0.0:9984
 export BIGCHAINDB_SERVER_LOGLEVEL=debug
 export BIGCHAINDB_SERVER_WORKERS=5
 export BIGCHAINDB_SERVER_THREADS=5
 ```
 **Example config file snippet**
@ -211,12 +210,14 @@ export BIGCHAINDB_SERVER_THREADS=5
 ```
-## wsserver.host and wsserver.port
+## wsserver.scheme, wsserver.host and wsserver.port
 These settings are for the
 [aiohttp server](https://aiohttp.readthedocs.io/en/stable/index.html), 
 which is used to serve the
 [WebSocket Event Stream API](../websocket-event-stream-api.html).
 `wsserver.scheme` should be either `"ws"` or `"wss"`
 (but setting it to `"wss"` does *not* enable SSL/TLS).
 `wsserver.host` is where to bind the aiohttp server socket and
 `wsserver.port` is the corresponding port.
 If you want to allow connections from anyone, on port 9985,
@ -224,6 +225,7 @@ set `wsserver.host` to 0.0.0.0 and `wsserver.port` to 9985.
 **Example using environment variables**
 ```text
 export BIGCHAINDB_WSSERVER_SCHEME=ws
 export BIGCHAINDB_WSSERVER_HOST=0.0.0.0
 export BIGCHAINDB_WSSERVER_PORT=9985
 ```
@ -231,6 +233,7 @@ export BIGCHAINDB_WSSERVER_PORT=9985
 **Example config file snippet**
 ```js
 "wsserver": {
    "scheme": "wss",
    "host": "0.0.0.0",
    "port": 65000
 }
@ -239,6 +242,7 @@ export BIGCHAINDB_WSSERVER_PORT=9985
 **Default values (from a config file)**
 ```js
 "wsserver": {
    "scheme": "ws",
    "host": "localhost",
    "port": 9985
 }
@ -492,3 +496,29 @@ logging of the `core.py` module to be more verbose, you would set the
 ```
 **Defaults to**: `"{}"`
 ## graphite.host
 The host name or IP address of a server listening for statsd events on UDP
 port 8125. This defaults to `localhost`, and if no statsd collector is running,
 the events are simply dropped by the operating system.
 **Example using environment variables**
 ```text
 export BIGCHAINDB_GRAPHITE_HOST=10.0.0.5
 ```
 **Example config file snippet**
 ```js
 "graphite": {
    "host": "10.0.0.5"
 }
 ```
 **Default values (from a config file)**
 ```js
 "graphite": {
    "host": "localhost"
 }
 ```
--- a/k8s/bigchaindb/bigchaindb-dep.yaml
+++ b/k8s/bigchaindb/bigchaindb-dep.yaml
@ -1,9 +1,3 @@
 ###############################################################
 # This config file runs bigchaindb:0.10.1 as a k8s Deployment #
 # and it connects to the mongodb backend running as a         #
 # separate pod                                                #
 ###############################################################
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
@ -18,13 +12,16 @@ spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: bigchaindb
-        image: bigchaindb/bigchaindb:0.10.2
+        image: bigchaindb/bigchaindb:1.0.0rc1
        imagePullPolicy: IfNotPresent
        args:
        - start
        env:
        - name: BIGCHAINDB_DATABASE_HOST
-          value: mdb-instance-0
+          valueFrom:
            configMapKeyRef:
              name: vars
              key: mdb-instance-name
        - name: BIGCHAINDB_DATABASE_PORT
          value: "27017"
        - name: BIGCHAINDB_DATABASE_REPLICASET
@ -40,7 +37,10 @@ spec:
        - name: BIGCHAINDB_WSSERVER_PORT
          value: "9985"
        - name: BIGCHAINDB_KEYPAIR_PUBLIC
-          value: "<public key here>"
+           valueFrom:
             configMapKeyRef:
               name: bdb-public-key
               key: bdb-public-key
        - name: BIGCHAINDB_KEYPAIR_PRIVATE
          value: "<private key here>"
        - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY
@ -51,9 +51,22 @@ spec:
          value: "120"
        - name: BIGCHAINDB_LOG_LEVEL_CONSOLE
          value: debug
        - name: BIGCHAINDB_DATABASE_CA_CERT
          value: /etc/bigchaindb/ssl/ca.pem
        - name: BIGCHAINDB_DATABASE_CRLFILE
          value: /etc/bigchaindb/ssl/crlfile
        - name: BIGCHAINDB_DATABASE_CERTFILE
          value: /etc/bigchaindb/ssl/bdb-instance.pem
        - name: BIGCHAINDB_DATABASE_KEYFILE
          value: /etc/bigchaindb/ssl/bdb-instance.key
        - name: BIGCHAINDB_DATABASE_LOGIN
          value: /etc/bigchaindb/ssl/bdb-user
        # The following env var is not required for the bootstrap/first node
        #- name: BIGCHAINDB_KEYRING
-        #  value: ""
+        #   valueFrom:
        #     configMapKeyRef:
        #       name: bdb-keyring
        #       key: bdb-keyring
        ports:
        - containerPort: 9984
          hostPort: 9984
@ -63,6 +76,10 @@ spec:
          hostPort: 9985
          name: bdb-ws-port
          protocol: TCP
        volumeMounts:
        - name: bdb-certs
          mountPath: /etc/bigchaindb/ssl/
          readOnly: true
        resources:
          limits:
            cpu: 200m
@ -80,3 +97,8 @@ spec:
          initialDelaySeconds: 15
          timeoutSeconds: 10
      restartPolicy: Always
      volumes:
      - name: bdb-certs
        secret:
          secretName: bdb-certs
          defaultMode: 0400
--- a/k8s/configuration/secret.yaml
+++ b/k8s/configuration/secret.yaml
@ -74,10 +74,16 @@ metadata:
  namespace: default
 type: Opaque
 data:
  # Base64-encoded, concatenated certificate and private key
  bdb-instance.pem: "<b64 encoded, concatenated certificate and private key>"
  # Base64-encoded CA certificate (ca.crt)
  ca.pem: "<b64 encoded CA certificate>"
  # Base64-encoded CRL file
  crlfile: "<b64 encoded CRL>"
  # Base64-encoded BigchainDB instance certificate
  bdb-instance.pem: "<b64 encoded certificate>"
  # Base64-encoded private key
  bdb-instance.key: "<b64 encoded private key>"
  # Base64-encoded instance authentication credentials
  bdb-user: "<b64 encoded user name>"
 ---
 apiVersion: v1
 kind: Secret
@ -88,8 +94,11 @@ type: Opaque
 data:
  # Base64-encoded HTTPS private key
  cert.key: "<b64 encoded HTTPS private key>"
-  # Base64-encoded HTTPS Signed Certificate or Certificate Chain
+  # Base64-encoded HTTPS certificate chain
-  cert.pem: "<b64 encoded HTTPS Signed Certificate or Certificate Chain>"
+  # starting with your primary SSL cert (e.g. your_domain.crt)
  # followed by all intermediate certs.
  # If cert if from DigiCert, download "Best format for nginx".
  cert.pem: "<b64 encoded HTTPS certificate chain"
 ---
 apiVersion: v1
 kind: Secret
--- a/k8s/mongodb-backup-agent/mongo-backup-dep.yaml
+++ b/k8s/mongodb-backup-agent/mongo-backup-dep.yaml
@ -24,7 +24,7 @@ spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: mdb-backup
-        image: bigchaindb/mongodb-backup-agent:2.0
+        image: bigchaindb/mongodb-backup-agent:3.0
        imagePullPolicy: Always
        env:
        - name: MMS_API_KEYFILE_PATH
--- a/k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml
+++ b/k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml
@ -24,7 +24,7 @@ spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: mdb-mon
-        image: bigchaindb/mongodb-monitoring-agent:2.0
+        image: bigchaindb/mongodb-monitoring-agent:3.0
        imagePullPolicy: Always
        env:
        - name: MMS_API_KEYFILE_PATH
--- a/k8s/mongodb/container/README.md
+++ b/k8s/mongodb/container/README.md
@ -9,9 +9,11 @@
 *  We also need a way to overwrite certain parameters to suit our use case.
-### Step 1: Build the Latest Container
+### Step 1: Build and Push the Latest Container
-
+Use the `docker_build_and_push.bash` script to build the latest docker image
-`docker build -t bigchaindb/mongodb:3.4.4 .` from the root of this project.
+and upload it to Docker Hub.
 Ensure that the image tag is updated to a new version number to properly
 reflect any changes made to the container.
 ### Step 2: Run the Container
@ -25,7 +27,7 @@ docker run \
  --volume=<host dir for mongodb data files>:/data/db \
  --volume=<host dir for mongodb config data files>:/data/configdb \
  --volume=<host dir with the required TLS certificates>:/mongo-ssl:ro \
-  bigchaindb/mongodb:3.4.4 \
+  bigchaindb/mongodb:3.0 \
  --mongodb-port <mongod port number for external connections> \
  --mongodb-key-file-path /mongo-ssl/<private key file name>.pem \
  --mongodb-key-file-password <password for the private key file> \
--- a/k8s/mongodb/container/docker_build_and_push.bash
+++ b/k8s/mongodb/container/docker_build_and_push.bash
@ -0,0 +1,5 @@
 #!/bin/bash
 docker build -t bigchaindb/mongodb:3.0 .
 docker push bigchaindb/mongodb:3.0
--- a/k8s/mongodb/container/mongod.conf.template
+++ b/k8s/mongodb/container/mongod.conf.template
@ -65,14 +65,15 @@ net:
    #weakCertificateValidation: false
    #allowInvalidCertificates: false
-#security: TODO
+security:
-#  authorization: enabled
+  authorization: enabled
-#  clusterAuthMode: x509
+  clusterAuthMode: x509
 setParameter:
  enableLocalhostAuthBypass: true
-  #notablescan: 1 TODO
+  #notablescan: 1
-  #logUserIds: 1 TODO
+  logUserIds: 1
  authenticationMechanisms: MONGODB-X509,SCRAM-SHA-1
 storage:
  dbPath: /data/db
--- a/k8s/nginx-3scale/nginx-3scale-dep.yaml
+++ b/k8s/nginx-3scale/nginx-3scale-dep.yaml
@ -19,7 +19,7 @@ spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: nginx-3scale
-        image: bigchaindb/nginx_3scale:1.4
+        image: bigchaindb/nginx_3scale:1.5
        imagePullPolicy: Always
        env:
        - name: MONGODB_FRONTEND_PORT
@ -84,7 +84,7 @@ spec:
          timeoutSeconds: 10
      restartPolicy: Always
      volumes:
-      - name: https
+      - name: https-certs
        secret:
          secretName: https-certs
          defaultMode: 0400
--- a/setup.py
+++ b/setup.py
@ -67,7 +67,7 @@ install_requires = [
    'rethinkdb~=2.3',  # i.e. a version between 2.3 and 3.0
    'pymongo~=3.4',
    'pysha3~=1.0.2',
-    'cryptoconditions>=0.5.0',
+    'cryptoconditions>=0.6.0.dev',
    'python-rapidjson==0.0.11',
    'logstats>=0.2.1',
    'flask>=0.10.1',
@ -113,6 +113,7 @@ setup(
        'License :: OSI Approved :: GNU Affero General Public License v3',
        'Programming Language :: Python :: 3 :: Only',
        'Programming Language :: Python :: 3.5',
        'Programming Language :: Python :: 3.6',
        'Operating System :: MacOS :: MacOS X',
        'Operating System :: POSIX :: Linux',
    ],
@ -125,7 +126,7 @@ setup(
        ],
    },
    install_requires=install_requires,
-    setup_requires=['pytest-runner'],
+    setup_requires=['pytest-runner', 'cryptoconditions'],
    tests_require=tests_require,
    extras_require={
        'test': tests_require,
--- a/tests/assets/test_divisible_assets.py
+++ b/tests/assets/test_divisible_assets.py
@ -52,8 +52,8 @@ def test_single_in_single_own_single_out_multiple_own_create(b, user_pk):
    assert tx_signed.outputs[0].amount == 100
    output = tx_signed.outputs[0].to_dict()
-    assert 'subfulfillments' in output['condition']['details']
+    assert 'subconditions' in output['condition']['details']
-    assert len(output['condition']['details']['subfulfillments']) == 2
+    assert len(output['condition']['details']['subconditions']) == 2
    assert len(tx_signed.inputs) == 1
@ -76,8 +76,8 @@ def test_single_in_single_own_multiple_out_mix_own_create(b, user_pk):
    assert tx_signed.outputs[1].amount == 50
    output_cid1 = tx_signed.outputs[1].to_dict()
-    assert 'subfulfillments' in output_cid1['condition']['details']
+    assert 'subconditions' in output_cid1['condition']['details']
-    assert len(output_cid1['condition']['details']['subfulfillments']) == 2
+    assert len(output_cid1['condition']['details']['subconditions']) == 2
    assert len(tx_signed.inputs) == 1
@ -89,6 +89,7 @@ def test_single_in_single_own_multiple_out_mix_own_create(b, user_pk):
 def test_single_in_multiple_own_single_out_single_own_create(b, user_pk,
                                                             user_sk):
    from bigchaindb.models import Transaction
    from bigchaindb.common.transaction import _fulfillment_to_details
    tx = Transaction.create([b.me, user_pk], [([user_pk], 100)])
    tx_signed = tx.sign([b.me_private, user_sk])
@ -97,9 +98,9 @@ def test_single_in_multiple_own_single_out_single_own_create(b, user_pk,
    assert tx_signed.outputs[0].amount == 100
    assert len(tx_signed.inputs) == 1
-    ffill = tx_signed.inputs[0].fulfillment.to_dict()
+    ffill = _fulfillment_to_details(tx_signed.inputs[0].fulfillment)
-    assert 'subfulfillments' in ffill
+    assert 'subconditions' in ffill
-    assert len(ffill['subfulfillments']) == 2
+    assert len(ffill['subconditions']) == 2
 # TRANSFER divisible asset
@ -207,8 +208,8 @@ def test_single_in_single_own_single_out_multiple_own_transfer(b, user_pk,
    assert tx_transfer_signed.outputs[0].amount == 100
    condition = tx_transfer_signed.outputs[0].to_dict()
-    assert 'subfulfillments' in condition['condition']['details']
+    assert 'subconditions' in condition['condition']['details']
-    assert len(condition['condition']['details']['subfulfillments']) == 2
+    assert len(condition['condition']['details']['subconditions']) == 2
    assert len(tx_transfer_signed.inputs) == 1
@ -248,8 +249,8 @@ def test_single_in_single_own_multiple_out_mix_own_transfer(b, user_pk,
    assert tx_transfer_signed.outputs[1].amount == 50
    output_cid1 = tx_transfer_signed.outputs[1].to_dict()
-    assert 'subfulfillments' in output_cid1['condition']['details']
+    assert 'subconditions' in output_cid1['condition']['details']
-    assert len(output_cid1['condition']['details']['subfulfillments']) == 2
+    assert len(output_cid1['condition']['details']['subconditions']) == 2
    assert len(tx_transfer_signed.inputs) == 1
@ -264,6 +265,7 @@ def test_single_in_single_own_multiple_out_mix_own_transfer(b, user_pk,
 def test_single_in_multiple_own_single_out_single_own_transfer(b, user_pk,
                                                               user_sk):
    from bigchaindb.models import Transaction
    from bigchaindb.common.transaction import _fulfillment_to_details
    # CREATE divisible asset
    tx_create = Transaction.create([b.me], [([b.me, user_pk], 100)])
@ -286,9 +288,9 @@ def test_single_in_multiple_own_single_out_single_own_transfer(b, user_pk,
    assert tx_transfer_signed.outputs[0].amount == 100
    assert len(tx_transfer_signed.inputs) == 1
-    ffill = tx_transfer_signed.inputs[0].fulfillment.to_dict()
+    ffill = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment)
-    assert 'subfulfillments' in ffill
+    assert 'subconditions' in ffill
-    assert len(ffill['subfulfillments']) == 2
+    assert len(ffill['subconditions']) == 2
 # TRANSFER divisible asset
@ -334,6 +336,7 @@ def test_multiple_in_single_own_single_out_single_own_transfer(b, user_pk,
 def test_multiple_in_multiple_own_single_out_single_own_transfer(b, user_pk,
                                                                 user_sk):
    from bigchaindb.models import Transaction
    from bigchaindb.common.transaction import _fulfillment_to_details
    # CREATE divisible asset
    tx_create = Transaction.create([b.me], [([user_pk, b.me], 50), ([user_pk, b.me], 50)])
@ -356,12 +359,12 @@ def test_multiple_in_multiple_own_single_out_single_own_transfer(b, user_pk,
    assert tx_transfer_signed.outputs[0].amount == 100
    assert len(tx_transfer_signed.inputs) == 2
-    ffill_fid0 = tx_transfer_signed.inputs[0].fulfillment.to_dict()
+    ffill_fid0 = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment)
-    ffill_fid1 = tx_transfer_signed.inputs[1].fulfillment.to_dict()
+    ffill_fid1 = _fulfillment_to_details(tx_transfer_signed.inputs[1].fulfillment)
-    assert 'subfulfillments' in ffill_fid0
+    assert 'subconditions' in ffill_fid0
-    assert 'subfulfillments' in ffill_fid1
+    assert 'subconditions' in ffill_fid1
-    assert len(ffill_fid0['subfulfillments']) == 2
+    assert len(ffill_fid0['subconditions']) == 2
-    assert len(ffill_fid1['subfulfillments']) == 2
+    assert len(ffill_fid1['subconditions']) == 2
 # TRANSFER divisible asset
@ -375,6 +378,7 @@ def test_multiple_in_multiple_own_single_out_single_own_transfer(b, user_pk,
 def test_muiltiple_in_mix_own_multiple_out_single_own_transfer(b, user_pk,
                                                               user_sk):
    from bigchaindb.models import Transaction
    from bigchaindb.common.transaction import _fulfillment_to_details
    # CREATE divisible asset
    tx_create = Transaction.create([b.me], [([user_pk], 50), ([user_pk, b.me], 50)])
@ -397,11 +401,11 @@ def test_muiltiple_in_mix_own_multiple_out_single_own_transfer(b, user_pk,
    assert tx_transfer_signed.outputs[0].amount == 100
    assert len(tx_transfer_signed.inputs) == 2
-    ffill_fid0 = tx_transfer_signed.inputs[0].fulfillment.to_dict()
+    ffill_fid0 = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment)
-    ffill_fid1 = tx_transfer_signed.inputs[1].fulfillment.to_dict()
+    ffill_fid1 = _fulfillment_to_details(tx_transfer_signed.inputs[1].fulfillment)
-    assert 'subfulfillments' not in ffill_fid0
+    assert 'subconditions' not in ffill_fid0
-    assert 'subfulfillments' in ffill_fid1
+    assert 'subconditions' in ffill_fid1
-    assert len(ffill_fid1['subfulfillments']) == 2
+    assert len(ffill_fid1['subconditions']) == 2
 # TRANSFER divisible asset
@ -416,6 +420,7 @@ def test_muiltiple_in_mix_own_multiple_out_single_own_transfer(b, user_pk,
 def test_muiltiple_in_mix_own_multiple_out_mix_own_transfer(b, user_pk,
                                                            user_sk):
    from bigchaindb.models import Transaction
    from bigchaindb.common.transaction import _fulfillment_to_details
    # CREATE divisible asset
    tx_create = Transaction.create([b.me], [([user_pk], 50), ([user_pk, b.me], 50)])
@ -442,15 +447,15 @@ def test_muiltiple_in_mix_own_multiple_out_mix_own_transfer(b, user_pk,
    cond_cid0 = tx_transfer_signed.outputs[0].to_dict()
    cond_cid1 = tx_transfer_signed.outputs[1].to_dict()
-    assert 'subfulfillments' not in cond_cid0['condition']['details']
+    assert 'subconditions' not in cond_cid0['condition']['details']
-    assert 'subfulfillments' in cond_cid1['condition']['details']
+    assert 'subconditions' in cond_cid1['condition']['details']
-    assert len(cond_cid1['condition']['details']['subfulfillments']) == 2
+    assert len(cond_cid1['condition']['details']['subconditions']) == 2
-    ffill_fid0 = tx_transfer_signed.inputs[0].fulfillment.to_dict()
+    ffill_fid0 = _fulfillment_to_details(tx_transfer_signed.inputs[0].fulfillment)
-    ffill_fid1 = tx_transfer_signed.inputs[1].fulfillment.to_dict()
+    ffill_fid1 = _fulfillment_to_details(tx_transfer_signed.inputs[1].fulfillment)
-    assert 'subfulfillments' not in ffill_fid0
+    assert 'subconditions' not in ffill_fid0
-    assert 'subfulfillments' in ffill_fid1
+    assert 'subconditions' in ffill_fid1
-    assert len(ffill_fid1['subfulfillments']) == 2
+    assert len(ffill_fid1['subconditions']) == 2
 # TRANSFER divisible asset
--- a/tests/backend/mongodb-ssl/certs/ca.crt
+++ b/tests/backend/mongodb-ssl/certs/ca.crt
@ -1,38 +1,39 @@
 -----BEGIN CERTIFICATE-----
-MIIGoDCCBIigAwIBAgIJAKTE39sa24PHMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD
+MIIGzjCCBLagAwIBAgIJAOgGsskqnC78MA0GCSqGSIb3DQEBCwUAMIGbMQswCQYD
 VQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNV
-BAoMD0JpZ2NoYWluREIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNU
+BAoMD0JpZ2NoYWluREIgR21iSDEQMA4GA1UECwwHUk9PVC1DQTEbMBkGA1UEAwwS
-LUNBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb20wHhcNMTcwNjAy
+VGVzdCBJbmZyYSBSb290IENBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5k
-MDcwMzUwWhcNMjcwNTMxMDcwMzUwWjCBjDELMAkGA1UEBhMCREUxDzANBgNVBAgM
+Yi5jb20wHhcNMTcwNjEzMTQzNTU1WhcNMjcwNjExMTQzNTU1WjCBmzELMAkGA1UE
-BkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdt
+BhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQK
-YkgxDDAKBgNVBAsMA0VORzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8GCSqGSIb3DQEJ
+DA9CaWdjaGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRl
-ARYSZGV2QGJpZ2NoYWluZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+c3QgSW5mcmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIu
-CgKCAgEAnX3DXlpfbDCemFTshrLxtlp4PDTkxRQf3uCfqPa5FlahIYQRH0+iBPg4
+Y29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuIgbqLOkJoFtnIKF
-KmfUynBB2ZQDOlzA/IJwFCoSsEWcua8rLj12kWeqxJFnLcbO5pgMyf/QFfZvtNiR
+Pq4nMY/uyLt3YRiWyWJq68EuZ5rkoQDJOzaVYGgoJDUVxunT2/MVyAbc1MQN5WGa
-JIoMy4xihn8UlDOiYl4uffQyC+cEKJAHf+Gcqawx4ub+If6jJgt/jryL9n+jFVVQ
+NU5aQZnyYAgC7Ci/u/5YfgfHz4H+uLXm6rRz6bVRAt4WY5ZIHEtp+ThX+rDCs7pE
-sENduy5VQjb+x1CXHtBP19419qDhj5IOJGdYEPB8LWIGSZRKZ/X5IlhnuK56Qdq9
+jcZxZdFjCbyrNdZtyDvhoHUwgKBiJ3b2373tq7rihNPeThABjkYOy2qStUnpNdiN
-GVxtFsCUFamtcnw5J+E3rKYRrH1sRgysWedgm08OWnQ5/8ptiH+P+1MkwexoSg68
+R9IrvSOAS/MzJVO3aoKkFLnKk0hD2Gjdh4hS2o3ZeF1TVHoBk6rA4I9szikYbCKa
-9StdT90aSrya6lMzAjUpzuzOdhy+nBqXzkAIj0wiN0qQFC8QqQwfwNd/82oZo5lp
+SXAtF8CpUqnbThESM6+PfCfNRG+d+MEOi0jiMZzOrQLyG4bPRiec8ArTR5Bv1hsh
-oV9n3xmds/q0kMrWXL8fKmjD1QyF20vuU6+W6dMzqkA7te6Aq+yKtJn3MKGQQ7X9
+aKfRJONuSnX+40YBfhwTMpBqdbntereBlT8ahOJNZTbot5XVxSt69KZ2PZ99UpUl
-ifgPaa8paWKeBikpYjdPstF8BT5OJaZDec8YwZYx17iCUiKPPxOCE8EEcF8rtqgV
+WK+M8QLmjjwZEFCo4scGEXy1+6QcgTAgY2cN1NaDrO+7FNANGSi/dDXXJfWRauSd
-mIHyxjB1HTmZRBQaLecGwjuiWUYgfpI2kj6Ky1HTB5BVgs81YWCMxNuvCTyjnVOH
+kdUnn6uYioL6bwqZ2gvUYEKT7ezF2/PImmyCyZ01/ovLuhB2aT/1kd51/KLeuvZ2
-BtVvTNUjm3LPZPIdnNZvngy6IirEc4nSBdt0UDJDo5U3rzQNKeC8yPMeU3eT/taB
+8yIu5YnKSKp7Bur8d7KrQc7mf/GHUw9Kvdjb4K7OOXimHZhCjQpxOtFYHOo+lEur
-dwMiHZoHy7x/a1l+jh2TM7kb8e2N6mGbC8CoGOOOqmdIv9enl1ECAwEAAaOCAQEw
+zHrsMwciBcJKGQzVnuhpDh7J+JDHKSSfJJlTuOuxvVGgzVgzCzbUn57F6C9Vs7g8
-gf4wHQYDVR0OBBYEFJfI3Mjur+JwxAmbGVCPhh0s/24mMIHBBgNVHSMEgbkwgbaA
+Wk+ldudK+kn9kV18ncpWnwdZl6cCAwEAAaOCAREwggENMB0GA1UdDgQWBBRpx4WA
-FJfI3Mjur+JwxAmbGVCPhh0s/24moYGSpIGPMIGMMQswCQYDVQQGEwJERTEPMA0G
+ZOaQQOkwaIgj0k277N+YmDCB0AYDVR0jBIHIMIHFgBRpx4WAZOaQQOkwaIgj0k27
-A1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD0JpZ2NoYWlu
+7N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0G
-REIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNULUNBMSEwHwYJKoZI
+A1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgxEDAOBgNVBAsM
-hvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQCkxN/bGtuDxzAMBgNVHRMEBTAD
+B1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBDQTEhMB8GCSqGSIb3
-AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmXclBjgbEU5RIl1d
+DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvwwDAYDVR0TBAUwAwEB
-nk3eox3QhyLAcgYnWJt4Z4gbz9F8pk2oGZP5vklIm1zezB244K7r8cAg3o5EzSyF
+/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEsHfo6/yp38egCYiYej
-dTQ7yXSaYJm1Q9ljD+W/dqxpSnu1xIxJvqID9LUX+VOgyY/qw/TrUul/bWGOEzuN
+b8Dm674M7/neaL/QBLTxCgnpImxE4gHRZi1yWR4im5UL6gjZ7mM7AGL7Q1D/grG2
-+0akeMm5USv31SAJMD2pTAnxgxlRkgY5YzhTTFqMPEGMsYGXUoLyX9ghVl04NBKo
+3rc/WoSjBQPIe6gpuQwAni/iCaNI/QTgXFCx5fWZj/eIRF6ipKzxWkem3PdSdYUz
-wAwC6Sp7teZ6nnziwc6MuSCiBrULVRLtiegRFX2nsYVNmRstIKTjuhx/+bajT6Gh
+BoDuEZaKE7j4KOZDGD4UgN8igsNzmXHYH9nMFR4OERdIlTaHXmJvQ+5/yaazzzF0
-nN4zY5BWri7UXf0y4toLM5gM9Dgz2335iz8F6u8rJ1hz1mbkwQKWzHOQqIaBAu1P
+XXvbHSv5gHrnGoveDFNj11UJKwumG+L5UvKWsMe8zoS9YjvMJ9M9yUZ1WHjEdSuB
-TUlF9dLlNAsxozobuGCtYjKE4kYxBqGzSjTnuaN18yHF3PFKlzj++d15fCUWU6Fe
+erEbbKnkv7FITyM4urGOS6Y6CjTjV8xG5IPxkHUQjEavjVcvbMaRr8vKf5rf2iuR
-rXXI7VUguxWtAM7spTfsttCRW3GYW551gvCYNtrpuV64xitNUpwOK1Jbg9iyqhPT
+hDDYNknQf5zm5qmBq/cPC4dupKQyW58Kt5JkoY4Ok1zs4n9i6EFLUCHO3NaHsnfF
-8KUfT6cLhw1+XDxt0XqJXhY5GjfnAtZzhxWmJN0LBexNIcdgKtFt/ZxCz9rGwXIB
+5iNg48DfI2ssk2HVGLyI8AiLl/IftvAP3OOAn6gW3twvwKK6m1Yfv822odEHv9oB
-n1jbZdeukfVZLfAuwhFey8D3Mb+ghj3v/stBEquIAmCsB2YN+dQ5SQsUu7jVutFg
+SDXlvbZhnwe8ZvNRa7QCiItzE/b/bh0+c1pk9M169qQAcum8OdwljS6XBzk2o0mv
-jzwoZwr+JliWPEmtR9N8v6ZWAoEkoZcIjLBlqYRHLt8uDwiSGUGJQO18NhTEii2Y
+cP6VD+UlutkEpOFW10m8QAcGHPVICSpBBSnry8fX90465BvurVLgYb5VJ7l7VTjn
-Qs3HMrZBFYSooUdps/9YA9mZtfI=
+7j99dO0MhE0OSfHONUcbf9+nyBYMkh2Gj+/N3zWd/F/COHeZveRoSdc37dEJOWjz
 lEAdkN13aos01b6Xk9Dn4bf7
 -----END CERTIFICATE-----
--- a/tests/backend/mongodb-ssl/certs/crl.pem
+++ b/tests/backend/mongodb-ssl/certs/crl.pem
@ -1,22 +1,23 @@
 -----BEGIN X509 CRL-----
-MIIDoTCCAYkCAQEwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAkRFMQ8wDQYD
+MIIDvzCCAacCAQEwDQYJKoZIhvcNAQELBQAwgZsxCzAJBgNVBAYTAkRFMQ8wDQYD
 VQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hhaW5E
-QiBHbWJIMQwwCgYDVQQLDANFTkcxEDAOBgNVBAMMB1RFU1QtQ0ExITAfBgkqhkiG
+QiBHbWJIMRAwDgYDVQQLDAdST09ULUNBMRswGQYDVQQDDBJUZXN0IEluZnJhIFJv
-9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNvbRcNMTcwNjAyMDcwNDA3WhcNMTcxMTI5
+b3QgQ0ExITAfBgkqhkiG9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNvbRcNMTcwNjEz
-MDcwNDA3WqCBxzCBxDCBwQYDVR0jBIG5MIG2gBSXyNzI7q/icMQJmxlQj4YdLP9u
+MTQzNjU1WhcNMTcxMjEwMTQzNjU1WqCB1jCB0zCB0AYDVR0jBIHIMIHFgBRpx4WA
-JqGBkqSBjzCBjDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UE
+ZOaQQOkwaIgj0k277N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgM
-BwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgxDDAKBgNVBAsMA0VO
+BkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdt
-RzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWlu
+YkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBD
-ZGIuY29tggkApMTf2xrbg8cwDQYJKoZIhvcNAQELBQADggIBAEDFXjmlQhBafb9u
+QTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvww
-IId7ZrHFeueCiDsWJd2cI7BOIU4gsJzrL+SCjvAWyADd1np0gB86M7JK1W3iUfKI
+DQYJKoZIhvcNAQELBQADggIBAGGHwjqvEayCkMzacIrhLlT97ra/5BGv9DIsVJUo
-FbwAbsxgJSnwyzwoQcTCp8/vD7z7+7uTxvbaEGOEiW9sVqRs/CKIzVoSQPB/R6cM
+oEL+NuCl3lyd3lP+jr+cam+tqGJhsf43i7ZndmU4CKPS2WbZWENGSFcVIcNV05qT
-9WHwRuXeLALPIrVsxRaeIMbhEUgmfi9R2KvzKvc6yLMxWd1mmW8xdq7zZ6nlGl9Y
+YvGE62TpX74ZbFUAAsrZSyEGJFkREyrIwCc6b8O0Gr0BKCbnmlj/3XEhe9bsAu8m
-mrnRwOEdfgOUvuAaQgBculK3eKZmzJzzh1t+hJstmzdjtM+0gw3bzGLg3IJJ2uTK
+bZiN6I1e89Wbz+nNzUi1cE2ZRRQgiTX4CFuvl9L37N4KvAHH1HJn6xzWx+VYP5xQ
-D6nnSLG/QGTvnOmhIlnr26sYvVSMJrPrT7EyI/pN4GYWHwJ3rIJm9ii1+4q+D6YX
+vN1SK0SvsWHk3jiiyRazunWgJrdwmorqWApYHFybUNKw4B5btKe3ezl13ZXOIwDA
-a6iyywOL/T0Sb7EUXmM9KHhnoaLXQetGmP2bgMprUF+3rgj/KjPHk2eXFyW++GWs
+Ui6Fhi1jHj0yimZfieChD/bqGKEBFwrYp44ZRz52cg+YYcYzY72Rn6g7x8TsbNt0
-jlcyRvBd8a5AA9L2pPmoKQEQNL65YJcJSzfT3ZpkPxw/kD08Y29Vn7i86ol+MSdz
+7h4jq2MEQ3We4zYEXFz7ZPxNLn7wYxx0x5h2E5vPaXXp5W/TzpCquSkpGSWF26OH
-4dYuI4dTyU5IcMX4eQi4rdTm8rS55EE3MkL0OePeq375GROoInSyKeLpqPDPdpZx
+QAXaDOESAJV3e2oPFN8Wger3Oj7FTa0IZtne1aH/wnY0keDsVuvA8sHoy1Ylw72H
-Fo0AX0Rn3lt4vXFba84Vz5EveXt/jP2c01CXjTDzwfL13B7cbNl8yjD+Qopt9qXw
+cv6D2ABEm4erAJ7n6BQ/unYXd+qKCYPLdxdOyd9lBGJhk6uN+Nzued/z8SjV3XEb
-BPet7/eZs9gwcpcYooRjSD0zYvW3/wngqTPY/nPMZ4Wpm6QivGZo7LfMz5regjeT
+i6JvHwUEl/hwRWFF3k5vDaX4d5Z4kTIzO9+4ut44WRcgJ4zRd64ZKpGPEnTg3VsJ
-DMQWkWlP8aup1aPeoDFXC2tzQhVK
+oqQmwcfBvThKZmgrvUnvPzGYbA5LduQYRJ+elD5hGHBOEvayAof3FLKZZG8zNjip
 lLJj
 -----END X509 CRL-----
--- a/tests/backend/mongodb-ssl/certs/test_bdb_ssl.crt
+++ b/tests/backend/mongodb-ssl/certs/test_bdb_ssl.crt
@ -3,130 +3,131 @@ Certificate:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=TEST-CA/emailAddress=dev@bigchaindb.com
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
        Validity
-            Not Before: Jun  2 07:13:16 2017 GMT
+            Not Before: Jun 13 14:44:30 2017 GMT
-            Not After : May 31 07:13:16 2027 GMT
+            Not After : Jun 11 14:44:30 2027 GMT
-        Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=test-bdb-ssl/emailAddress=dev@bigchaindb.com
+        Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=BigchainDB-Instance, CN=test-bdb-ssl/emailAddress=dev@bigchaindb.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
-                    00:cb:59:21:c4:6e:b7:93:c7:d1:87:e1:8f:06:07:
+                    00:cb:8b:a5:98:f8:cb:ab:f0:c3:e3:8a:b1:92:ba:
-                    c6:4f:31:35:4d:cc:43:8e:25:bf:4a:08:3e:df:3a:
+                    c3:45:e0:1e:ed:d8:f2:a8:39:02:fd:8f:0f:e1:c9:
-                    b0:d8:3c:b5:45:39:49:aa:ef:17:53:2c:fa:74:73:
+                    9d:79:0c:38:38:df:a7:ef:6d:10:32:5a:1f:c8:d8:
-                    4e:f6:36:ae:ad:9a:88:3c:1a:ad:c2:ac:1c:b3:14:
+                    ef:ea:a3:51:40:c3:a0:9b:67:f5:91:43:4f:05:fb:
-                    39:18:8a:33:54:54:59:11:31:b8:8a:1a:0f:d5:79:
+                    b3:05:9a:01:47:88:53:2d:a0:67:fd:0e:1d:a3:9c:
-                    dd:6d:8d:63:a0:8f:0a:a3:5e:b2:40:d0:67:84:b7:
+                    de:1f:48:9e:e7:9f:6a:cc:04:d2:9e:36:90:e0:52:
-                    b6:4b:66:43:85:8a:18:a0:51:08:c9:b0:09:0b:8d:
+                    01:11:31:6f:db:5a:aa:4e:3d:83:5c:b8:31:7d:8d:
-                    bc:89:6c:47:a1:b2:bb:b8:1e:04:77:cb:7e:f4:ae:
+                    06:8f:c1:f8:71:9e:71:a1:ee:54:8e:6c:77:5f:b4:
-                    c7:50:43:0b:49:48:90:4c:7d:72:17:0b:bb:57:72:
+                    69:4a:2d:df:8d:6a:d3:02:26:91:3a:2e:9a:58:61:
-                    dd:ad:62:ba:8d:b4:80:c4:b8:83:a2:c9:08:f7:11:
+                    6b:18:1a:ac:7b:c6:e4:b7:4d:ca:af:97:14:af:fa:
-                    44:0b:67:7f:d4:df:b8:59:5b:c0:32:26:04:95:bc:
+                    16:87:78:50:98:d4:d1:50:3e:e6:d1:c2:d8:85:ee:
-                    c2:eb:92:7b:e9:5d:99:d7:d9:86:be:f0:a7:c5:e5:
+                    06:5b:2d:43:8d:d8:3d:22:6d:28:59:52:44:79:e5:
-                    1e:95:f3:86:21:74:3d:03:ca:4a:c0:4d:59:75:b5:
+                    49:58:82:1a:0e:7f:06:80:85:79:52:1a:c1:c0:32:
-                    62:24:04:09:8a:47:0f:a6:c3:ee:99:82:dc:02:53:
+                    d2:28:c7:b9:c0:67:9d:5c:b3:13:08:07:95:d6:91:
-                    70:f1:77:61:58:2e:9b:db:20:40:9f:15:08:de:3d:
+                    87:6e:f8:53:7a:fa:67:d5:c8:07:91:d9:46:03:45:
-                    c4:11:29:2f:6f:51:1b:36:19:b2:27:03:b8:15:ec:
+                    9e:b1:be:f7:78:fb:9a:a5:73:41:cf:b5:02:73:ed:
-                    3e:56:65:77:97:46:58:07:0b:85:87:a1:f4:ee:4f:
+                    d5:a8:da:77:bd:3c:cf:e8:e5:dc:1f:cf:d6:93:e9:
-                    fc:bc:22:10:da:3c:83:dd:80:26:d7:3e:23:f6:0e:
+                    50:d4:76:f2:53:ec:a8:7d:7b:a7:84:4c:95:00:3e:
-                    3f:4d:f9:1a:eb:2f:ca:60:ea:97:40:23:d4:14:c3:
+                    ab:f4:8e:0b:b1:2a:ef:7d:a1:66:d6:a1:f0:21:5c:
-                    b5:c1:46:f2:15:2a:7e:18:56:3a:58:51:fb:a7:42:
+                    0f:94:0a:12:de:82:65:55:14:47:37:61:cf:68:12:
-                    14:19:0d:79:1e:25:b4:1a:51:74:7b:93:e0:9e:a9:
+                    13:c1:f1:7b:14:5f:5c:ff:cf:b1:68:37:d6:75:5a:
-                    41:83:ab:94:6f:3c:6f:23:0c:7e:bc:14:31:54:ca:
+                    7d:cc:6c:22:e6:34:07:d1:2e:66:a7:6a:1e:9f:ee:
-                    8a:47:0e:a8:01:bd:f6:e9:bd:54:dd:10:84:5f:3f:
+                    e9:b8:5d:da:a2:25:1b:00:70:a9:65:8d:66:54:42:
-                    54:05:47:ae:4e:5d:e1:10:9d:a1:7b:08:b5:96:c6:
+                    49:85:fa:07:56:b4:77:26:af:70:4b:4f:ed:74:68:
-                    ba:fc:97:e0:22:c7:07:23:a2:ad:be:e2:7a:a8:8c:
+                    72:d4:f5:f9:ea:cc:23:a3:d6:8c:39:a2:79:f6:8c:
-                    e9:8a:e4:8e:64:4a:e9:45:b9:2b:55:e0:5c:3a:e8:
+                    64:4c:e3:75:17:86:6f:f1:e1:de:33:ec:28:89:e3:
-                    92:fd:48:54:6b:1e:14:d9:98:72:53:6e:0b:bd:e8:
+                    3b:a1:73:c9:da:57:fa:9c:cc:8b:51:63:10:26:f3:
-                    ea:a9:c1:b2:29:ac:35:7b:0d:a8:22:13:83:d7:af:
+                    27:9a:c0:e2:67:2d:52:e7:41:a0:7e:6b:6d:7c:3d:
-                    90:ec:4a:74:41:3c:fd:32:f6:46:a7:96:02:a3:23:
+                    cc:4a:51:8a:62:c5:17:9c:88:c2:5f:38:a2:8d:ba:
-                    a2:f1:6f:0f:55:e6:aa:8b:47:17:74:a8:c9:5f:ab:
+                    bb:6f:82:11:e3:6c:ec:af:58:f8:06:b0:2d:02:4f:
-                    46:68:6e:d8:11:dc:bd:83:96:3a:a9:04:e0:4c:d2:
+                    dd:73:81:69:3f:cc:76:72:a1:db:73:43:8c:97:39:
-                    03:a8:9e:fd:00:c8:09:f9:71:69:92:10:75:8e:8f:
+                    30:49:d2:9a:77:30:49:21:85:32:0a:6a:37:bf:09:
-                    9e:e4:d6:1c:bd:fd:3f:32:fb:ce:a4:af:cf:9c:f6:
+                    06:60:a3:0f:e5:ba:f5:07:2a:34:e5:3b:07:1d:10:
-                    29:6e:15:ed:c7:df:2d:27:8f:03:b9:fc:ac:3f:23:
+                    c1:c0:38:bc:95:dc:81:b2:89:ab:d5:17:9c:21:c3:
-                    ac:2a:f3
+                    1a:b2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
-                56:19:A1:BA:91:22:9C:E0:84:71:47:64:A2:CD:F9:28:C0:C0:EB:67
+                B7:F5:E7:0E:F8:D8:FE:A1:56:5B:EA:80:2F:18:71:C2:44:0C:91:D0
            X509v3 Authority Key Identifier: 
-                keyid:97:C8:DC:C8:EE:AF:E2:70:C4:09:9B:19:50:8F:86:1D:2C:FF:6E:26
+                keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98
-                DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ENG/CN=TEST-CA/emailAddress=dev@bigchaindb.com
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
-                serial:A4:C4:DF:DB:1A:DB:83:C7
+                serial:E8:06:B2:C9:2A:9C:2E:FC
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
-         18:50:cd:6d:2b:0f:aa:e4:25:1e:b9:16:1f:b5:39:17:b7:5c:
+         78:44:00:be:10:3b:f3:40:e1:5e:e4:3a:64:99:13:71:1d:91:
-         d8:c0:a6:97:17:3d:0b:39:6f:5f:d2:2c:42:c1:6f:06:e8:72:
+         96:f6:f1:0f:db:99:6c:65:c3:be:c9:0d:d7:a1:c8:7c:09:e6:
-         a1:f6:ee:40:47:6c:d6:f0:84:dc:4d:67:07:e9:4b:dc:fe:5c:
+         56:5b:32:44:5f:e8:00:27:b5:20:28:d9:19:5a:74:21:4f:1a:
-         05:a4:af:54:ac:92:f3:14:48:4a:e1:28:b0:cb:7e:3b:68:da:
+         ef:5a:e9:cc:f4:97:f1:9f:97:9b:45:35:cb:df:27:6a:75:ce:
-         98:b7:08:44:16:30:a8:94:32:1c:f8:2b:6a:ab:01:95:e9:10:
+         9e:0e:11:be:03:fa:1a:91:77:9d:7d:6a:76:59:6b:98:96:09:
-         a1:b6:bd:08:ee:0d:27:be:95:ed:9b:ce:e0:70:e8:b2:7d:9b:
+         21:cd:ca:54:1e:1f:75:58:68:5d:af:c2:8a:18:c5:56:d9:56:
-         c9:4b:18:33:09:1b:91:78:29:f5:22:2f:59:18:40:95:ea:6b:
+         39:c6:a7:2a:a4:0e:0b:88:7e:55:72:7f:ec:07:0d:7f:7a:c0:
-         3c:e9:e6:30:ab:f1:e2:ab:a2:0b:97:30:a1:39:f5:5f:4b:97:
+         14:8f:44:f4:cc:3b:30:97:8a:98:e2:da:7e:88:b8:a5:93:4c:
-         f2:7d:54:e8:51:85:19:8e:09:69:93:5e:96:40:79:74:45:6f:
+         f4:92:e1:e8:84:60:bc:f9:e4:55:0f:68:ba:34:70:4f:9f:47:
-         93:dd:47:55:1e:7d:76:8d:ad:84:3d:d6:f4:4e:a0:62:59:e3:
+         63:c1:2f:96:78:ab:43:80:87:f2:0d:10:57:a0:a0:8c:d4:93:
-         62:98:2c:c7:44:21:aa:5c:77:71:ef:8a:25:16:d9:dc:ab:32:
+         c3:89:ef:f0:2f:58:63:53:8c:1e:29:4c:a5:88:ec:56:af:22:
-         d1:da:aa:86:40:a4:2f:07:4a:bf:f0:45:83:8d:fe:0b:89:e6:
+         65:54:77:6c:f8:cd:68:2d:34:f7:71:cf:12:6e:ba:50:8f:30:
-         c9:88:42:0a:5c:ea:ba:b1:e2:e5:22:e0:17:74:7e:ae:ec:d4:
+         a0:05:31:e7:32:27:29:e5:1b:a9:40:3c:49:45:a3:8e:2d:10:
-         2c:0d:4e:35:69:7b:a5:89:c6:a6:b0:44:24:b4:12:02:5c:ad:
+         0b:b4:da:f5:73:e7:aa:d1:c7:a8:a6:f5:32:4a:33:f3:60:3d:
-         40:ae:ae:e2:8f:e1:aa:25:89:32:d8:ab:1e:37:00:a3:2c:43:
+         72:4e:b9:1e:15:e9:7d:0c:a9:f8:57:72:2b:60:24:18:47:5b:
-         e2:cd:ad:8e:91:97:14:61:ff:dd:48:6f:8e:0f:07:8c:9d:c0:
+         34:f5:25:ef:93:10:4a:0b:ed:e8:39:2e:d8:9e:bd:32:67:ce:
-         dd:bc:c8:c6:4f:eb:33:d8:40:64:bb:82:56:75:78:0c:d7:40:
+         7c:c7:a4:0e:5f:03:1e:8d:4a:7f:ac:7f:4e:7b:f8:26:44:1c:
-         9b:12:ea:2a:82:ef:70:cf:75:3e:75:45:80:18:70:c1:10:41:
+         9f:6b:a0:9e:4d:90:31:13:8a:46:5f:87:9e:bc:06:f2:b6:e5:
-         5b:7f:32:fe:f0:cc:e7:98:56:c7:7e:b3:99:a7:6a:37:1d:80:
+         6b:75:d1:f3:c0:4d:fe:c5:16:34:35:ce:6e:31:f3:1f:cd:4e:
-         0d:0f:26:56:12:b9:9e:64:8b:90:39:5e:2b:f4:01:c2:9b:fc:
+         13:5d:0a:84:00:cc:72:b5:ef:a4:90:74:70:53:9b:6c:b3:58:
-         34:4d:c1:be:c4:44:54:3b:f9:b9:0b:2c:ad:ac:04:f1:be:6a:
+         5e:3b:ba:5b:ff:4c:fe:47:7e:20:1c:83:04:57:7a:a5:08:ed:
-         74:70:0f:a4:fb:86:1f:81:a6:3f:69:ed:96:52:0e:1f:32:5e:
+         29:51:11:e0:a5:81:92:b5:4f:32:74:35:be:8a:c6:82:7a:50:
-         49:8a:9d:26:2c:15:62:3a:9a:bf:da:2d:4c:31:36:7f:93:5e:
+         45:f9:ee:57:62:a5:41:57:dc:3d:f7:bd:17:59:2d:53:2c:d0:
-         27:b0:f4:dd:13:44:18:70:f2:97:0a:a6:69:ed:63:34:f1:fc:
+         81:76:e8:1b:64:bd:80:94:eb:b1:f6:0f:8f:c7:50:cb:c4:c2:
-         94:a1:1f:3f:1c:e2:a1:fa:4a:8d:a2:9c:46:5b:8f:d8:e6:d9:
+         33:b0:78:78:d4:61:d2:d7:54:0a:71:24:59:0f:30:23:8c:45:
-         9f:34:d8:97:84:3f:09:be:66:74:1a:51:96:73:52:80:9c:51:
+         d6:b9:f1:5c:99:eb:20:11:2f:ca:36:39:36:72:e9:f5:24:47:
-         ad:78:18:15:54:90:3a:1c:18:61:90:77:b0:10:b3:18:5b:77:
+         54:54:20:4d:1d:aa:cd:ec:ec:4b:89:2b:67:00:62:64:2c:05:
-         11:f3:1e:18:12:08:dd:95:22:d4:41:06:96:2a:b5:11:8c:3f:
+         19:6c:91:72:01:bb:04:0c:f0:e1:27:5e:c9:9b:f1:41:09:8a:
-         33:71:32:99:12:de:42:29
+         dc:62:85:a0:87:c8:d5:ab
 -----BEGIN CERTIFICATE-----
-MIIGsDCCBJigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCREUx
+MIIG3jCCBMagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx
 DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj
-aGFpbkRCIEdtYkgxDDAKBgNVBAsMA0VORzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8G
+aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m
-CSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4XDTE3MDYwMjA3MTMxNloX
+cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X
-DTI3MDUzMTA3MTMxNlowgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4x
+DTE3MDYxMzE0NDQzMFoXDTI3MDYxMTE0NDQzMFowgaExCzAJBgNVBAYTAkRFMQ8w
-DzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hhaW5EQiBHbWJIMQwwCgYD
+DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh
-VQQLDANFTkcxFTATBgNVBAMMDHRlc3QtYmRiLXNzbDEhMB8GCSqGSIb3DQEJARYS
+aW5EQiBHbWJIMRwwGgYDVQQLDBNCaWdjaGFpbkRCLUluc3RhbmNlMRUwEwYDVQQD
-ZGV2QGJpZ2NoYWluZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+DAx0ZXN0LWJkYi1zc2wxITAfBgkqhkiG9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNv
-AgEAy1khxG63k8fRh+GPBgfGTzE1TcxDjiW/Sgg+3zqw2Dy1RTlJqu8XUyz6dHNO
+bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMuLpZj4y6vww+OKsZK6
-9jaurZqIPBqtwqwcsxQ5GIozVFRZETG4ihoP1XndbY1joI8Ko16yQNBnhLe2S2ZD
+w0XgHu3Y8qg5Av2PD+HJnXkMODjfp+9tEDJaH8jY7+qjUUDDoJtn9ZFDTwX7swWa
-hYoYoFEIybAJC428iWxHobK7uB4Ed8t+9K7HUEMLSUiQTH1yFwu7V3LdrWK6jbSA
+AUeIUy2gZ/0OHaOc3h9InuefaswE0p42kOBSARExb9taqk49g1y4MX2NBo/B+HGe
-xLiDoskI9xFEC2d/1N+4WVvAMiYElbzC65J76V2Z19mGvvCnxeUelfOGIXQ9A8pK
+caHuVI5sd1+0aUot341q0wImkToumlhhaxgarHvG5LdNyq+XFK/6Fod4UJjU0VA+
-wE1ZdbViJAQJikcPpsPumYLcAlNw8XdhWC6b2yBAnxUI3j3EESkvb1EbNhmyJwO4
+5tHC2IXuBlstQ43YPSJtKFlSRHnlSViCGg5/BoCFeVIawcAy0ijHucBnnVyzEwgH
-Few+VmV3l0ZYBwuFh6H07k/8vCIQ2jyD3YAm1z4j9g4/Tfka6y/KYOqXQCPUFMO1
+ldaRh274U3r6Z9XIB5HZRgNFnrG+93j7mqVzQc+1AnPt1ajad708z+jl3B/P1pPp
-wUbyFSp+GFY6WFH7p0IUGQ15HiW0GlF0e5PgnqlBg6uUbzxvIwx+vBQxVMqKRw6o
+UNR28lPsqH17p4RMlQA+q/SOC7Eq732hZtah8CFcD5QKEt6CZVUURzdhz2gSE8Hx
-Ab326b1U3RCEXz9UBUeuTl3hEJ2hewi1lsa6/JfgIscHI6KtvuJ6qIzpiuSOZErp
+exRfXP/PsWg31nVafcxsIuY0B9EuZqdqHp/u6bhd2qIlGwBwqWWNZlRCSYX6B1a0
-RbkrVeBcOuiS/UhUax4U2ZhyU24LvejqqcGyKaw1ew2oIhOD16+Q7Ep0QTz9MvZG
+dyavcEtP7XRoctT1+erMI6PWjDmiefaMZEzjdReGb/Hh3jPsKInjO6FzydpX+pzM
-p5YCoyOi8W8PVeaqi0cXdKjJX6tGaG7YEdy9g5Y6qQTgTNIDqJ79AMgJ+XFpkhB1
+i1FjECbzJ5rA4mctUudBoH5rbXw9zEpRimLFF5yIwl84oo26u2+CEeNs7K9Y+Aaw
-jo+e5NYcvf0/MvvOpK/PnPYpbhXtx98tJ48DufysPyOsKvMCAwEAAaOCARQwggEQ
+LQJP3XOBaT/MdnKh23NDjJc5MEnSmncwSSGFMgpqN78JBmCjD+W69QcqNOU7Bx0Q
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFFYZobqRIpzghHFHZKLN+SjAwOtnMIHBBgNV
+wcA4vJXcgbKJq9UXnCHDGrJhAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMB0GA1Ud
-HSMEgbkwgbaAFJfI3Mjur+JwxAmbGVCPhh0s/24moYGSpIGPMIGMMQswCQYDVQQG
+DgQWBBS39ecO+Nj+oVZb6oAvGHHCRAyR0DCB0AYDVR0jBIHIMIHFgBRpx4WAZOaQ
-EwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoM
+QOkwaIgj0k277N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJl
-D0JpZ2NoYWluREIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNULUNB
+cmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgx
-MSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQCkxN/bGtuDxzAT
+EDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBDQTEh
-BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQAD
+MB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvwwEwYD
-ggIBABhQzW0rD6rkJR65Fh+1ORe3XNjAppcXPQs5b1/SLELBbwbocqH27kBHbNbw
+VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IC
-hNxNZwfpS9z+XAWkr1SskvMUSErhKLDLfjto2pi3CEQWMKiUMhz4K2qrAZXpEKG2
+AQB4RAC+EDvzQOFe5DpkmRNxHZGW9vEP25lsZcO+yQ3Xoch8CeZWWzJEX+gAJ7Ug
-vQjuDSe+le2bzuBw6LJ9m8lLGDMJG5F4KfUiL1kYQJXqazzp5jCr8eKroguXMKE5
+KNkZWnQhTxrvWunM9Jfxn5ebRTXL3ydqdc6eDhG+A/oakXedfWp2WWuYlgkhzcpU
-9V9Ll/J9VOhRhRmOCWmTXpZAeXRFb5PdR1UefXaNrYQ91vROoGJZ42KYLMdEIapc
+Hh91WGhdr8KKGMVW2VY5xqcqpA4LiH5Vcn/sBw1/esAUj0T0zDswl4qY4tp+iLil
-d3HviiUW2dyrMtHaqoZApC8HSr/wRYON/guJ5smIQgpc6rqx4uUi4Bd0fq7s1CwN
+k0z0kuHohGC8+eRVD2i6NHBPn0djwS+WeKtDgIfyDRBXoKCM1JPDie/wL1hjU4we
-TjVpe6WJxqawRCS0EgJcrUCuruKP4aoliTLYqx43AKMsQ+LNrY6RlxRh/91Ib44P
+KUyliOxWryJlVHds+M1oLTT3cc8SbrpQjzCgBTHnMicp5RupQDxJRaOOLRALtNr1
-B4ydwN28yMZP6zPYQGS7glZ1eAzXQJsS6iqC73DPdT51RYAYcMEQQVt/Mv7wzOeY
+c+eq0ceopvUySjPzYD1yTrkeFel9DKn4V3IrYCQYR1s09SXvkxBKC+3oOS7Ynr0y
-Vsd+s5mnajcdgA0PJlYSuZ5ki5A5Xiv0AcKb/DRNwb7ERFQ7+bkLLK2sBPG+anRw
+Z858x6QOXwMejUp/rH9Oe/gmRByfa6CeTZAxE4pGX4eevAbytuVrddHzwE3+xRY0
-D6T7hh+Bpj9p7ZZSDh8yXkmKnSYsFWI6mr/aLUwxNn+TXiew9N0TRBhw8pcKpmnt
+Nc5uMfMfzU4TXQqEAMxyte+kkHRwU5tss1heO7pb/0z+R34gHIMEV3qlCO0pURHg
-YzTx/JShHz8c4qH6So2inEZbj9jm2Z802JeEPwm+ZnQaUZZzUoCcUa14GBVUkDoc
+pYGStU8ydDW+isaCelBF+e5XYqVBV9w9970XWS1TLNCBdugbZL2AlOux9g+Px1DL
-GGGQd7AQsxhbdxHzHhgSCN2VItRBBpYqtRGMPzNxMpkS3kIp
+xMIzsHh41GHS11QKcSRZDzAjjEXWufFcmesgES/KNjk2cun1JEdUVCBNHarN7OxL
 iStnAGJkLAUZbJFyAbsEDPDhJ17Jm/FBCYrcYoWgh8jVqw==
 -----END CERTIFICATE-----
--- a/tests/backend/mongodb-ssl/certs/test_bdb_ssl.key
+++ b/tests/backend/mongodb-ssl/certs/test_bdb_ssl.key
@ -1,52 +1,52 @@
 -----BEGIN PRIVATE KEY-----
-MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDLWSHEbreTx9GH
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDLi6WY+Mur8MPj
-4Y8GB8ZPMTVNzEOOJb9KCD7fOrDYPLVFOUmq7xdTLPp0c072Nq6tmog8Gq3CrByz
+irGSusNF4B7t2PKoOQL9jw/hyZ15DDg436fvbRAyWh/I2O/qo1FAw6CbZ/WRQ08F
-FDkYijNUVFkRMbiKGg/Ved1tjWOgjwqjXrJA0GeEt7ZLZkOFihigUQjJsAkLjbyJ
+7MFmgFHiFMtoGf9Dh2jnN4fSJ7nn2rMBNKeNpDgUgERMW/bWqpOPYNcuDF9jQaP
-bEehsru4HgR3y370rsdQQwtJSJBMfXIXC7tXct2tYrqNtIDEuIOiyQj3EUQLZ3/U
+wfhxnnGh7lSObHdftGlKLd+NatMCJpE6LppYYWsYGqx7xuS3TcqvlxSv+haHeFCY
-37hZW8AyJgSVvMLrknvpXZnX2Ya+8KfF5R6V84YhdD0DykrATVl1tWIkBAmKRw+m
+1NFQPubRwtiF7gZbLUON2D0ibShZUkR55UlYghoOfwaAhXlSGsHAMtIox7nAZ51c
-w+6ZgtwCU3Dxd2FYLpvbIECfFQjePcQRKS9vURs2GbInA7gV7D5WZXeXRlgHC4WH
+sxMIB5XWkYdu+FN6+mfVyAeR2UYDRZ6xvvd4+5qlc0HPtQJz7dWo2ne9PM/o5dwf
-ofTuT/y8IhDaPIPdgCbXPiP2Dj9N+RrrL8pg6pdAI9QUw7XBRvIVKn4YVjpYUfun
+z9aT6VDUdvJT7Kh9e6eETJUAPqv0jguxKu99oWbWofAhXA+UChLegmVVFEc3Yc9o
-QhQZDXkeJbQaUXR7k+CeqUGDq5RvPG8jDH68FDFUyopHDqgBvfbpvVTdEIRfP1QF
+EhPB8XsUX1z/z7FoN9Z1Wn3MbCLmNAfRLmanah6f7um4XdqiJRsAcKlljWZUQkmF
-R65OXeEQnaF7CLWWxrr8l+Aixwcjoq2+4nqojOmK5I5kSulFuStV4Fw66JL9SFRr
+gdWtHcmr3BLT+10aHLU9fnqzCOj1ow5onn2jGRM43UXhm/x4d4z7CiJ4zuhc8na
-HhTZmHJTbgu96OqpwbIprDV7DagiE4PXr5DsSnRBPP0y9kanlgKjI6Lxbw9V5qqL
+V/qczItRYxAm8yeawOJnLVLnQaB+a218PcxKUYpixReciMJfOKKNurtvghHjbOyv
-Rxd0qMlfq0ZobtgR3L2DljqpBOBM0gOonv0AyAn5cWmSEHWOj57k1hy9/T8y+86k
+WPgGsC0CT91zgWk/zHZyodtzQ4yXOTBJ0pp3MEkhhTIKaje/CQZgow/luvUHKjTl
-r8+c9iluFe3H3y0njwO5/Kw/I6wq8wIDAQABAoICAFWnHJ8WF8Nqtmpq6wiaO8Dd
+OwcdEMHAOLyV3IGyiavVF5whwxqyYQIDAQABAoICAQC0NvMqanWhyW0WxJCOMi98
-tFspwAbfBX0Ujg8PNLBQmfYnlE0o2oVRe8mTTF5PWDKN1fajMi++uXQA/6/Dfq11
+aX/Y5LGMAdZE+2p7ZY+4QfpxWIyOrsidXDAyGujonSrupYZIshW5RJft2zlY507k
-vfKNI/Mf2S2NYGSl2qIlvlBkMec1IXV4wJNv5t8X9RmKKI5z1MuGDzU/Y8jLdWCv
+r629gv0vD1VsrBH6LskKmJntAwQbsoI5KkHpoBTCaRbKaSoqaKbg24EIvRukNT20
-XChtkfNUr2WyZ82dgBKIAIeOjIHgQ1mmLXhE4Lx8EA6AaYNQRX4cQW8UMR2KlSFK
+uphA9YYHxWtHkzAQPJmQmOcSVXqwb6hrUgqPGL0eEpE3QBO/7zQNQ5hQiHS+kMK6
-fEHqOZxqnkEFCSkvWh+RVMn5oXF+GzB6Or0e92+a5SS8mzMadD5HgmM3Qohs42kj
+y8H7apBUH9Jk/yS5m14TH4SjTD/RTneViCAQoJyW9ju/WP+7vYIX+WVZUu+xt02S
-Zn5/T4SKVWHuaunXPV4HXE/yLiXQXwrhtfXTDjZFxVg08zPIEIofI0anRHkhPg3r
+CY2Y0eLPym8u14jkODQF55knFMZ1Zoc4n8CQD1qZm+UFOFC1yubl9MYdoF4C3ZuC
-+pyAGuwRH3HoRQLhb8FVhl6HRmrsMl4nW/BassFN6DB01OYl2wqO2ybzXcfb7ihg
+vABnU7UU6pSABJ3glcwWUrGPxgbWTSlCTFwJqWeUZfEwWXQPhfoGIfckOf89tDsB
-0Gg8QaOGVaDT6mJL5F8YSY4rVYeNxvfayO0T7+QORauVNWWXHxm9IMtAUOvdArTm
+9TUd8fnfKVUrqDnEVPryvMZipG1nX4pZX/nXM/22sepdyuQ21quCcUTcUGwBhhQA
-+FcSwp47o+QcE5iLUJ91c+NsIhAHaJ1C4RA+2hcvfoDQSplQ24ZLR49jjHEWB/0z
+gfVJMPUc2dilJyYILYgmZ9k3J1iFVwIahMtqxY7oSaQi5bD9Pcst9MzFwiGo7T2q
-vgfxNifOn+XA+hCDwOESGq51ROQSQ6MFnHsVjTReK+3VMbz3mcZTVgXCMGZTKfyr
+4CjfUTPCiQeE+kyiEo1HR6Mhzd80Nobh0BQfMuauBMmkMlA3HPeztyR2U16QdDIa
-eALEZsT6WL20Ln4A1Xo8Nb1JfQqmbfSqASasUKXofXJY0QLmcnLrGK2+S0+hyHJc
+LG2DOl+Ak4OultjKtGKovsb9FnzDnr/N+ONLgRyKPMwjLgjRPBpGmxSltjfqHpC/
-tsIHEOnLbHLuIN5xz/3xAoIBAQD1sLpN/srusaUm1V6kcHyEKY6ednqwGZjqNL4k
+72OK3QPbDe7FRa3+jzC8ZQKCAQEA+RA7fhUEQv722SVpJI1pEvyQGCede65VB3lp
-Q872w7eUsg0ofUJ6zlFctDp3fVXWhYYPPyMX7DhbhDPqKOA1Z1sEpacicxZ/7JDC
+tN4wWqXfdKBKzTcxx6xkojvZPQe5NQFK3743Ui5qbgNxnxuqU/+KsBngZBVAYV6k
-ymhnyjGJPyxjuNcB+NFDTt3+I4tnadq5wmik1Z1cBp/EK5u/zLV9IAYG2nJn8XYM
+muCmpJsucCXVULeG5Cei7Z2FoRn2zjI1+7cMX9kccq+lGjy3imJPjhy9ChTWt/GB
-NhF+rZPql7WOzJR1yXEnZGAO4PiCq5H1L8uZUx3fbD+mMqjZq8BJrWKPWf1+9zjh
+P4Ii6ow2f+ZNKd5Vs/BRvGurLdCWg47UTzujHWtI24nJHjYfWpGIdAmJ9cuA/QgJ
-/qe8BiNELkpDlh5pwVSLjNWpR2/FH27JwjQYdMCgWJbK5/M23lDFpmsovkBDbs0w
+RCVs8U0vXzcRKwGkn45q9t7A9LMMZ2OIryhN3PPY4p1i4zu4kwFEQeJ1CCSrAiTn
-z0KmV9eHGGLpFhmQ4pNu288TUvmxP3zCSqIXfSFqfTHXDPg5AoIBAQDT4Y2WHCFE
+etitPxiovo+dmCFWxXeYuY+PNsi5C6kwOHVPDYlv+YrP0cm3jwKCAQEA0TbhuDaQ
-PYjlNhkoQW8KuY1U/mAnNUmU/GJGIRbayk712b23xo8miOC6PF4jhw+fynEDMeN6
+rkuVIIlzrQzLl0KqtoQ/p+5KI4WmzDdpmWvLhAGug7Xfi5AmSAmJB+ui/XeHCjyg
-eC+5FvVQ59g/ELLLgcVpDbHCqBmSiAfgnWCpOIYhvTJFQKPNEB6XCxO0dSp8PtXA
+Vy+nyoxzJrdjg0WShRgRx2b3rYqxTDsV72sbl1ofrCyX9DOW2XaiLCXPkGQfOmkS
-dyzXRSCI5dYBzbYlV7Pvbgrsj9glgnOxMB/zYWhNIJEZj+UBDLR1PTs+Nx65vZ81
+yYagR3xyfsVsf44bwUWj2vckXFhZFZDR2DpRWL20S852RpXvwzOoOWhfaBAqHeR+
-wYUSs7jJN+g9yagFg3NCYWjfLm52sN3xhSpsjKk8FcaWzyUElFzq+QWh34KOxJj0
+qBWVsDuRwo0HCkidgBYnRpg4FAitoiVM+MpB3r84pOK4bO6s0n384l1iFLhWli/d
-dq8y8G817B4NqFRN58WeU2Hu5HWk7Pgc611WjZ5AyEKWdz+RFfNcM6BBna1n/jIA
+6hLVa4Hpec5jMHQajhOjdk03gK0xmS9Trcv1aUboih7KH0FlbdlWeKWi/F7sT7P9
-KXUFB+vExISLAoIBAQDrOD+l3II89CbBfxYVKPyNK5w3agccAeW8lLJV1fWXmtlv
+3MFrs9G+Ybd/DwKCAQEAiA1t8jnY0iAlCAl/nhABTfXZYNiDFoTsveB89ehJ0bq6
-queeFA5JtK2Aq6wuKfi8YSlv/2qBxM5QD8oELQ47ErC5Sj8xZC3uW3Zch5xdgd7b
+jiLhuahk8QYjEtxOlyAY8/N4yzBFWAcy7FXFQ30BVlFJmVkJUqKpQIdKs6/0WAbN
-H3hIIPb4FFeEsUUnwq/8WgPmRJIa/ciiClV7YqTChCJdoQMkHI/bo/j4x+sH9Pbg
+H0YLeMRIU2mzfsmFrbNZNtoG0zHy+IjJGX0JW4O/X0DE5ISeX1tyz5iFWgPkvutI
-ak6QYJziB/IlXJv6orhJoikjLJcoO8Ml3GUzoNy3SQ/XegAabnWb0OTMuRmtkdLB
+iT8Edr6RgkJHTxTjftbvRHQuFeDixaH/iUOUAqQphDJ0VlEm5hHJfG13hvznvzi
-u++ttVN4vHdNA5CreJExkF5pG1z07RJecXIs4NShe0apdCKz5zFvXe1lBYkx6HeY
+28hhAHUtUFuj4qdcEE+efvvINqZ1ojUyTNhcpHSDJwqSFst10rT1FX7DVD/4o3b8
-B2jq7xWa+NFeGWOvhIk5gSbYfMui4VHUufe1g91BAoIBAG6P5igMabeIPKUOw7Xj
+9tvM4sWTeNsT+omJWgvbyZrqVG0AegyRtmc1jwv50QKCAQAjNGz/Jo9qBOXvN7Hz
-3yPDi2JskpQjFFBwGn/pyFlG9EkJ5Bu/uvcqucm0spLraVXCd5JpOACyMoTs2/np
+aLfJmDpJxC9B/uMS3yaWLqziWDVC3VWUbEJVpcgLTy9z2b7vj/F1U4ZXpXlCqCeo
-4UeXWRUklHSrNrUSrrVt0l59APGMk0GLzm2gu1jILo42s4OZGCBZUYTrKzTx13ZY
+WCuypz5kjwxO1ZDP7wqunTKvuwJFkbDKtCZNvXCg30mizCoFThPDLHMw3iqSXOqX
-KIIsa/20dCpeS8kBjpKULfap3CJOE/UbJ1wlYCRaEtiSqRVgAeJ+dlPAtcX6jlRB
+UnlTbYJWH3XXHsdLksJK0re8/vM5T5LLPs7ASfKykjq4jkufozizFwQJHLi3kw6Q
-niiPz+OAomZjGixLuEyrIkVjba3TAIRgAI61bOWk3Y+nfi7nyOLi58W5INb966pB
+AlMw888tAo1RX8Pv+xXctxIgu0giR2Msu8n06qTCNtka7kPW4L4RP7TD8q9fC9lR
-mbUav1MfvFlPvWzBPjpfhWDh2ITPxWKcnVKSy1LUF3dnYRqcQt5fIIxBFdUYOwkk
+2dzvBlqBleRnv86bJIm4ETKviCaftILk2xF/+O0scuoOGzE17nMtZkhNoW6SL7Ut
-Wt0CggEBAMDCdK1+/xzUnUI5q6MYvgCEZlxuskLRjby8EfdCGv4eaNCKB2z3d5jj
+lEcZAoIBAGMtuS1SJAnJ2wt5NY3zLAIoTwOr4LQLF1ukF+ogkck/GsRaJxGQRaE/
-PXVXpUKbqzLb0ehmA6e2OVOrD9VJYfRCGqrileJY7GnK1d3zy0DFfPm8iRMgevv9
+tupQBRzsZN3MxjRspDzH+583yIEWFWwxDzDbz8P9PuU+Dgm3vRGJ+qvzTDHvnPzd
-Sdzxdc5U7VH5FpMuqHfwNKHVK3jMkRQw88eRLKDWYiH7Du+lITYaLa1t6Xo/0r+5
+3mTOMnNMjchi6wwV9t/SxwhtnUoIHG0FtrXE+xH4QFnXaufGqw8rWbuPRjydH9iJ
-JYoPRUXJv0LiUamTThm4zAs9JOOC2I5/UbgifH21WxllD62fCmxJqF+t0lQWMRUw
+8h+U4g4oaRpvftDHZ6HUMYgqC3/BtB9yk0CQ/BnTG1FlZZw6Ybu4SNtok2QrR1xN
-GYiU41SiczC2rvGt6PKAlm0VKwBV+iCsywCuP7ywTq5n7/tCCPKMRcdTdpsgA9Sj
+MdcSNvQrgkMbVJ8ysKOwJNol3yw5fqYUz6KRxzU28MdOyELhcWhWUC9/D+5ib13f
-ygiQ48fCpPjwXP/+v5TyNchX2aTRCqA=
+Y78+RqMxuQBGGFp1ahS075xikXeb0TE=
 -----END PRIVATE KEY-----
--- a/tests/backend/mongodb-ssl/certs/test_mdb_bak_ssl_cert_and_key.pem
+++ b/tests/backend/mongodb-ssl/certs/test_mdb_bak_ssl_cert_and_key.pem
@ -0,0 +1,185 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
        Validity
            Not Before: Jun 14 12:45:09 2017 GMT
            Not After : Jun 12 12:45:09 2027 GMT
        Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=MongoDB-Bak-Instance, CN=test-mdb-bak-ssl/emailAddress=dev@bigchaindb.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:9e:49:0d:d6:44:06:db:ad:bd:24:0c:d4:d2:f6:
                    0e:e9:14:5a:52:b7:3d:72:97:ae:1c:b4:dd:6c:a6:
                    2b:46:94:a9:60:29:8a:15:75:3d:35:66:a1:7e:3c:
                    a7:09:38:4d:30:4a:5f:d1:01:22:a5:b0:f0:43:ed:
                    9e:e8:6d:b5:4b:da:3d:50:d7:67:c3:bc:a2:08:72:
                    2f:fe:18:54:2a:2e:a8:6b:f4:ca:fb:4a:50:f0:48:
                    c3:97:62:b7:f5:a0:a2:50:2b:c5:b3:ed:6f:b4:86:
                    09:a6:67:68:1f:28:69:d4:0e:73:c1:a2:6c:25:a5:
                    55:37:8c:7e:a4:9e:aa:83:8d:9c:b6:29:19:6f:e9:
                    86:58:9f:34:8b:92:39:9a:4d:ac:2f:1b:ee:43:a8:
                    25:dc:d6:82:63:65:e6:f9:71:ea:69:ac:4f:1b:9f:
                    96:ba:21:88:db:7b:87:4a:5c:84:4a:d6:39:3c:1f:
                    ea:e7:3a:9e:e0:31:32:e9:3d:48:da:0d:6d:47:74:
                    2c:58:e6:ad:65:10:b8:64:7b:80:cb:b0:a2:f4:a6:
                    16:27:b0:84:6e:09:c6:30:a3:b7:fa:34:7a:96:5d:
                    61:71:7d:7d:dc:c8:69:9d:4c:2f:b6:a1:20:31:99:
                    b1:96:9a:9e:be:f4:ec:da:2a:6c:3a:0a:e4:94:ef:
                    67:a5:f4:7c:ae:15:f2:67:8b:f4:f4:18:32:1e:7f:
                    87:79:e7:87:a0:74:99:57:f2:44:62:fe:93:93:21:
                    13:b5:98:dd:fb:98:67:e0:8f:e3:19:36:0b:9e:5b:
                    67:a0:37:77:62:78:9b:6c:be:79:13:bd:79:ae:34:
                    b7:92:f1:8f:17:9c:0b:6a:42:9a:ed:23:e4:71:0d:
                    e6:f3:6d:9c:58:54:88:2f:ed:85:a3:5c:a4:38:6d:
                    a3:b9:bc:ba:56:ad:f8:2c:fa:8c:e8:83:de:1b:af:
                    11:88:e9:81:08:c8:d4:03:68:d4:e7:11:c7:e6:1d:
                    93:7f:02:2c:3d:42:e3:bb:f1:68:70:21:95:87:db:
                    c5:c8:43:64:d5:d9:10:94:cb:e4:17:e3:5c:21:38:
                    fb:9c:96:69:da:24:e3:59:e8:d9:f3:41:45:04:8a:
                    04:c8:bd:04:85:7a:9c:72:9f:5d:34:38:1d:1c:26:
                    85:6c:c3:1c:6d:df:6b:44:a4:ac:f7:27:0d:8f:1a:
                    9b:d2:53:5c:15:bd:1e:f1:de:f1:45:d7:96:d0:50:
                    0a:43:3b:53:ea:1a:8d:67:ad:68:d0:57:dc:3c:f5:
                    63:fb:0e:ff:b2:cf:59:30:d5:12:bc:2c:62:00:cf:
                    c3:ae:ea:20:04:c1:67:e0:3f:92:99:e5:04:cc:7b:
                    a6:7f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                95:F3:A7:FB:99:C6:9D:91:36:06:51:31:39:EC:37:42:89:07:AB:31
            X509v3 Authority Key Identifier: 
                keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98
                DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
                serial:E8:06:B2:C9:2A:9C:2E:FC
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
         5b:42:f5:e9:cc:2a:40:8a:53:29:d9:67:2b:5d:df:25:b8:08:
         6f:6f:0f:d4:e1:b7:60:eb:d4:04:d4:3c:49:62:a5:78:59:48:
         d6:4b:c3:24:04:86:51:99:01:6f:f5:ce:a1:b8:c0:d5:56:4a:
         23:86:f9:22:e6:42:3b:39:8b:66:64:21:f6:72:6b:77:79:4b:
         9f:3e:ec:0e:ba:cf:bd:72:73:02:66:bf:cf:e8:b2:75:ee:07:
         28:ae:26:98:b8:40:ec:dc:d5:12:27:27:34:3e:4f:55:b6:36:
         e0:3b:58:ec:2d:fa:59:e3:c1:ec:16:93:8d:72:f6:ad:f8:dd:
         59:6e:c2:cb:51:82:f1:fc:b6:7e:67:61:f7:81:76:9d:a7:83:
         52:06:cb:b7:fe:52:f4:2a:bc:62:66:16:4b:bd:03:13:7f:e0:
         f1:7e:c4:67:e4:9a:d4:1f:bf:a2:a1:f9:2a:8b:bd:d1:06:35:
         16:97:7b:93:fa:3e:e0:df:4f:60:60:74:ef:18:0c:69:10:61:
         17:4a:8b:d7:4d:0b:83:6c:de:c3:ca:34:ad:02:35:34:e5:2c:
         15:28:4c:ff:5b:e7:27:eb:87:c9:88:21:3e:ed:b3:4e:cc:80:
         2f:fe:87:e4:c7:d8:7c:5d:61:79:db:49:bc:f6:60:28:97:0d:
         17:0e:f4:7d:3a:ca:bc:d1:f2:62:70:a9:19:8b:f8:74:1e:c4:
         10:f9:7a:62:d0:65:d3:00:f4:3d:08:11:5c:d5:d0:97:3e:52:
         0c:51:1a:e6:71:bf:d9:25:c7:38:b7:d1:17:04:c3:a3:74:34:
         51:7e:3d:78:3f:e7:c9:e7:e2:37:db:33:43:26:ca:7f:2c:d5:
         cd:fc:55:2d:3f:1e:7b:95:af:44:ca:b6:9f:0e:02:d3:62:e6:
         1f:96:a6:b2:0d:de:0b:31:b6:4f:de:a8:63:85:8c:c2:5d:89:
         f9:ba:b2:e9:41:19:60:3b:06:18:c5:f6:9f:8c:f9:fa:36:18:
         16:3b:c4:8a:60:5e:7c:06:8c:f3:3a:c0:25:bc:3f:fc:f1:5d:
         a3:81:a4:6a:48:05:f3:0b:cb:f7:45:87:4b:32:5f:b2:d4:5c:
         85:36:ec:3f:aa:23:81:fe:ce:75:7d:54:12:87:b0:95:a7:57:
         81:c5:4b:f3:d9:9a:d2:fb:af:bb:a7:6a:b2:23:92:1d:28:8f:
         a7:21:bd:3c:21:fb:39:fd:73:06:84:d2:9c:6b:06:c9:3f:22:
         9d:dc:a8:74:9b:76:8d:e3:09:9d:ef:02:18:9b:1e:52:69:eb:
         be:1b:bb:73:e2:36:06:4b:27:ad:0f:87:66:cc:36:81:5a:55:
         e1:7b:7b:d0:4d:2f:55:95
 -----BEGIN CERTIFICATE-----
 MIIG4zCCBMugAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx
 DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj
 aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m
 cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X
 DTE3MDYxNDEyNDUwOVoXDTI3MDYxMjEyNDUwOVowgaYxCzAJBgNVBAYTAkRFMQ8w
 DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh
 aW5EQiBHbWJIMR0wGwYDVQQLDBRNb25nb0RCLUJhay1JbnN0YW5jZTEZMBcGA1UE
 AwwQdGVzdC1tZGItYmFrLXNzbDEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWlu
 ZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnkkN1kQG2629
 JAzU0vYO6RRaUrc9cpeuHLTdbKYrRpSpYCmKFXU9NWahfjynCThNMEpf0QEipbDw
 Q+2e6G21S9o9UNdnw7yiCHIv/hhUKi6oa/TK+0pQ8EjDl2K39aCiUCvFs+1vtIYJ
 pmdoHyhp1A5zwaJsJaVVN4x+pJ6qg42ctikZb+mGWJ80i5I5mk2sLxvuQ6gl3NaC
 Y2Xm+XHqaaxPG5+WuiGI23uHSlyEStY5PB/q5zqe4DEy6T1I2g1tR3QsWOatZRC4
 ZHuAy7Ci9KYWJ7CEbgnGMKO3+jR6ll1hcX193MhpnUwvtqEgMZmxlpqevvTs2ips
 OgrklO9npfR8rhXyZ4v09BgyHn+HeeeHoHSZV/JEYv6TkyETtZjd+5hn4I/jGTYL
 nltnoDd3YnibbL55E715rjS3kvGPF5wLakKa7SPkcQ3m822cWFSIL+2Fo1ykOG2j
 uby6Vq34LPqM6IPeG68RiOmBCMjUA2jU5xHH5h2TfwIsPULju/FocCGVh9vFyENk
 1dkQlMvkF+NcITj7nJZp2iTjWejZ80FFBIoEyL0EhXqccp9dNDgdHCaFbMMcbd9r
 RKSs9ycNjxqb0lNcFb0e8d7xRdeW0FAKQztT6hqNZ61o0FfcPPVj+w7/ss9ZMNUS
 vCxiAM/DruogBMFn4D+SmeUEzHumf7kCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAw
 HQYDVR0OBBYEFJXzp/uZxp2RNgZRMTnsN0KJB6sxMIHQBgNVHSMEgcgwgcWAFGnH
 hYBk5pBA6TBoiCPSTbvs35iYoYGhpIGeMIGbMQswCQYDVQQGEwJERTEPMA0GA1UE
 CAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD0JpZ2NoYWluREIg
 R21iSDEQMA4GA1UECwwHUk9PVC1DQTEbMBkGA1UEAwwSVGVzdCBJbmZyYSBSb290
 IENBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQDoBrLJKpwu
 /DATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEL
 BQADggIBAFtC9enMKkCKUynZZytd3yW4CG9vD9Tht2Dr1ATUPElipXhZSNZLwyQE
 hlGZAW/1zqG4wNVWSiOG+SLmQjs5i2ZkIfZya3d5S58+7A66z71ycwJmv8/osnXu
 ByiuJpi4QOzc1RInJzQ+T1W2NuA7WOwt+lnjwewWk41y9q343VluwstRgvH8tn5n
 YfeBdp2ng1IGy7f+UvQqvGJmFku9AxN/4PF+xGfkmtQfv6Kh+SqLvdEGNRaXe5P6
 PuDfT2BgdO8YDGkQYRdKi9dNC4Ns3sPKNK0CNTTlLBUoTP9b5yfrh8mIIT7ts07M
 gC/+h+TH2HxdYXnbSbz2YCiXDRcO9H06yrzR8mJwqRmL+HQexBD5emLQZdMA9D0I
 EVzV0Jc+UgxRGuZxv9klxzi30RcEw6N0NFF+PXg/58nn4jfbM0Mmyn8s1c38VS0/
 HnuVr0TKtp8OAtNi5h+WprIN3gsxtk/eqGOFjMJdifm6sulBGWA7BhjF9p+M+fo2
 GBY7xIpgXnwGjPM6wCW8P/zxXaOBpGpIBfMLy/dFh0syX7LUXIU27D+qI4H+znV9
 VBKHsJWnV4HFS/PZmtL7r7unarIjkh0oj6chvTwh+zn9cwaE0pxrBsk/Ip3cqHSb
 do3jCZ3vAhibHlJp674bu3PiNgZLJ60Ph2bMNoFaVeF7e9BNL1WV
 -----END CERTIFICATE-----
 -----BEGIN PRIVATE KEY-----
 MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCeSQ3WRAbbrb0k
 DNTS9g7pFFpStz1yl64ctN1spitGlKlgKYoVdT01ZqF+PKcJOE0wSl/RASKlsPBD
 7Z7obbVL2j1Q12fDvKIIci/+GFQqLqhr9Mr7SlDwSMOXYrf1oKJQK8Wz7W+0hgmm
 Z2gfKGnUDnPBomwlpVU3jH6knqqDjZy2KRlv6YZYnzSLkjmaTawvG+5DqCXc1oJj
 Zeb5cepprE8bn5a6IYjbe4dKXIRK1jk8H+rnOp7gMTLpPUjaDW1HdCxY5q1lELhk
 e4DLsKL0phYnsIRuCcYwo7f6NHqWXWFxfX3cyGmdTC+2oSAxmbGWmp6+9OzaKmw6
 CuSU72el9HyuFfJni/T0GDIef4d554egdJlX8kRi/pOTIRO1mN37mGfgj+MZNgue
 W2egN3dieJtsvnkTvXmuNLeS8Y8XnAtqQprtI+RxDebzbZxYVIgv7YWjXKQ4baO5
 vLpWrfgs+ozog94brxGI6YEIyNQDaNTnEcfmHZN/Aiw9QuO78WhwIZWH28XIQ2TV
 2RCUy+QX41whOPuclmnaJONZ6NnzQUUEigTIvQSFepxyn100OB0cJoVswxxt32tE
 pKz3Jw2PGpvSU1wVvR7x3vFF15bQUApDO1PqGo1nrWjQV9w89WP7Dv+yz1kw1RK8
 LGIAz8Ou6iAEwWfgP5KZ5QTMe6Z/uQIDAQABAoICADsiR80YtQc1LUhektQNoRxq
 wiPM2WQKTr3ixCZnHhvMRkrque+yUR+2K/chabYEFrJH1uwaZHtKUzjNeWSUN/sS
 mX2uO9HgkxhcsJlZNXhc3gcW+Q5QgVSDmq7f7qIRVRJmiAHkXqsuuEQ2tauOSZsz
 mwNoTsbxsZiDIH0X2dQz/6v+RsaMk+hf8h2Cj4qaIg2nfahBFYQfj67azyO57z1z
 ZkqHoKQBC0QULkMVtUbQKanQss2YFOrk9oQ0pRbxlTXwrPC5nWX4jSrdCQ0P/JEx
 y20ggRkrBaP+Rilvmay7TkA8Bd2J8gsV/21XXNOq+7GsKkpk7mfDGZPFpggOOMYs
 xmp9rCZ+/0wpGQ130/ks3bQRHeVXQ0WuEXrmkdHhyyRycYocDfUhC4YB5NJOhI8H
 Xl/ScebL3xwl56CNbfdyG6VeAqpJk6qxoklMw+zWJQeHtaHkXObWSSORf0KCAHV7
 5/FWH7QP93g3X4r9Cq0zVI0e9ImC81azxj335bWpZi63YTvZriStak2ucfkBPXof
 zTQHVi47E8fOG6HjEQYLM/FohXRxSKodBruKEKZlzqGLaSVlfj25v1l61mS4Owjj
 2VWEuCraGixRIfawK6CtuS6ZRCLZyuVISul0Xhmm9EJ9rrqaJS3rCHp40S/prnFY
 TACkRoLkBqftkva2uVxBAoIBAQDQK0hEZ3jVznmybNyvscdkYnJHFqJqjQgR3DKM
 1RxcOpsLcEJZv5Xw9yze1QndCplnWsHsbOYI/Bz6Bnf60DRnbiZrftNEkabEgPkE
 pEnZTCWm/ynTjhJy5y5ttnrqx2CHUpLoVnwqQKQqp3p/gjXQcp9NqX8/ieA4ae63
 tPMpQERlA3ETHprZ26NkjIl35oO2Hl/vw80Inh26EHFlKZkzKRsCaqBLgIkDpbOe
 vgziyBUCk3pmyKI62pPu4S3Xy7TaYtjUeZvwUI8u3hvE6v2Qjj9nS6qvTOGRg/hG
 3DSBEqXUxMTYu+41zPyYZiSoUpFkReV9G/K3wO9b0Y+po+NFAoIBAQDCp4+uwo47
 90S79J2wM4nEhtPvgg5Zvv+8a1Uedng+DKokmPdcqD9RSREcbuj2BOwS/phTePKh
 0UFgy43B8DrTDNrYvZPTjPalxo8ks122+vzM+Y43le072wOQkHfVZP/Y1+lOOsVf
 TjGrp82keg4w784w7OuJNg+i7+rwsOwBn6iavHbHi3c8IGXDsNe5+LEwTSXSyxiF
 s/NFBYOxNDV1GVATTbyi5bEKLDtrD1GXRtCU4atGf9fwYSU08KMjrhRQLP+0sYwN
 lGSpJnJc7M7CuikxT646+ENTZC1vZlp1bUwsX7sjk5kxq6fkf0LM0/7hLg0yPOFV
 XTBeLPYJrRflAoIBABYbgqFBG+QY+XOpfAZsqvBORDSogrcuIx1CdVvfhhOFZdHh
 Kiq93f6pQWqo1VNUPNZtHQsuxX9OxwUGitdoJSiW2h2wal9t2Hgl+kwz5mPdYmJJ
 1vdQr0TkqFmed49XfTjh3Bgwlx8lnkmpX6kK+wwYIDLvPURSMC3NkjyQSwKmgJz5
 sJiHN4rLeJ7FDhRdtr8wmp+r+6peoGmSNXi44jw8sVGgYUWjcOmiP2EsbdHnzdNo
 NieURyZY8Dz+TRAN4jcPKFfoUldDNvGTRP+0tRkVAkbGEmprj8kUatmbqTfL8zCV
 dRJPYwzzqB/HOT1nB2nOwoB251/8bW8i4k7xyMECggEANOd9sa3HIp0t3Te6s+0O
 AI/0giAC7nlu4DL7y2+/dn3SsGeys0g3DUyijevG/TaRQwhXNjilGT3aWwh32sID
 +uB/inDcAJ9LWfsBZKQrUFQe6UbaVFk3RRFdgqkBKMpujuz/x/dJNYH3FgRha9aQ
 jNRgYgPCcGR1E3/JhulO+5H9LTETx2AsY/caMXma6DyjS9Fr+kKgw5YJBDVfeYYL
 EWxzywtRvaRX3b/v1kUvk8H3Zr9+4YZVlkuQ5TaR4FyrwK66QM4QlpBCW4bLhl4G
 Q/58u55AaF6ZTczoXGKhK1EtZtIN9rli5ZEV7JB6A1mK6ICvrXvGcoEFaFMn+7FD
 0QKCAQB+zcumaZJ2f70TUc0cSpH5ObEdQzgLDgYk11ntogFWaXefY84R2UOAnVmT
 TOAdl5CHY+iBwYVldGO9/+lSaeXzsFYeuvkoVPg8jnSoocc8H+QdgCjXwIPtalAJ
 DmMo5OehmmbeZl/HYnESodqy+94DylxpoAwRwPh4m4H28lJObOkc+aP94Ij+i403
 PW9HxSK4u1OTSAXUHrsHxYTHOoO0KIx7tDQtgToWJiXIF4OcvHpVrYhZlmX8jdZB
 rzfGm7L2NbXOxMyRwzkiP2u3Jy2KMDjkzzrcj/baBASw/gvTBNg0Av+hxDLHAVKc
 +gk211q750iboMg2OYLjyYqcwbXn
 -----END PRIVATE KEY-----
--- a/tests/backend/mongodb-ssl/certs/test_mdb_mon_ssl_cert_and_key.pem
+++ b/tests/backend/mongodb-ssl/certs/test_mdb_mon_ssl_cert_and_key.pem
@ -0,0 +1,185 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
        Validity
            Not Before: Jun 14 12:44:48 2017 GMT
            Not After : Jun 12 12:44:48 2027 GMT
        Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=MongoDB-Mon-Instance, CN=test-mdb-mon-ssl/emailAddress=dev@bigchaindb.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:ba:24:72:5f:73:ff:ea:19:08:30:c8:91:47:01:
                    2c:ec:0e:b2:81:fa:84:01:72:38:d7:17:81:b3:87:
                    b0:ed:91:b2:d7:b1:7c:30:c6:d3:93:5f:39:04:e6:
                    fc:dd:b4:f6:c3:2a:d6:ce:ce:f1:6f:bf:32:05:92:
                    eb:90:66:0e:95:c5:ce:5c:3a:37:ac:cc:40:c5:ef:
                    3e:53:b0:49:ed:ab:3c:9f:08:88:63:fa:a7:db:d4:
                    6b:e9:55:0f:f3:f9:62:45:b9:a4:a2:3d:6a:60:b5:
                    ee:9c:e9:7c:cb:ef:06:0d:c5:92:21:4a:79:b4:f4:
                    58:20:a6:8e:82:87:05:2c:c5:94:ab:6a:56:09:9e:
                    64:bb:ab:29:86:04:a3:39:fd:4d:25:da:f7:6c:c9:
                    c2:c4:42:66:f4:f4:4e:91:dc:09:10:3d:6b:16:0b:
                    a4:be:c4:52:6e:4b:fa:8a:50:74:be:54:a8:46:e2:
                    0d:53:db:9b:8d:6d:58:71:71:8e:f9:4f:ca:07:48:
                    c2:eb:fa:d1:42:0a:33:18:9e:14:0e:a8:6d:78:f6:
                    8a:76:72:db:94:1e:56:cd:02:5d:7e:6d:6f:75:35:
                    cc:ca:c0:be:57:2c:6e:96:7f:79:51:84:ae:95:a5:
                    3d:da:bd:01:8f:6a:de:8b:d0:dc:f8:61:27:f2:a6:
                    cf:0d:40:89:d0:2e:db:da:e5:ad:c5:9d:95:5f:22:
                    a4:52:70:33:4f:df:13:8f:96:a0:9b:21:aa:15:20:
                    39:c6:16:65:98:b8:97:2a:cc:47:e0:79:41:b4:a2:
                    96:32:68:65:f6:8c:1b:ce:c8:38:9c:75:2c:1a:87:
                    d9:87:9b:f8:b7:ff:2c:15:e2:0a:12:7b:a0:ef:3a:
                    39:7e:32:3d:f9:42:d7:5f:08:38:93:4e:f1:41:a0:
                    c2:55:30:55:40:aa:bd:68:8e:69:c3:33:6f:50:0d:
                    ef:44:80:da:e5:01:61:d3:71:41:de:03:ab:42:85:
                    a0:80:1d:2a:b7:88:15:7b:ee:43:64:20:57:f7:25:
                    b2:6c:47:a6:5b:15:58:13:67:47:a3:07:17:20:51:
                    d2:8d:7b:71:91:39:5a:1b:a2:a0:0f:15:73:84:74:
                    1f:49:b8:64:4b:3d:86:99:85:a5:e3:05:63:37:c3:
                    bf:e7:c2:4c:fc:ff:bc:9a:8f:43:43:52:a7:cb:b8:
                    91:e7:0a:10:02:ac:74:3a:8b:06:34:50:d2:a3:12:
                    81:d2:7b:46:bb:ad:2f:9e:ed:9e:0d:8d:27:64:99:
                    e5:e2:a2:56:cb:ad:3f:48:24:9e:11:32:bf:70:44:
                    e2:a5:bf:39:86:5b:ed:5d:75:c2:53:40:62:da:2d:
                    f8:f2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                31:63:2C:98:2F:9F:6C:44:82:A9:B8:D3:06:15:95:84:D9:52:98:71
            X509v3 Authority Key Identifier: 
                keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98
                DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
                serial:E8:06:B2:C9:2A:9C:2E:FC
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
         1e:16:02:5b:35:f6:36:0a:54:bc:48:11:51:39:a1:b1:e5:39:
         bd:26:73:bc:37:22:95:87:3f:ed:e6:e1:00:fa:e2:a7:2d:ef:
         9d:25:ee:b0:7c:c2:e5:8e:9d:ff:24:51:ee:a2:cb:2c:b9:0a:
         38:07:94:8c:12:21:e1:1f:83:5f:4d:92:a8:b1:ff:53:90:97:
         30:2d:06:d6:84:79:27:6c:34:dc:19:6e:af:dd:80:a7:66:3b:
         0d:c5:c2:0d:7a:ce:b6:12:c2:9e:6f:02:0d:d0:41:c1:7d:75:
         aa:07:46:50:e0:06:22:a8:d7:d2:45:dc:d3:c1:20:01:61:c6:
         07:13:74:b3:9e:de:88:1a:75:1d:8d:0a:3f:fd:0a:56:07:92:
         d6:ce:37:f5:e6:ad:d0:64:33:77:36:dd:76:06:e1:20:00:64:
         88:d0:ca:71:f2:65:7c:26:ce:2c:55:07:50:36:d9:2b:b2:80:
         fa:d1:4b:fc:31:89:d9:3e:c6:50:a8:ce:cf:df:d2:54:53:e7:
         80:ab:e6:4e:66:e8:91:70:55:95:80:94:74:60:f5:e8:ff:69:
         65:c0:41:17:af:1e:8a:50:a7:4e:f3:c1:76:42:7a:62:22:0a:
         51:33:06:57:bc:6f:7f:f6:5a:9d:4f:cd:2b:21:65:63:d8:ab:
         5b:38:8f:8c:f6:37:50:ca:32:5c:9a:3a:1b:a1:db:9f:fa:10:
         4e:35:54:9c:24:42:8a:33:58:a5:3e:b4:a4:67:4a:d2:b1:8d:
         99:d5:4d:1f:f7:d9:c6:ee:60:54:7f:bc:57:2f:0a:b9:ce:04:
         96:0f:0d:9c:22:39:a2:4e:e3:c7:3d:df:9c:09:af:45:62:57:
         1e:25:67:b1:4e:e9:15:88:c5:b3:2d:88:c8:60:8e:5e:b5:28:
         49:77:63:6f:0f:9d:d2:06:94:b4:b3:d9:92:2a:32:7f:45:c8:
         32:69:12:7d:8d:47:52:5b:3e:7f:f0:bc:80:11:56:08:97:7a:
         eb:fb:0d:69:5d:88:b9:bb:27:7f:de:2e:a9:63:c5:89:56:88:
         ce:2f:47:f0:1f:bc:3a:60:f4:19:8a:39:82:11:51:99:7a:8d:
         1f:11:53:2f:f4:43:48:08:c9:1e:a5:3b:ed:f0:8e:cc:d6:1e:
         20:e9:2a:4d:c3:cc:3a:6c:63:29:a7:1b:c3:63:13:19:d5:82:
         61:b9:83:39:e8:60:d9:06:e4:cc:55:5e:93:70:80:97:58:f4:
         24:1f:2b:6f:e6:ff:67:f1:76:2a:b3:db:6b:1a:22:42:a0:85:
         44:de:1a:9a:9e:b5:d2:ca:95:11:2d:ba:57:4e:2e:79:67:10:
         c8:ee:aa:67:61:ca:8f:25
 -----BEGIN CERTIFICATE-----
 MIIG4zCCBMugAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx
 DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj
 aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m
 cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X
 DTE3MDYxNDEyNDQ0OFoXDTI3MDYxMjEyNDQ0OFowgaYxCzAJBgNVBAYTAkRFMQ8w
 DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh
 aW5EQiBHbWJIMR0wGwYDVQQLDBRNb25nb0RCLU1vbi1JbnN0YW5jZTEZMBcGA1UE
 AwwQdGVzdC1tZGItbW9uLXNzbDEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWlu
 ZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuiRyX3P/6hkI
 MMiRRwEs7A6ygfqEAXI41xeBs4ew7ZGy17F8MMbTk185BOb83bT2wyrWzs7xb78y
 BZLrkGYOlcXOXDo3rMxAxe8+U7BJ7as8nwiIY/qn29Rr6VUP8/liRbmkoj1qYLXu
 nOl8y+8GDcWSIUp5tPRYIKaOgocFLMWUq2pWCZ5ku6sphgSjOf1NJdr3bMnCxEJm
 9PROkdwJED1rFgukvsRSbkv6ilB0vlSoRuINU9ubjW1YcXGO+U/KB0jC6/rRQgoz
 GJ4UDqhtePaKdnLblB5WzQJdfm1vdTXMysC+Vyxuln95UYSulaU92r0Bj2rei9Dc
 +GEn8qbPDUCJ0C7b2uWtxZ2VXyKkUnAzT98Tj5agmyGqFSA5xhZlmLiXKsxH4HlB
 tKKWMmhl9owbzsg4nHUsGofZh5v4t/8sFeIKEnug7zo5fjI9+ULXXwg4k07xQaDC
 VTBVQKq9aI5pwzNvUA3vRIDa5QFh03FB3gOrQoWggB0qt4gVe+5DZCBX9yWybEem
 WxVYE2dHowcXIFHSjXtxkTlaG6KgDxVzhHQfSbhkSz2GmYWl4wVjN8O/58JM/P+8
 mo9DQ1Kny7iR5woQAqx0OosGNFDSoxKB0ntGu60vnu2eDY0nZJnl4qJWy60/SCSe
 ETK/cETipb85hlvtXXXCU0Bi2i348h0CAwEAAaOCASMwggEfMAkGA1UdEwQCMAAw
 HQYDVR0OBBYEFDFjLJgvn2xEgqm40wYVlYTZUphxMIHQBgNVHSMEgcgwgcWAFGnH
 hYBk5pBA6TBoiCPSTbvs35iYoYGhpIGeMIGbMQswCQYDVQQGEwJERTEPMA0GA1UE
 CAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD0JpZ2NoYWluREIg
 R21iSDEQMA4GA1UECwwHUk9PVC1DQTEbMBkGA1UEAwwSVGVzdCBJbmZyYSBSb290
 IENBMSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQDoBrLJKpwu
 /DATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEL
 BQADggIBAB4WAls19jYKVLxIEVE5obHlOb0mc7w3IpWHP+3m4QD64qct750l7rB8
 wuWOnf8kUe6iyyy5CjgHlIwSIeEfg19Nkqix/1OQlzAtBtaEeSdsNNwZbq/dgKdm
 Ow3Fwg16zrYSwp5vAg3QQcF9daoHRlDgBiKo19JF3NPBIAFhxgcTdLOe3ogadR2N
 Cj/9ClYHktbON/XmrdBkM3c23XYG4SAAZIjQynHyZXwmzixVB1A22SuygPrRS/wx
 idk+xlCozs/f0lRT54Cr5k5m6JFwVZWAlHRg9ej/aWXAQRevHopQp07zwXZCemIi
 ClEzBle8b3/2Wp1PzSshZWPYq1s4j4z2N1DKMlyaOhuh25/6EE41VJwkQoozWKU+
 tKRnStKxjZnVTR/32cbuYFR/vFcvCrnOBJYPDZwiOaJO48c935wJr0ViVx4lZ7FO
 6RWIxbMtiMhgjl61KEl3Y28PndIGlLSz2ZIqMn9FyDJpEn2NR1JbPn/wvIARVgiX
 euv7DWldiLm7J3/eLqljxYlWiM4vR/AfvDpg9BmKOYIRUZl6jR8RUy/0Q0gIyR6l
 O+3wjszWHiDpKk3DzDpsYymnG8NjExnVgmG5gznoYNkG5MxVXpNwgJdY9CQfK2/m
 /2fxdiqz22saIkKghUTeGpqetdLKlREtuldOLnlnEMjuqmdhyo8l
 -----END CERTIFICATE-----
 -----BEGIN PRIVATE KEY-----
 MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC6JHJfc//qGQgw
 yJFHASzsDrKB+oQBcjjXF4Gzh7DtkbLXsXwwxtOTXzkE5vzdtPbDKtbOzvFvvzIF
 kuuQZg6Vxc5cOjeszEDF7z5TsEntqzyfCIhj+qfb1GvpVQ/z+WJFuaSiPWpgte6c
 6XzL7wYNxZIhSnm09Fggpo6ChwUsxZSralYJnmS7qymGBKM5/U0l2vdsycLEQmb0
 9E6R3AkQPWsWC6S+xFJuS/qKUHS+VKhG4g1T25uNbVhxcY75T8oHSMLr+tFCCjMY
 nhQOqG149op2ctuUHlbNAl1+bW91NczKwL5XLG6Wf3lRhK6VpT3avQGPat6L0Nz4
 YSfyps8NQInQLtva5a3FnZVfIqRScDNP3xOPlqCbIaoVIDnGFmWYuJcqzEfgeUG0
 opYyaGX2jBvOyDicdSwah9mHm/i3/ywV4goSe6DvOjl+Mj35QtdfCDiTTvFBoMJV
 MFVAqr1ojmnDM29QDe9EgNrlAWHTcUHeA6tChaCAHSq3iBV77kNkIFf3JbJsR6Zb
 FVgTZ0ejBxcgUdKNe3GROVoboqAPFXOEdB9JuGRLPYaZhaXjBWM3w7/nwkz8/7ya
 j0NDUqfLuJHnChACrHQ6iwY0UNKjEoHSe0a7rS+e7Z4NjSdkmeXiolbLrT9IJJ4R
 Mr9wROKlvzmGW+1ddcJTQGLaLfjyHQIDAQABAoICAEU5ysNPC6zPFGm4HbdPa5p6
 uM54EWHMTfFIT7cpzpX7qoxm+G3Xc9YKAtWc5gu6Ak+A/hQ5iDbr3zmNc0fnfKMc
 xmssR4pfB/PUztQm6seV+FyYusib7pNlw6AqP12XsIGH0f94YbiH0K7QctYRFapH
 gNoarXqrqJ6z8qn+duE4tdquGENJgeL9e9rYnK+zUV6zuXLe8i01GL8eoJ3EPCar
 AMlZGTLNJm7YmNuZomEqcM6zwQsf0BDfypWeCvMTRmpBGCTUycAKtQgBuindX6Et
 5z635ouGYPerWoPrRRlNIdWBqwgWgSY9UCwN8TO8GW3g/tSMhSlwSs2grE+k07lR
 6d05taL8c/thZDpHBePVhKvNvJfI8ef0lqCCPc/uFnmWkY3pg2HB3Z605YqPhddL
 tTqaDZVL2oc9qrnyjz/6cFOa9Mh3cdt8L1+j0hMDWxYOcYS7IJi35V25B8wDPVZj
 LXCINNQtTio7hwc+jyXhPVSERfeISlU1Ki5ZomWLzMtkdDzBz8By++aEudKw+cV/
 OjLa07SLdn05j52rqYhzaZEbeXoY1L2N+V9c86iukjr8vLHStzgmzpWDYcsnHu7w
 Ojy4iRtAvI2a+PSq0tdqfhFKCA5zevLcCxUUhSDxWIa81TYEE+MfqQYtEASB1/Ze
 Nt6IKu9zpLXA1WFNxLktAoIBAQDvU/K+eznf/ro46WvpKqXyU0YkEoMNHDQ7ljrG
 QLkDo9WfN08aKpi6tjdgKZ97yqJae16h6WJj6aDyKL+kpkhitQ8QPhvpg4Efiupz
 15gqbLzlIqrmdfGH/X2H/C3i6WDdrJWMA7ERitK4TKGoKzIH+YHA3kjEwvVnAh/U
 TKov47H40UP8qTTmortTC9uO+3TmbpSkDU7iGhTKd1RYcLnKj9jmI+//BZ0OYe6U
 QzrCKD27YIsH0QD9pWv/Wn3Xy2yH7EnWxXzxq6Wd767JHIloHVYICrnMf/rSA/sV
 8g/JjLuLCUf2U0DxauX7wcnC7XtOJ0u5PBw1lzRYA/vfNgVPAoIBAQDHHAO9K2E7
 5Gy2zVVdqxgK4NqY6pOgaEu7T95VaTchShQ3dGs5b/s8GU+gjZ+XOF4VEqjazGR5
 xUXqlF+XLp0YI7vn9yNoUYRvHtbun8hBaQ2yc4iWzxGeAQVCYr8e0w6gs7pyFIh5
 xKZzaYZFKIJhTD/NApuul0IYnRSnKXhODp4x/dElpgectkLUHlME9rrXjBdKQVFN
 x50JBnopA0/npGxtuDzztSP7qq1rFp3HHMChvzM5oLoOj5b80OmaI52vCGY6Udhy
 HMNbMzMiEHgekNramFEe0fZxuwUkF6+O+FIb+jPy0EP04an4IDNhjLet7PHN62qW
 CEF1UIz/w87TAoIBABnY8TCNUnTUp/wZiaQHDSEcyUiAD1NNJn8A/JwIxXKVMS8e
 5BYpX5FauKRUGnteKSaoiFHoSM4Nn2pH6Fq58rtmXpgcfRs9Lqbfc+7K7A447DW7
 BsYZGtrbD8GuBK6rEeEfEI+snmUMnzF0ZUkqUR73XYIc/7Lwc1yKqDFfjknZx5Dd
 2P/irmnyTVTsxOuuULPKYZdOMKTOuEwdkyhyFD7CRmSkoPjj/FBfV0r/78qkWfZw
 uNNBSWAbi4xqk4jI2ZHcfSUK8zGOnjZuemwR/u0VrgL0VZi2gbpI38dA+1+DKYYc
 nH8IAs2QBAKqrUW2LEkGiXEaAtnu2KJg28UBqpUCggEABSMw6YGkCaKUN4dGy5rt
 jOJOYaGz23C1e4jNCNElLgO2T9P+LEY6akuQ5WiiFInMy6hmmParJQU1D59yc/ks
 7oGFiK+0xy1LSH64NwICbcWjJ9aZUKLZJoWKODNKESaK+xSIHAdxmgq77MBtSX2J
 F6+a+dQ2ZiPa/b2X2dRVGVaBOHL/IYSOL7n4MXby127yVTt1ImJbEbGz2JbFMie2
 uRhh/9bAI92ppwW5Ycj8mzWftsyzKqp+AoAr+iv9yw9eMzT5Rkn0VsVtOP4yNI/O
 OaOtMfS6Kxxpyndz44GE8yBvJe+nxX0gM8Ja218hVEQIPUGe35xSbLqbzcYdTUAl
 JwKCAQBWx+ej+03fXOPHN8K2IA1a+8wEwjxsjbpGtHd/nyDVkjdqVHW+Jkmyqkne
 gFbDvq2ZHQJjDYB9o/ZnwXpEXfweSz2XsdiNBMQvIUMOGRmI9yJJ1Ez1gfhlJYpW
 Im+/dWQCTw0o/8cHPI32ic3iBZBuemGCxccF89bmX+GPzK/aT8F+5uG/pHjHXNU6
 S/jKxZIwDM9yW4vIRdOAAi1eya0f+VHE70ORpUXfkUV5kVQR7pLEWDFDKIF/zBGv
 vRPdZOO5GOQb0kQ1eHyHDPUOimT1GlF+e9OLvy6dVDaqKRBEiVHjxfWGUnpH+Qo5
 zlmQnC98+HETU0YHNxAAMsRPvxXi
 -----END PRIVATE KEY-----
--- a/tests/backend/mongodb-ssl/certs/test_mdb_ssl_cert_and_key.pem
+++ b/tests/backend/mongodb-ssl/certs/test_mdb_ssl_cert_and_key.pem
@ -3,60 +3,60 @@ Certificate:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=TEST-CA/emailAddress=dev@bigchaindb.com
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ROOT-CA, CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
        Validity
-            Not Before: Jun  2 07:09:28 2017 GMT
+            Not Before: Jun 13 14:40:55 2017 GMT
-            Not After : May 31 07:09:28 2027 GMT
+            Not After : Jun 11 14:40:55 2027 GMT
-        Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=ENG, CN=test-mdb-ssl/emailAddress=dev@bigchaindb.com
+        Subject: C=DE, ST=Berlin, L=Berlin, O=BigchainDB GmbH, OU=MongoDB-Instance, CN=test-mdb-ssl/emailAddress=dev@bigchaindb.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
-                    00:e4:71:43:91:f2:3a:26:4d:6d:61:f5:54:dd:a4:
+                    00:bb:37:f1:24:2f:83:95:2c:bf:47:a4:a0:2c:9f:
-                    a2:8b:e8:79:b7:44:94:9f:30:5d:86:d8:f5:9d:80:
+                    e1:bf:fb:70:f6:9b:04:a0:e8:3b:81:6f:ca:a6:22:
-                    cb:51:e8:c0:8c:9e:2f:fe:cb:9f:bb:f1:b5:97:47:
+                    6d:63:75:48:bc:fa:57:29:16:f7:2f:09:52:6c:c5:
-                    d1:9e:43:64:2b:f0:3f:99:30:1c:27:34:74:87:1e:
+                    52:20:74:9b:27:99:5b:51:85:ea:ef:c9:5f:78:c9:
-                    73:8f:86:66:89:0b:b9:64:05:8a:95:d7:81:da:fa:
+                    29:b8:cc:a4:a8:46:c2:a3:64:41:84:92:36:c7:a8:
-                    b7:d0:4c:59:0e:1c:d7:1f:07:74:7d:38:9d:b0:6d:
+                    82:e2:b6:5e:67:08:d6:bb:3d:36:06:31:10:53:7a:
-                    02:a8:c3:63:f4:5d:d5:29:5b:df:8a:56:c5:51:29:
+                    58:66:66:89:4d:46:d3:f6:3e:38:d4:84:d9:6c:c4:
-                    32:5b:ea:cc:ea:00:a0:04:e9:8a:f5:a0:e1:c3:77:
+                    95:68:9e:66:b7:47:c6:63:dc:35:1c:46:3d:8e:c6:
-                    c9:3d:1b:99:fa:e8:bb:08:e5:98:bb:ec:5d:7e:d9:
+                    96:13:aa:65:53:3d:75:84:76:af:85:d2:6f:97:78:
-                    7e:39:98:ab:16:cf:e6:e8:df:a9:6b:37:72:83:4d:
+                    0f:d2:8a:c0:cb:3f:86:30:09:0f:bf:ae:30:cb:26:
-                    43:94:3e:99:39:ae:1f:5a:c9:51:71:30:5e:20:70:
+                    05:61:0c:ad:07:5e:33:cc:82:bb:46:49:86:a5:6e:
-                    c9:90:ff:ba:8b:6c:d9:5f:3d:df:03:d5:fe:f7:52:
+                    07:1b:78:b2:71:7b:01:ee:00:97:ac:81:49:89:df:
-                    ea:41:6d:4b:fe:6e:04:30:ef:a4:19:20:a8:fd:fb:
+                    73:ab:d7:78:8e:a3:c5:76:5c:e9:fd:48:5f:a6:45:
-                    0c:72:76:2c:30:54:5d:f4:2b:e9:cd:96:3f:bb:e9:
+                    b8:97:13:6a:55:05:5e:e2:00:46:27:67:93:06:fb:
-                    6d:7e:79:8f:fe:06:6f:40:b1:42:a8:54:80:65:56:
+                    91:83:69:c7:5e:12:49:ce:39:b9:ca:69:9f:0d:ff:
-                    50:af:c2:e2:68:e0:ac:22:90:00:ae:bc:6f:55:1a:
+                    6a:79:b6:6b:6f:81:6c:51:e2:d0:01:9b:f8:7b:25:
-                    b7:ed:90:22:e8:c7:34:1e:4a:7d:d2:26:b0:35:16:
+                    3e:09:4d:00:aa:89:7f:00:e3:fb:5c:35:19:8d:c2:
-                    ec:30:45:cd:ac:f3:87:f6:8b:fe:84:8b:b3:9f:13:
+                    11:21:87:1e:7a:11:bd:88:b2:de:ea:bf:a0:8b:fb:
-                    08:f2:59:9f:3f:64:ee:20:a0:dc:87:8a:28:89:87:
+                    0c:c3:6d:e2:ce:1f:6c:5b:5f:4a:05:da:ff:f1:fd:
-                    1c:a1:91:63:81:01:66:43:7b:5f:5f:38:69:a7:f7:
+                    4a:f5:de:5b:d8:93:ca:17:6b:dc:80:3e:91:6e:97:
-                    ce:da:07:0b:7c:2c:87:df:9d:a5:12:db:b4:97:ed:
+                    43:db:59:f5:80:c1:0a:54:32:cd:c3:be:87:e9:93:
-                    e9:2c:31:d5:14:cc:f0:f5:a4:6c:7e:59:4f:73:36:
+                    14:ae:c7:29:01:90:e8:11:32:59:1a:73:bf:42:0d:
-                    eb:28:1c:be:69:98:1f:12:c1:e0:db:6f:f0:1a:62:
+                    c6:82:2c:89:2e:54:67:c8:2a:c3:3b:ce:e6:c1:09:
-                    51:45:71:58:88:68:7e:06:42:cb:b3:31:85:53:90:
+                    48:ad:d3:a3:e1:80:f8:df:6e:4c:78:72:76:db:4e:
-                    70:84:f4:08:18:d5:4e:07:8b:db:6f:d2:0f:ac:c4:
+                    d9:b9:fa:5b:7c:85:73:64:c9:23:94:ae:5e:63:68:
-                    c2:52:a5:ed:07:b9:1b:1a:e9:22:4a:21:f8:1a:27:
+                    7f:1e:63:d3:78:85:47:0b:ec:52:1e:02:cf:7b:9d:
-                    9f:47:b5:ef:cb:24:3a:36:29:dc:68:fa:f1:9f:2e:
+                    96:9c:63:4f:46:f7:79:1e:90:d3:21:18:85:26:17:
-                    02:f8:8d:ab:25:6e:ba:3b:0a:0e:9e:c1:40:f4:56:
+                    f1:51:18:d6:87:1c:9b:50:0e:70:6b:f1:08:41:b6:
-                    74:75:fc:b8:84:fa:bb:05:17:b7:b7:d8:36:02:40:
+                    3c:fc:fb:d7:1f:f1:bd:2d:3e:77:b6:66:92:0a:81:
-                    16:03:c9:75:a0:68:7e:e0:f4:c9:ae:fa:3d:0c:a3:
+                    01:0f:4a:68:68:69:5c:0f:38:b3:46:68:1b:55:99:
-                    81:3b:e8:a2:84:dd:73:6e:d4:9f:e6:1c:db:d9:9c:
+                    67:29:d1:03:f2:a5:5b:f1:8e:53:ed:c7:cc:79:38:
-                    d6:c2:b9:fb:34:8f:f6:46:33:9e:29:bd:0d:11:33:
+                    9c:8d:a6:78:f4:3e:23:28:ee:a0:d3:55:0f:c3:f0:
-                    03:25:dc:1a:c7:44:00:76:83:16:5a:a5:d3:35:bb:
+                    64:c1:fb:e5:85:71:b2:1e:44:d3:1d:78:87:77:76:
-                    47:2d:9e:77:16:e0:b0:48:9b:dd:7c:20:56:56:1e:
+                    e2:6f:5f:54:64:14:b4:2f:14:0b:a5:3d:98:fb:68:
-                    1f:40:87
+                    99:1f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
-                F5:2B:26:62:47:74:FC:75:6A:9E:76:8F:35:EB:23:64:BF:DD:18:3F
+                0B:53:E2:76:40:AD:73:C4:12:6C:85:CF:36:5B:5F:FB:6E:E8:03:A7
            X509v3 Authority Key Identifier: 
-                keyid:97:C8:DC:C8:EE:AF:E2:70:C4:09:9B:19:50:8F:86:1D:2C:FF:6E:26
+                keyid:69:C7:85:80:64:E6:90:40:E9:30:68:88:23:D2:4D:BB:EC:DF:98:98
-                DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ENG/CN=TEST-CA/emailAddress=dev@bigchaindb.com
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=BigchainDB GmbH/OU=ROOT-CA/CN=Test Infra Root CA/emailAddress=dev@bigchaindb.com
-                serial:A4:C4:DF:DB:1A:DB:83:C7
+                serial:E8:06:B2:C9:2A:9C:2E:FC
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
@ -65,123 +65,124 @@ Certificate:
            X509v3 Subject Alternative Name: 
                DNS:localhost, DNS:test-mdb-ssl
    Signature Algorithm: sha256WithRSAEncryption
-         35:75:46:2b:6a:b9:a7:cc:24:ac:88:83:d5:e1:28:08:c1:0b:
+         4c:14:3e:6b:af:f8:e8:69:11:2e:13:12:b7:9b:91:c7:68:01:
-         ff:9e:c1:57:86:92:c1:63:c3:bf:82:e7:11:d2:83:89:58:78:
+         26:00:b8:c8:35:8b:fe:d2:bb:ab:43:d1:7a:8e:24:b2:08:dd:
-         94:51:87:81:e7:fb:78:53:0c:19:2e:9e:41:84:26:91:2d:4a:
+         1a:77:91:f0:68:35:42:56:ba:fe:26:3e:91:e2:8c:c1:01:e2:
-         e5:cf:7f:9b:4e:80:ad:5c:27:11:d7:62:81:4f:87:f4:59:d4:
+         65:f7:3b:12:ba:7f:1e:8a:8e:5b:a1:c8:28:8c:16:b8:72:03:
-         8d:ba:73:df:13:48:c5:b7:f1:21:1c:9a:59:17:d9:12:3e:4f:
+         31:d6:6c:2c:ac:80:6e:7d:52:24:2e:4d:0b:e6:90:d1:7d:18:
-         84:5a:ba:16:92:2d:5a:7a:f7:b7:af:76:c7:be:6e:96:b0:a3:
+         3f:ea:9f:7f:85:39:86:77:3b:19:3d:ba:b0:57:10:16:25:fc:
-         8f:62:9a:ff:bc:16:db:e0:c5:f6:57:db:f6:1c:d7:eb:75:24:
+         d6:be:17:7b:c4:92:0e:c7:18:3c:69:48:e0:72:2c:3e:42:2f:
-         98:43:08:17:0c:9f:6e:42:b5:ee:74:b1:12:1e:1e:86:2d:72:
+         0b:70:02:a8:c1:04:2b:d8:00:72:b4:67:35:d9:79:3f:98:71:
-         6b:62:ab:33:ff:38:57:db:96:d5:98:c3:6e:97:36:26:f9:1b:
+         55:92:e6:fa:51:2c:42:2f:71:c6:4f:98:7f:d8:2c:7c:12:70:
-         e7:05:0f:db:e4:a7:4c:ca:2c:4c:d8:b8:d7:92:52:b0:fa:aa:
+         97:ad:cd:92:0a:66:80:2a:ec:ac:e6:9b:3a:0b:27:ca:e0:cc:
-         c0:ee:b7:9c:33:25:85:77:3a:b8:50:6f:61:a4:59:54:89:fe:
+         9f:b4:07:f4:fa:f7:60:17:39:f1:46:46:eb:e5:78:2a:84:b2:
-         0d:f3:d2:7f:7d:91:64:7e:d1:e1:d1:02:5f:cf:e4:b1:47:70:
+         78:87:ce:73:ad:20:8b:50:8c:d5:c5:cd:4c:b1:96:be:64:24:
-         98:37:4e:9f:33:94:7c:67:5a:66:11:d8:c4:33:0b:e9:a6:9a:
+         e0:a9:81:c3:01:51:a2:b1:50:22:15:97:5a:e6:49:f3:1d:f1:
-         86:cb:ab:27:e1:44:41:36:3d:8e:47:6f:73:eb:84:a7:90:eb:
+         72:3e:8f:0d:87:e9:05:c1:92:8e:4b:db:1b:e2:b8:3c:b4:13:
-         3a:6e:3a:16:1b:a1:68:60:6b:3a:93:47:1d:32:29:1c:d2:1b:
+         dd:3d:ce:4d:f8:1e:8e:73:ae:5a:36:ba:be:dd:11:7c:b8:b1:
-         c5:d6:cf:11:c5:0e:b0:67:4f:c2:07:82:bc:d4:9c:b4:a8:58:
+         ef:d2:94:84:a7:c4:0d:96:0f:e1:46:46:bb:7d:51:a9:61:13:
-         4c:a4:47:22:09:0a:e2:72:83:4e:e9:74:14:b7:2d:04:31:f6:
+         98:47:b2:68:ad:85:0c:f9:32:0a:76:49:20:6f:34:72:ca:06:
-         37:e4:62:48:18:63:42:31:df:f6:2f:0f:ab:f2:ef:75:a8:a4:
+         fd:05:6f:16:5d:10:67:3c:50:06:f3:c2:bd:58:c8:f4:b3:96:
-         bf:96:5a:49:fb:ce:72:57:64:c9:c1:d3:56:67:5f:16:69:48:
+         dc:28:26:62:e7:30:a0:0c:40:f6:7c:50:42:21:c8:e1:73:64:
-         35:9c:98:14:f3:25:72:ef:18:38:38:43:f3:c4:29:55:fd:37:
+         1b:9c:76:3e:78:1d:ea:54:fc:61:6c:3e:27:59:cb:c4:dd:9f:
-         c8:ae:db:00:5d:96:50:ae:50:ca:14:a3:58:ae:84:21:c2:8f:
+         94:bf:b5:13:87:79:ff:28:1a:9b:7f:2f:1f:9b:22:1d:30:f6:
-         24:cf:ce:f2:55:e1:60:37:67:ec:5a:08:81:85:8d:9b:13:c6:
+         c9:5f:53:6f:1a:88:38:b0:44:71:79:da:a6:0f:2b:e7:42:71:
-         81:e7:66:0b:4e:76:1f:3b:14:a7:c0:ce:18:16:ec:77:e5:c8:
+         9c:3a:20:7f:6b:bb:93:71:b4:6c:9e:2a:b7:fa:57:cf:81:bd:
-         33:47:1b:63:03:4b:9d:dd:fb:98:ff:0f:50:25:0c:88:a4:0e:
+         21:eb:0a:db:83:07:ac:fd:79:cb:ef:c7:fd:cd:ef:22:7f:67:
-         67:a3:26:8d:1b:38:9f:9e:7e:25:dc:4b:49:ba:75:b5:3b:ae:
+         71:7c:e2:5c:40:8e:f1:06:c3:75:67:6a:70:f4:80:b3:ad:c6:
-         9c:68:37:09:bb:59:c4:9a:14:6a:d3:c1:6c:19:55:b3:6c:95:
+         89:31:9b:cf:8c:ae:6e:85:fd:51:c6:40:34:a2:0c:63:55:84:
-         bb:24:8b:55:f8:35:c6:1e:1d:fb:8f:60:33:fa:f8:94:a9:e2:
+         e1:a9:10:00:48:1a:64:95:80:45:09:d2:1d:3f:e2:6c:e1:e8:
-         6a:93:12:b8:d0:18:42:4e:8c:24:1f:96:2b:4c:49:fd:53:11:
+         92:28:5f:da:a1:69:10:74:03:1f:f1:43:c4:43:fb:01:80:7e:
-         a0:aa:01:30:b2:3e:2c:9f
+         fb:0b:2c:62:ad:e5:f2:61
 -----BEGIN CERTIFICATE-----
-MIIG3jCCBMagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCREUx
+MIIHCTCCBPGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCREUx
 DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdj
-aGFpbkRCIEdtYkgxDDAKBgNVBAsMA0VORzEQMA4GA1UEAwwHVEVTVC1DQTEhMB8G
+aGFpbkRCIEdtYkgxEDAOBgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5m
-CSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4XDTE3MDYwMjA3MDkyOFoX
+cmEgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tMB4X
-DTI3MDUzMTA3MDkyOFowgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4x
+DTE3MDYxMzE0NDA1NVoXDTI3MDYxMTE0NDA1NVowgZ4xCzAJBgNVBAYTAkRFMQ8w
-DzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hhaW5EQiBHbWJIMQwwCgYD
+DQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEYMBYGA1UECgwPQmlnY2hh
-VQQLDANFTkcxFTATBgNVBAMMDHRlc3QtbWRiLXNzbDEhMB8GCSqGSIb3DQEJARYS
+aW5EQiBHbWJIMRkwFwYDVQQLDBBNb25nb0RCLUluc3RhbmNlMRUwEwYDVQQDDAx0
-ZGV2QGJpZ2NoYWluZGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+ZXN0LW1kYi1zc2wxITAfBgkqhkiG9w0BCQEWEmRldkBiaWdjaGFpbmRiLmNvbTCC
-AgEA5HFDkfI6Jk1tYfVU3aSii+h5t0SUnzBdhtj1nYDLUejAjJ4v/sufu/G1l0fR
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALs38SQvg5Usv0ekoCyf4b/7
-nkNkK/A/mTAcJzR0hx5zj4ZmiQu5ZAWKldeB2vq30ExZDhzXHwd0fTidsG0CqMNj
+cPabBKDoO4FvyqYibWN1SLz6VykW9y8JUmzFUiB0myeZW1GF6u/JX3jJKbjMpKhG
-9F3VKVvfilbFUSkyW+rM6gCgBOmK9aDhw3fJPRuZ+ui7COWYu+xdftl+OZirFs/m
+wqNkQYSSNseoguK2XmcI1rs9NgYxEFN6WGZmiU1G0/Y+ONSE2WzElWieZrdHxmPc
-6N+pazdyg01DlD6ZOa4fWslRcTBeIHDJkP+6i2zZXz3fA9X+91LqQW1L/m4EMO+k
+NRxGPY7GlhOqZVM9dYR2r4XSb5d4D9KKwMs/hjAJD7+uMMsmBWEMrQdeM8yCu0ZJ
-GSCo/fsMcnYsMFRd9CvpzZY/u+ltfnmP/gZvQLFCqFSAZVZQr8LiaOCsIpAArrxv
+hqVuBxt4snF7Ae4Al6yBSYnfc6vXeI6jxXZc6f1IX6ZFuJcTalUFXuIARidnkwb7
-VRq37ZAi6Mc0Hkp90iawNRbsMEXNrPOH9ov+hIuznxMI8lmfP2TuIKDch4ooiYcc
+kYNpx14SSc45ucppnw3/anm2a2+BbFHi0AGb+HslPglNAKqJfwDj+1w1GY3CESGH
-oZFjgQFmQ3tfXzhpp/fO2gcLfCyH352lEtu0l+3pLDHVFMzw9aRsfllPczbrKBy+
+HnoRvYiy3uq/oIv7DMNt4s4fbFtfSgXa//H9SvXeW9iTyhdr3IA+kW6XQ9tZ9YDB
-aZgfEsHg22/wGmJRRXFYiGh+BkLLszGFU5BwhPQIGNVOB4vbb9IPrMTCUqXtB7kb
+ClQyzcO+h+mTFK7HKQGQ6BEyWRpzv0INxoIsiS5UZ8gqwzvO5sEJSK3To+GA+N9u
-GukiSiH4GiefR7XvyyQ6NincaPrxny4C+I2rJW66OwoOnsFA9FZ0dfy4hPq7BRe3
+THhydttO2bn6W3yFc2TJI5SuXmNofx5j03iFRwvsUh4Cz3udlpxjT0b3eR6Q0yEY
-t9g2AkAWA8l1oGh+4PTJrvo9DKOBO+iihN1zbtSf5hzb2ZzWwrn7NI/2RjOeKb0N
+hSYX8VEY1occm1AOcGvxCEG2PPz71x/xvS0+d7ZmkgqBAQ9KaGhpXA84s0ZoG1WZ
-ETMDJdwax0QAdoMWWqXTNbtHLZ53FuCwSJvdfCBWVh4fQIcCAwEAAaOCAUIwggE+
+ZynRA/KlW/GOU+3HzHk4nI2mePQ+IyjuoNNVD8PwZMH75YVxsh5E0x14h3d24m9f
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFPUrJmJHdPx1ap52jzXrI2S/3Rg/MIHBBgNV
+VGQUtC8UC6U9mPtomR8jAgMBAAGjggFRMIIBTTAJBgNVHRMEAjAAMB0GA1UdDgQW
-HSMEgbkwgbaAFJfI3Mjur+JwxAmbGVCPhh0s/24moYGSpIGPMIGMMQswCQYDVQQG
+BBQLU+J2QK1zxBJshc82W1/7bugDpzCB0AYDVR0jBIHIMIHFgBRpx4WAZOaQQOkw
-EwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoM
+aIgj0k277N+YmKGBoaSBnjCBmzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxp
-D0JpZ2NoYWluREIgR21iSDEMMAoGA1UECwwDRU5HMRAwDgYDVQQDDAdURVNULUNB
+bjEPMA0GA1UEBwwGQmVybGluMRgwFgYDVQQKDA9CaWdjaGFpbkRCIEdtYkgxEDAO
-MSEwHwYJKoZIhvcNAQkBFhJkZXZAYmlnY2hhaW5kYi5jb22CCQCkxN/bGtuDxzAd
+BgNVBAsMB1JPT1QtQ0ExGzAZBgNVBAMMElRlc3QgSW5mcmEgUm9vdCBDQTEhMB8G
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgWgMCIGA1Ud
+CSqGSIb3DQEJARYSZGV2QGJpZ2NoYWluZGIuY29tggkA6AayySqcLvwwHQYDVR0l
-EQQbMBmCCWxvY2FsaG9zdIIMdGVzdC1tZGItc3NsMA0GCSqGSIb3DQEBCwUAA4IC
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAsGA1UdDwQEAwIFoDAiBgNVHREEGzAZ
-AQA1dUYrarmnzCSsiIPV4SgIwQv/nsFXhpLBY8O/gucR0oOJWHiUUYeB5/t4UwwZ
+gglsb2NhbGhvc3SCDHRlc3QtbWRiLXNzbDANBgkqhkiG9w0BAQsFAAOCAgEATBQ+
-Lp5BhCaRLUrlz3+bToCtXCcR12KBT4f0WdSNunPfE0jFt/EhHJpZF9kSPk+EWroW
+a6/46GkRLhMSt5uRx2gBJgC4yDWL/tK7q0PReo4ksgjdGneR8Gg1Qla6/iY+keKM
-ki1aeve3r3bHvm6WsKOPYpr/vBbb4MX2V9v2HNfrdSSYQwgXDJ9uQrXudLESHh6G
+wQHiZfc7Erp/HoqOW6HIKIwWuHIDMdZsLKyAbn1SJC5NC+aQ0X0YP+qff4U5hnc7
-LXJrYqsz/zhX25bVmMNulzYm+RvnBQ/b5KdMyixM2LjXklKw+qrA7recMyWFdzq4
+GT26sFcQFiX81r4Xe8SSDscYPGlI4HIsPkIvC3ACqMEEK9gAcrRnNdl5P5hxVZLm
-UG9hpFlUif4N89J/fZFkftHh0QJfz+SxR3CYN06fM5R8Z1pmEdjEMwvpppqGy6sn
+lEsQi9xxk+Yf9gsfBJwl63NkgpmgCrsrOabOgsnyuDMn7QH9Pr3YBc58UZG6+V4
-4URBNj2OR29z64SnkOs6bjoWG6FoYGs6k0cdMikc0hvF1s8RxQ6wZ0/CB4K81Jy0
+KoSyeIfOc60gi1CM1cXNTLGWvmQk4KmBwwFRorFQIhWXWuZJ8x3xcj6PDYfpBcGS
-qFhMpEciCQricoNO6XQUty0EMfY35GJIGGNCMd/2Lw+r8u91qKS/llpJ+85yV2TJ
+jkvbG+K4PLQT3T3OTfgejnOuWja6vt0RfLix79KUhKfEDZYP4UZGu31RqWETmEey
-wdNWZ18WaUg1nJgU8yVy7xg4OEPzxClV/TfIrtsAXZZQrlDKFKNYroQhwo8kz87y
+aK2FDPkyCnZJIG80csoG/QVvFl0QZzxQBvPCvVjI9LOW3CgmYucwoAxA9nxQQiHI
-VeFgN2fsWgiBhY2bE8aB52YLTnYfOxSnwM4YFux35cgzRxtjA0ud3fuY/w9QJQyI
+4XNkG5x2Pngd6lT8YWw+J1nLxN2flL+1E4d5/ygam38vH5siHTD2yV9TbxqIOLBE
-pA5noyaNGzifnn4l3EtJunW1O66caDcJu1nEmhRq08FsGVWzbJW7JItV+DXGHh37
+cXnapg8r50JxnDogf2u7k3G0bJ4qt/pXz4G9IesK24MHrP15y+/H/c3vIn9ncXzi
-j2Az+viUqeJqkxK40BhCTowkH5YrTEn9UxGgqgEwsj4snw==
+XECO8QbDdWdqcPSAs63GiTGbz4yuboX9UcZANKIMY1WE4akQAEgaZJWARQnSHT/i
 bOHokihf2qFpEHQDH/FDxEP7AYB++wssYq3l8mE=
 -----END CERTIFICATE-----
 -----BEGIN PRIVATE KEY-----
-MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDkcUOR8jomTW1h
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7N/EkL4OVLL9H
-9VTdpKKL6Hm3RJSfMF2G2PWdgMtR6MCMni/+y5+78bWXR9GeQ2Qr8D+ZMBwnNHSH
+pKAsn+G/+3D2mwSg6DuBb8qmIm1jdUi8+lcpFvcvCVJsxVIgdJsnmVtRhervyV94
-HnOPhmaJC7lkBYqV14Ha+rfQTFkOHNcfB3R9OJ2wbQKow2P0XdUpW9+KVsVRKTJb
+ySm4zKSoRsKjZEGEkjbHqILitl5nCNa7PTYGMRBTelhmZolNRtP2PjjUhNlsxJVo
-6szqAKAE6Yr1oOHDd8k9G5n66LsI5Zi77F1+2X45mKsWz+bo36lrN3KDTUOUPpk5
+nma3R8Zj3DUcRj2OxpYTqmVTPXWEdq+F0m+XeA/SisDLP4YwCQ+/rjDLJgVhDK0H
-rh9ayVFxMF4gcMmQ/7qLbNlfPd8D1f73UupBbUv+bgQw76QZIKj9+wxydiwwVF30
+XjPMgrtGSYalbgcbeLJxewHuAJesgUmJ33Or13iOo8V2XOn9SF+mRbiXE2pVBV7i
-K+nNlj+76W1+eY/+Bm9AsUKoVIBlVlCvwuJo4KwikACuvG9VGrftkCLoxzQeSn3S
+AEYnZ5MG+5GDacdeEknOObnKaZ8N/2p5tmtvgWxR4tABm/h7JT4JTQCqiX8A4/tc
-JrA1FuwwRc2s84f2i/6Ei7OfEwjyWZ8/ZO4goNyHiiiJhxyhkWOBAWZDe19fOGmn
+NRmNwhEhhx56Eb2Ist7qv6CL+wzDbeLOH2xbX0oF2v/x/Ur13lvYk8oXa9yAPpFu
-987aBwt8LIffnaUS27SX7eksMdUUzPD1pGx+WU9zNusoHL5pmB8SweDbb/AaYlFF
+l0PbWfWAwQpUMs3DvofpkxSuxykBkOgRMlkac79CDcaCLIkuVGfIKsM7zubBCUit
-cViIaH4GQsuzMYVTkHCE9AgY1U4Hi9tv0g+sxMJSpe0HuRsa6SJKIfgaJ59Hte/L
+06PhgPjfbkx4cnbbTtm5+lt8hXNkySOUrl5jaH8eY9N4hUcL7FIeAs97nZacY09G
-JDo2Kdxo+vGfLgL4jaslbro7Cg6ewUD0VnR1/LiE+rsFF7e32DYCQBYDyXWgaH7g
+93kekNMhGIUmF/FRGNaHHJtQDnBr8QhBtjz8+9cf8b0tPne2ZpIKgQEPSmhoaVwP
-9Mmu+j0Mo4E76KKE3XNu1J/mHNvZnNbCufs0j/ZGM54pvQ0RMwMl3BrHRAB2gxZa
+OLNGaBtVmWcp0QPypVvxjlPtx8x5OJyNpnj0PiMo7qDTVQ/D8GTB++WFcbIeRNMd
-pdM1u0ctnncW4LBIm918IFZWHh9AhwIDAQABAoICAQDTqYp1CN4OLUGDOSA3+VpO
+eId3duJvX1RkFLQvFAulPZj7aJkfIwIDAQABAoICAAI7J2+D9XB4qQrkhlghy6Hr
-jclxII8gbFzMG+x/0h0ROLpn0A4iZCMNriiWEgpMPJ7tAz66PlRnkvfBVlq2ik4o
+ECyQKlz0h4kCWQrjzCPsSOKfpRxDPszbspTDQThLy3GMXU86ZlNXNgENfKbMIYYz
-/v74iRXePn7oGdQEoSkGpXxBGNQ7TiD1nhuPqPLNMb/XAXQ/JqTOzYAGoKjazFd4
+2avyzOkUiPyWIIEtJTDbJRv0HcmzGfu0sIr/29EE8A+2LB00PBcUvKcThCvY+h9E
-FbgWXMmyJiQEhbWHQOpDlRCOVrROW1DUJvunOFz4OnwshoSI2icajWHFiussYEog
+h4l/uMoTycQQOsbkK5tZgrv4hwXqE14x8xw49JNr+DkTjVdOa6/9Y657y+g7AppS
-uTMNldN9kSUUGHfUAmzHjhkeqem5U37NMLybZv9B9Pv/0AO5bnsFELa5DZMlVOia
+0/zys7j7Fj1N9vbsIOKYY9T1yb4ZgkFI6FiBwPQYwbMMj6eVPqYmuzu8PxnHHTRv
-wO8d956OPQIKC/P6KcmJm49JOyYzDLERmSG4xYnWbdoruJhP3HsS8exgsk4j8qhF
+GQvU3eBcHW8Mtw8XdSLIkW9D4kHg6/aJ2mq6fhqRlgysUz61BsNu9BbkNxq+Xk/f
-VchlDLQL98Bu2kLgne8v8lBgcXbkanuedYFGnOqVRTCKbl2BwS8/PqaMbOkO54bG
+wU+Slo0UcnuU49icYo8J2yPULUgQaP4VdJc7tb9kMpklTUG7YaD5oqKX+I/jWS9U
-gsX2OYEtKMiCFyNZVZQH+dHg2kUSGMg9h953GAGfxbDuTBTLMwPCphX7dUn3u+g+
+Mta1h3GoK2zK9pj2B5YyCoUsM8o4EEb3hZ8FYf0DOuVd9XcWxLUDRGQoTWJptcSW
-Y/Et9Kki6PgMLwYRjU56pPe0DqHcTc0TZgpKeb1w7JFgEuQrOB2o4wPRlwjaGx8G
+o5OHaP2tgcUtq6siiqPXIQQr1Yji/geSFTP/hWOZC4AFgwa9XvboD3PcKsG2gIc8
-khA9CWhHY3zyrF5FOoy01zYyPZGYb1pUkkEzZ/MEPn0k5bqC4ZUgT/vzYKXkOFvB
+I/HLF5tCpUXIAW4wluXQv1MveX9xwaez+PGLTIFCHidgOBmC5jZEijG9PUgRk1D1
-RdTOVMee6VWDFLKGO0eQNi/MeFFeVVGStrOo0wNowylReP2J45UNH6EQQIL8Jm7w
+e8CUT9Vc3zxS/9S+RfSwXMEBX9367edoiNw1MuXvR1nwCFYKthONx8ww1psEoISF
-fTz+65nEib0vv9D1C2QIWQKCAQEA9WUAFGQbLsr9TBeQd7h79KEkJ/cdk6iLbtN2
+9ZMbdac3hwqeqSW34ZoJAoIBAQDfOF6D1vWieXwQ7W3KpAxyHlNVN8tus3w+mDBc
-DSFc1Zto5KEliZmlqkw4uT4pQIWaSPWVmINxV8QTcR/6VUzxM0McDfAw51wLZQ2w
+unv3Nsn5gmDYHc/Iu5/Tyk2zgoEsfN1LZgzjmSBCUgJOz09+8yrdpsTI4awXAwoa
-jdMKUWfYEEmaA6MXF3JOXVpe8KuXge0s548DpxBHrSo9gWOhMjok/qUrXcQGDlxp
+kaczRcutjAG5vHhHXi5+iwqAaPSTBYcAD2d5SGtxpWBJ2qywT3DMWFT25bhRj3Bp
-1hQ6qLKVUJ8Hzi3U3rwnWGNaSKHECFUn6Ic0vQo5+ontAlKfhLlkl86zmGvMd/Ut
+mc3Fe6oxbz2QV2Is2SnnCnPc/Ok7cABwaP1mc3PsIZzswuJjq3JWsMAlBMZueQW1
-zCWacRFpYg+Qo0TXxzopuh4DI1yjMFH3HJxptVl8Yd7CCzOLmwPWBSNmY8OUY9D6
+CxI639j2memt7ZSWU0UDLg4RAPOtcSt/NykbZgAlfQoLiKWv2hhdvip+oPsdOiDd
-s3xrPPyuVz01iNMPK290zGAeLLnO5bpTIlsZBip7SjG0ayoBqwKCAQEA7lC1c1Tg
+tYmeoseRd/7Ef8EdSwvSDh1jTugu6PG0NeK0Gfxs5Ipb1eBvAoIBAQDWtiTD8dP3
-SxNZrAr0trFl+/cxguALXRocvcMm3mCXgStTGeY08GXiPRl8+TmNt9UAWbkp5Kel
+TNbLu3nkopgJJe9gn1dVhvhBY0T4ar9pR1yl8s5L13vtmrs5wQ5/vyZ2A39OR4fH
-cdrYI+AsaAu/Y8ri0NRJPQGsyE7JEe7PHQa7a8AcPn/1c9I7HvtWVomvxh6rXSkr
+5PcT/gcPm4GuE1BL29NBz88Qdz6033hOuY4SvZpf94yeDhY2w2Gfzm0uewGDR0z+
-gdazSGZvixwPBmc25E4duUxQHJ+GraiYAjNS8Ox6nFqKIWTNfeT+ff7X9IAuZcAX
+EOsSGnnpEYvr+Bkdcvj3CP0ksiQPa/mAnmEhVvthlavyKhfxvwNyh07qym8Q8r3R
-oJmb1xJyDjf4qPhJobO5+zqJvNBH6bkTusV9Y4kkrcs5VQx2QHH4IOyWwWA/e4Wo
+BiwChB/zGo6V1sSfPexy0I9kPhXByYyxoADn/lgXKXtnXpP7fuQleztPC+84bNpa
-jGytbe/4lUk7DKeJUSA0tUGWztWhT02KhH7x+MOJa9KHGP616rRA/RVaYxCRIju0
+PFo5QnzG2kq+XwTP0Z3kQiZ2hEg+nGWHa7MpG+Ic7sDZE2MPbpUAY59J9HBmJOtK
-YM/21iG168zYlQKCAQA8EiRp2XOaCdDlzqLr27pkUQoTyndwDQNM9vDgF/msxKVx
+jaMDQpN1OJ6NAoIBAQCR5ZMJEu/bsRGhMr5nC1BDKoUHFv+1LEUR2IELqqupyjq7
-ykzxGS6nuI7uMdxRUiNJluyu8AZP8My9lZFnTjWBUf1NIC4ohKy5aRd+MFpHQT9w
+BTdtKhcMOW3ejMS6hpsNS9OMG3hjLkuCbX2qqx9nd2JWG1FVhwLmy4rIENk6zuyw
-BURxfXwKnk22poe1LJwjDxc9/BFt1RtmtX9m7CeqrvcdavtpsbG11EOIR11wrH7G
+Uukxz/jBlNJIzXIgufjZO2ygYnEcOXRYhGHqA66JUnMEbNujwEP3swwjSW7QG+MC
-xJdZjnicqbyL845HV2owi///+REc8aLtxNPDDMzF5chNLSljt4fPGbLDVbUv1o5Q
+ipWviR3W+F3F7/QIxZlfyvXOgyDU3LMw7EtYCIzV3lJOTRpZV8Smoh1T1pekuXhi
-lfTXMuQLfh521B/6iRPdoUL3uwZZgXVkU+52ZYDYSqEakubepyLtKFwmkd+Ch2x6
+vfiZQMa0dlqOGIUDIh8jBuwKKzCIAuQnnJF7NmYtCRyR8OBvgaJ/2OVwY94+PGC6
-KJ6xRtFg1aDm4uSgGEAglnMBZwGCM+YIbJB450iPAoIBAQDTue7LbV/sM1/aws0R
+OLbhEitTjSB9u9IDfaiOOJz6T5oMY0u0lK/GFIWrAoIBAQCkpr8g6ATlYy5gw57g
-NuCFj+N0A/r0l0trqGLy9NwFjWlCPE1SOyJZ6Dgo7+IhreKm1CQNGoiZc7XNgc/S
+/vLaKRYdoXOmqb8c3ZRZb/rjMA9TTxR2QoPNnNewnWSSADLtUxdAH0h3uRTkZuxh
-DIXYchs7Ly92PPO17pEjFoj5n86Jd19gg6ydXuzZpLDbJ2571SmoFfiqXQZhT2jQ
+Qp46sKLl2Why0np2pQsYRzqKHG9f3bhRmZNi7WiJjGED3JgLidaKJpZbSvwJQPZ2
-LXiH1tFk2qX7x3nxRCWSSZPreI+6rk5sdN/9tSIANJ+Jbw2MEwmlqpkTPQXAeYnN
+DbegN/yCgdV8E4+UoWtXzDRkNpBDseFKXy2hojgEcbeiDzMsiBqOA6geb742G74o
-ahrIe/Zm7FdShXpzvpP1aVHHAMha0zA8G65vCihRLzAkiC2T1h/wbRoG0FLwtl+i
+fhgTvcPAXgtBrMAZXibvGbFj0VCAl6JT+MKibXvL4+3u9EZyArPrMEZt5lRGDr+C
-ujH1Fy+fXL6XPpNuZUvwOdLTzjjKK2b+3UbbhQg4YjbO4tav5rsar/KchIcnTUHk
+olQ3arh91w+W6AFSMHiCasuIyAcCT7ncwu+K8jOX72xs7PGUcYT/oHVBTKZ4GcW
-IdVVAoIBAAk19xFa8SGaY9cKIigYkcPOFHwI/rXix8YG2n3kZmTVmevh0ebiSQ/z
+AFpNAoIBAB/F8olQT10+QCZciP1ZuRpdEbEheWAF9ng3E7r7wAQiWNoLHj10Nu3H
-++U3GXUFcUYD6lB3YqyMKVRdagQLh58J7q1EFM5hZLAH/i9KQMCKmfbXb6ekVFBY
+byHPMmXNsw2VwaHqrAb5nTl5hfpk/ph7SidxMyNbtjCAlYm7XCiSMLLj0v5sFyCc
-9xhgvOKzRugVTxVv0/PqWpF/oWOJP6r/NsKdJf5y4TptlEjPXsdmXzZIKL4h3oG3
+wgZqXzttQ6NRKt90JeIvHiazP7SVrmCyU/RhMlufiyX5zvivOgdtQA+0ISFDGdcX
-ORpnrROD1mWQxV3krlT4jc7q4QaKxaKbVwl2SJpLNBXI0D/R+Dt1K/PMnhRmbBJl
+MgwLTdFci9RaS5WDYsvokcc/5xEP4bZnxgEbmVq19mIC8QrCdH7qh/KP9Psb2tIt
-d2G+bQP6dkKhATdyiK6XoEk0bP3meD4LWgRdsQdMTI2ayBVis8LREcMm0F3SaUgB
+OGwGA/YSMeQysKjUqAb/mcaMYEf2GUwWY6mZfRfLbeTT8yeDKFvAx5IUIz5tkFD/
-gHiBIz7uxpEmV18w8MA+aiVZw3Ov3lE=
+nMEENsuszPYolIDIv8pISWC8yCsWn5w=
 -----END PRIVATE KEY-----
--- a/tests/backend/mongodb-ssl/test_ssl_connection.py
+++ b/tests/backend/mongodb-ssl/test_ssl_connection.py
@ -197,7 +197,7 @@ def test_ssl_invalid_configuration(db_host, db_port, certs_dir):
 def test_ssl_connection_with_wrong_credentials():
    import bigchaindb
    from bigchaindb.backend.mongodb.connection import MongoDBConnection
-    from bigchaindb.backend.exceptions import AuthenticationError
+    from bigchaindb.backend.exceptions import ConnectionError
    conn = MongoDBConnection(host=bigchaindb.config['database']['host'],
                             port=bigchaindb.config['database']['port'],
@ -211,5 +211,5 @@ def test_ssl_connection_with_wrong_credentials():
                             ssl_crlfile=bigchaindb.config['database']['crlfile'],
                             ssl_cert_reqs=CERT_REQUIRED)
-    with pytest.raises(AuthenticationError):
+    with pytest.raises(ConnectionError):
        conn._connect()
--- a/tests/common/conftest.py
+++ b/tests/common/conftest.py
@ -1,3 +1,4 @@
 from base58 import b58decode
 import pytest
@ -11,8 +12,13 @@ USER3_PRIVATE_KEY = '4rNQFzWQbVwuTiDVxwuFMvLG5zd8AhrQKCtVovBvcYsB'
 USER3_PUBLIC_KEY = 'Gbrg7JtxdjedQRmr81ZZbh1BozS7fBW88ZyxNDy7WLNC'
-CC_FULFILLMENT_URI = 'cf:0:'
+CC_FULFILLMENT_URI = (
-CC_CONDITION_URI = 'cc:0:3:47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU:0'
+    'pGSAINdamAGCsQq31Uv-08lkBzoO4XLz2qYjJa8CGmj3B1EagUDlVkMAw2CscpCG4syAboKKh'
    'Id_Hrjl2XTYc-BlIkkBVV-4ghWQozusxh45cBz5tGvSW_XwWVu-JGVRQUOOehAL'
 )
 CC_CONDITION_URI = ('ni:///sha-256;'
                    'eZI5q6j8T_fqv7xMROaei9_tmTMk4S7WR5Kr4onPHV8'
                    '?fpt=ed25519-sha-256&cost=131072')
 ASSET_DEFINITION = {
    'data': {
@ -71,25 +77,25 @@ def cond_uri():
@pytest.fixture
 def user_Ed25519(user_pub):
-    from cryptoconditions import Ed25519Fulfillment
+    from cryptoconditions import Ed25519Sha256
-    return Ed25519Fulfillment(public_key=user_pub)
+    return Ed25519Sha256(public_key=b58decode(user_pub))
@pytest.fixture
 def user_user2_threshold(user_pub, user2_pub):
-    from cryptoconditions import (ThresholdSha256Fulfillment,
+    from cryptoconditions import ThresholdSha256, Ed25519Sha256
                                  Ed25519Fulfillment)
    user_pub_keys = [user_pub, user2_pub]
-    threshold = ThresholdSha256Fulfillment(threshold=len(user_pub_keys))
+    threshold = ThresholdSha256(threshold=len(user_pub_keys))
    for user_pub in user_pub_keys:
-        threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub))
+        threshold.add_subfulfillment(
            Ed25519Sha256(public_key=b58decode(user_pub)))
    return threshold
@pytest.fixture
 def user2_Ed25519(user2_pub):
-    from cryptoconditions import Ed25519Fulfillment
+    from cryptoconditions import Ed25519Sha256
-    return Ed25519Fulfillment(public_key=user2_pub)
+    return Ed25519Sha256(public_key=b58decode(user2_pub))
@pytest.fixture
--- a/tests/common/test_transaction.py
+++ b/tests/common/test_transaction.py
@ -2,7 +2,9 @@
 These are tests of the API of the Transaction class and associated classes.
 Tests for transaction validation are separate.
 """
 from copy import deepcopy
 from base58 import b58encode, b58decode
 from pytest import raises
@ -80,7 +82,10 @@ def test_output_serialization(user_Ed25519, user_pub):
    expected = {
        'condition': {
            'uri': user_Ed25519.condition_uri,
-            'details': user_Ed25519.to_dict(),
+            'details': {
                'type': 'ed25519-sha-256',
                'public_key': b58encode(user_Ed25519.public_key),
            },
        },
        'public_keys': [user_pub],
        'amount': '1',
@ -98,7 +103,10 @@ def test_output_deserialization(user_Ed25519, user_pub):
    cond = {
        'condition': {
            'uri': user_Ed25519.condition_uri,
-            'details': user_Ed25519.to_dict()
+            'details': {
                'type': 'ed25519-sha-256',
                'public_key': b58encode(user_Ed25519.public_key),
            },
        },
        'public_keys': [user_pub],
        'amount': '1',
@ -110,10 +118,10 @@ def test_output_deserialization(user_Ed25519, user_pub):
 def test_output_hashlock_serialization():
    from bigchaindb.common.transaction import Output
-    from cryptoconditions import PreimageSha256Fulfillment
+    from cryptoconditions import PreimageSha256
    secret = b'wow much secret'
-    hashlock = PreimageSha256Fulfillment(preimage=secret).condition_uri
+    hashlock = PreimageSha256(preimage=secret).condition_uri
    expected = {
        'condition': {
@ -129,10 +137,10 @@ def test_output_hashlock_serialization():
 def test_output_hashlock_deserialization():
    from bigchaindb.common.transaction import Output
-    from cryptoconditions import PreimageSha256Fulfillment
+    from cryptoconditions import PreimageSha256
    secret = b'wow much secret'
-    hashlock = PreimageSha256Fulfillment(preimage=secret).condition_uri
+    hashlock = PreimageSha256(preimage=secret).condition_uri
    expected = Output(hashlock, amount=1)
    cond = {
@ -161,15 +169,15 @@ def test_invalid_output_initialization(cond_uri, user_pub):
 def test_generate_output_split_half_recursive(user_pub, user2_pub, user3_pub):
    from bigchaindb.common.transaction import Output
-    from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment
+    from cryptoconditions import Ed25519Sha256, ThresholdSha256
-    expected_simple1 = Ed25519Fulfillment(public_key=user_pub)
+    expected_simple1 = Ed25519Sha256(public_key=b58decode(user_pub))
-    expected_simple2 = Ed25519Fulfillment(public_key=user2_pub)
+    expected_simple2 = Ed25519Sha256(public_key=b58decode(user2_pub))
-    expected_simple3 = Ed25519Fulfillment(public_key=user3_pub)
+    expected_simple3 = Ed25519Sha256(public_key=b58decode(user3_pub))
-    expected = ThresholdSha256Fulfillment(threshold=2)
+    expected = ThresholdSha256(threshold=2)
    expected.add_subfulfillment(expected_simple1)
-    expected_threshold = ThresholdSha256Fulfillment(threshold=2)
+    expected_threshold = ThresholdSha256(threshold=2)
    expected_threshold.add_subfulfillment(expected_simple2)
    expected_threshold.add_subfulfillment(expected_simple3)
    expected.add_subfulfillment(expected_threshold)
@ -181,14 +189,14 @@ def test_generate_output_split_half_recursive(user_pub, user2_pub, user3_pub):
 def test_generate_outputs_split_half_single_owner(user_pub,
                                                  user2_pub, user3_pub):
    from bigchaindb.common.transaction import Output
-    from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment
+    from cryptoconditions import Ed25519Sha256, ThresholdSha256
-    expected_simple1 = Ed25519Fulfillment(public_key=user_pub)
+    expected_simple1 = Ed25519Sha256(public_key=b58decode(user_pub))
-    expected_simple2 = Ed25519Fulfillment(public_key=user2_pub)
+    expected_simple2 = Ed25519Sha256(public_key=b58decode(user2_pub))
-    expected_simple3 = Ed25519Fulfillment(public_key=user3_pub)
+    expected_simple3 = Ed25519Sha256(public_key=b58decode(user3_pub))
-    expected = ThresholdSha256Fulfillment(threshold=2)
+    expected = ThresholdSha256(threshold=2)
-    expected_threshold = ThresholdSha256Fulfillment(threshold=2)
+    expected_threshold = ThresholdSha256(threshold=2)
    expected_threshold.add_subfulfillment(expected_simple2)
    expected_threshold.add_subfulfillment(expected_simple3)
    expected.add_subfulfillment(expected_threshold)
@ -200,13 +208,13 @@ def test_generate_outputs_split_half_single_owner(user_pub,
 def test_generate_outputs_flat_ownage(user_pub, user2_pub, user3_pub):
    from bigchaindb.common.transaction import Output
-    from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment
+    from cryptoconditions import Ed25519Sha256, ThresholdSha256
-    expected_simple1 = Ed25519Fulfillment(public_key=user_pub)
+    expected_simple1 = Ed25519Sha256(public_key=b58decode(user_pub))
-    expected_simple2 = Ed25519Fulfillment(public_key=user2_pub)
+    expected_simple2 = Ed25519Sha256(public_key=b58decode(user2_pub))
-    expected_simple3 = Ed25519Fulfillment(public_key=user3_pub)
+    expected_simple3 = Ed25519Sha256(public_key=b58decode(user3_pub))
-    expected = ThresholdSha256Fulfillment(threshold=3)
+    expected = ThresholdSha256(threshold=3)
    expected.add_subfulfillment(expected_simple1)
    expected.add_subfulfillment(expected_simple2)
    expected.add_subfulfillment(expected_simple3)
@ -217,9 +225,9 @@ def test_generate_outputs_flat_ownage(user_pub, user2_pub, user3_pub):
 def test_generate_output_single_owner(user_pub):
    from bigchaindb.common.transaction import Output
-    from cryptoconditions import Ed25519Fulfillment
+    from cryptoconditions import Ed25519Sha256
-    expected = Ed25519Fulfillment(public_key=user_pub)
+    expected = Ed25519Sha256(public_key=b58decode(user_pub))
    cond = Output.generate([user_pub], 1)
    assert cond.fulfillment.to_dict() == expected.to_dict()
@ -227,9 +235,9 @@ def test_generate_output_single_owner(user_pub):
 def test_generate_output_single_owner_with_output(user_pub):
    from bigchaindb.common.transaction import Output
-    from cryptoconditions import Ed25519Fulfillment
+    from cryptoconditions import Ed25519Sha256
-    expected = Ed25519Fulfillment(public_key=user_pub)
+    expected = Ed25519Sha256(public_key=b58decode(user_pub))
    cond = Output.generate([expected], 1)
    assert cond.fulfillment.to_dict() == expected.to_dict()
@ -364,7 +372,7 @@ def test_transaction_link_serialization():
    tx_id = 'a transaction id'
    expected = {
        'transaction_id': tx_id,
-        'output': 0,
+        'output_index': 0,
    }
    tx_link = TransactionLink(tx_id, 0)
@ -387,7 +395,7 @@ def test_transaction_link_deserialization():
    expected = TransactionLink(tx_id, 0)
    tx_link = {
        'transaction_id': tx_id,
-        'output': 0,
+        'output_index': 0,
    }
    tx_link = TransactionLink.from_dict(tx_link)
@ -489,15 +497,13 @@ def test_sign_with_invalid_parameters(utx, user_priv):
 def test_validate_tx_simple_create_signature(user_input, user_output, user_priv,
                                             asset_definition):
    from copy import deepcopy
    from bigchaindb.common.crypto import PrivateKey
    from bigchaindb.common.transaction import Transaction
    from .utils import validate_transaction_model
    tx = Transaction(Transaction.CREATE, asset_definition, [user_input], [user_output])
    expected = deepcopy(user_output)
    message = str(tx).encode()
-    expected.fulfillment.sign(message, PrivateKey(user_priv))
+    expected.fulfillment.sign(message, b58decode(user_priv))
    tx.sign([user_priv])
    assert tx.inputs[0].to_dict()['fulfillment'] == \
@ -527,7 +533,7 @@ def test_sign_threshold_with_invalid_params(utx, user_user2_threshold_input,
                                                  'somemessage',
                                                  {user3_pub: user3_priv})
    with raises(KeypairMismatchException):
-        user_user2_threshold_input.owners_before = ['somewrongvalue']
+        user_user2_threshold_input.owners_before = [58 * 'a']
        utx._sign_threshold_signature_fulfillment(user_user2_threshold_input,
                                                  'somemessage',
                                                  None)
@ -551,9 +557,6 @@ def test_validate_tx_threshold_create_signature(user_user2_threshold_input,
                                                user_priv,
                                                user2_priv,
                                                asset_definition):
    from copy import deepcopy
    from bigchaindb.common.crypto import PrivateKey
    from bigchaindb.common.transaction import Transaction
    from .utils import validate_transaction_model
@ -562,10 +565,10 @@ def test_validate_tx_threshold_create_signature(user_user2_threshold_input,
                     [user_user2_threshold_output])
    message = str(tx).encode()
    expected = deepcopy(user_user2_threshold_output)
-    expected.fulfillment.subconditions[0]['body'].sign(message,
+    expected.fulfillment.subconditions[0]['body'].sign(
-                                                       PrivateKey(user_priv))
+        message, b58decode(user_priv))
-    expected.fulfillment.subconditions[1]['body'].sign(message,
+    expected.fulfillment.subconditions[1]['body'].sign(
-                                                       PrivateKey(user2_priv))
+        message, b58decode(user2_priv))
    tx.sign([user_priv, user2_priv])
    assert tx.inputs[0].to_dict()['fulfillment'] == \
@ -577,14 +580,14 @@ def test_validate_tx_threshold_create_signature(user_user2_threshold_input,
 def test_validate_tx_threshold_duplicated_pk(user_pub, user_priv,
                                             asset_definition):
-    from copy import deepcopy
+    from cryptoconditions import Ed25519Sha256, ThresholdSha256
    from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment
    from bigchaindb.common.transaction import Input, Output, Transaction
    from bigchaindb.common.crypto import PrivateKey
-    threshold = ThresholdSha256Fulfillment(threshold=2)
+    threshold = ThresholdSha256(threshold=2)
-    threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub))
+    threshold.add_subfulfillment(
-    threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub))
+        Ed25519Sha256(public_key=b58decode(user_pub)))
    threshold.add_subfulfillment(
        Ed25519Sha256(public_key=b58decode(user_pub)))
    threshold_input = Input(threshold, [user_pub, user_pub])
    threshold_output = Output(threshold, [user_pub, user_pub])
@ -592,10 +595,10 @@ def test_validate_tx_threshold_duplicated_pk(user_pub, user_priv,
    tx = Transaction(Transaction.CREATE, asset_definition,
                     [threshold_input], [threshold_output])
    expected = deepcopy(threshold_input)
-    expected.fulfillment.subconditions[0]['body'].sign(str(tx).encode(),
+    expected.fulfillment.subconditions[0]['body'].sign(
-                                                       PrivateKey(user_priv))
+        str(tx).encode(), b58decode(user_priv))
-    expected.fulfillment.subconditions[1]['body'].sign(str(tx).encode(),
+    expected.fulfillment.subconditions[1]['body'].sign(
-                                                       PrivateKey(user_priv))
+        str(tx).encode(), b58decode(user_priv))
    tx.sign([user_priv, user_priv])
@ -616,10 +619,9 @@ def test_multiple_input_validation_of_transfer_tx(user_input, user_output,
                                                  user2_priv, user3_pub,
                                                  user3_priv,
                                                  asset_definition):
    from copy import deepcopy
    from bigchaindb.common.transaction import (Transaction, TransactionLink,
                                               Input, Output)
-    from cryptoconditions import Ed25519Fulfillment
+    from cryptoconditions import Ed25519Sha256
    from .utils import validate_transaction_model
    tx = Transaction(Transaction.CREATE, asset_definition, [user_input],
@ -629,8 +631,10 @@ def test_multiple_input_validation_of_transfer_tx(user_input, user_output,
    inputs = [Input(cond.fulfillment, cond.public_keys,
                    TransactionLink(tx.id, index))
              for index, cond in enumerate(tx.outputs)]
-    outputs = [Output(Ed25519Fulfillment(public_key=user3_pub), [user3_pub]),
+    outputs = [Output(Ed25519Sha256(public_key=b58decode(user3_pub)),
-               Output(Ed25519Fulfillment(public_key=user3_pub), [user3_pub])]
+                      [user3_pub]),
               Output(Ed25519Sha256(public_key=b58decode(user3_pub)),
                      [user3_pub])]
    transfer_tx = Transaction('TRANSFER', {'id': tx.id}, inputs, outputs)
    transfer_tx = transfer_tx.sign([user_priv])
@ -640,11 +644,11 @@ def test_multiple_input_validation_of_transfer_tx(user_input, user_output,
 def test_validate_inputs_of_transfer_tx_with_invalid_params(
-        transfer_tx, cond_uri, utx, user2_pub, user_priv):
+        transfer_tx, cond_uri, utx, user2_pub, user_priv, ffill_uri):
    from bigchaindb.common.transaction import Output
-    from cryptoconditions import Ed25519Fulfillment
+    from cryptoconditions import Ed25519Sha256
-    invalid_out = Output(Ed25519Fulfillment.from_uri('cf:0:'), ['invalid'])
+    invalid_out = Output(Ed25519Sha256.from_uri(ffill_uri), ['invalid'])
    assert transfer_tx.inputs_valid([invalid_out]) is False
    invalid_out = utx.outputs[0]
    invalid_out.public_key = 'invalid'
@ -826,8 +830,6 @@ def test_outputs_to_inputs(tx):
 def test_create_transfer_transaction_single_io(tx, user_pub, user2_pub,
                                               user2_output, user_priv):
    from copy import deepcopy
    from bigchaindb.common.crypto import PrivateKey
    from bigchaindb.common.transaction import Transaction
    from bigchaindb.common.utils import serialize
    from .utils import validate_transaction_model
@ -846,7 +848,7 @@ def test_create_transfer_transaction_single_io(tx, user_pub, user2_pub,
                'fulfillment': None,
                'fulfills': {
                    'transaction_id': tx.id,
-                    'output': 0
+                    'output_index': 0
                }
            }
        ],
@ -861,8 +863,8 @@ def test_create_transfer_transaction_single_io(tx, user_pub, user2_pub,
    expected_input = deepcopy(inputs[0])
    expected['id'] = transfer_tx['id']
-    expected_input.fulfillment.sign(serialize(expected).encode(),
+    expected_input.fulfillment.sign(
-                                    PrivateKey(user_priv))
+        serialize(expected).encode(), b58decode(user_priv))
    expected_ffill = expected_input.fulfillment.serialize_uri()
    transfer_ffill = transfer_tx['inputs'][0]['fulfillment']
@ -895,7 +897,7 @@ def test_create_transfer_transaction_multiple_io(user_pub, user_priv,
                'fulfillment': None,
                'fulfills': {
                    'transaction_id': tx.id,
-                    'output': 0
+                    'output_index': 0
                }
            }, {
                'owners_before': [
@ -904,7 +906,7 @@ def test_create_transfer_transaction_multiple_io(user_pub, user_priv,
                'fulfillment': None,
                'fulfills': {
                    'transaction_id': tx.id,
-                    'output': 1
+                    'output_index': 1
                }
            }
        ],
--- a/tests/db/test_bigchain_api.py
+++ b/tests/db/test_bigchain_api.py
@ -1,7 +1,8 @@
 from time import sleep
 from unittest.mock import patch
 import pytest
-from unittest.mock import patch
+from base58 import b58decode
 pytestmark = pytest.mark.bdb
@ -577,14 +578,14 @@ class TestBigchainApi(object):
    @pytest.mark.usefixtures('inputs')
    def test_non_create_input_not_found(self, b, user_pk):
-        from cryptoconditions import Ed25519Fulfillment
+        from cryptoconditions import Ed25519Sha256
        from bigchaindb.common.exceptions import InputDoesNotExist
        from bigchaindb.common.transaction import Input, TransactionLink
        from bigchaindb.models import Transaction
        from bigchaindb import Bigchain
        # Create an input for a non existing transaction
-        input = Input(Ed25519Fulfillment(public_key=user_pk),
+        input = Input(Ed25519Sha256(public_key=b58decode(user_pk)),
                      [user_pk],
                      TransactionLink('somethingsomething', 0))
        tx = Transaction.transfer([input], [([user_pk], 1)],
--- a/tests/integration/test_federation.py
+++ b/tests/integration/test_federation.py
@ -133,27 +133,6 @@ def test_elect_invalid(federation_3):
        assert bx[i].get_transaction(tx.id, True)[1] is None
@pytest.mark.bdb
@pytest.mark.genesis
 def test_elect_disagree_prev_block(federation_3):
    [bx, (s0, s1, s2)] = federation_3
    tx = input_single_create(bx[0])
    process_tx(s0)
    process_tx(s1)
    process_tx(s2)
    process_vote(s0, True)
    for i in range(3):
        assert bx[i].get_transaction(tx.id, True)[1] == 'undecided'
    s1.vote.last_voted_id = '5' * 64
    process_vote(s1, True)
    for i in range(3):
        assert bx[i].get_transaction(tx.id, True)[1] == 'undecided'
    s2.vote.last_voted_id = '6' * 64
    process_vote(s2, True)
    for i in range(3):
        assert bx[i].get_transaction(tx.id, True)[1] is None
@pytest.mark.bdb
@pytest.mark.genesis
 def test_elect_sybill(federation_3):
--- a/tests/pipelines/test_vote.py
+++ b/tests/pipelines/test_vote.py
@ -180,7 +180,7 @@ def test_vote_accumulates_transactions(b):
    validation = vote_obj.validate_tx(tx.to_dict(), 123, 1)
    assert validation == (True, 123, 1)
-    tx.inputs[0].fulfillment.signature = None
+    tx.inputs[0].fulfillment.signature = 64*b'z'
    validation = vote_obj.validate_tx(tx.to_dict(), 456, 10)
    assert validation == (False, 456, 10)
--- a/tests/validation/test_transaction_structure.py
+++ b/tests/validation/test_transaction_structure.py
@ -5,9 +5,11 @@ structural / schematic issues are caught when reading a transaction
 """
 import pytest
 from unittest.mock import MagicMock
 from bigchaindb.common.exceptions import (AmountError, InvalidHash,
-                                          SchemaValidationError)
+                                          SchemaValidationError,
                                          ThresholdTooDeep)
 from bigchaindb.models import Transaction
@ -161,18 +163,44 @@ def test_high_amounts(create_tx):
    validate(create_tx)
 ################################################################################
 # Conditions
 def test_handle_threshold_overflow():
    from bigchaindb.common import transaction
    cond = {
        'type': 'ed25519-sha-256',
        'public_key': 'a' * 43,
    }
    for i in range(1000):
        cond = {
            'type': 'threshold-sha-256',
            'threshold': 1,
            'subconditions': [cond],
        }
    with pytest.raises(ThresholdTooDeep):
        transaction._fulfillment_from_details(cond)
 def test_unsupported_condition_type():
    from bigchaindb.common import transaction
    from cryptoconditions.exceptions import UnsupportedTypeError
    with pytest.raises(UnsupportedTypeError):
        transaction._fulfillment_from_details({'type': 'a'})
    with pytest.raises(UnsupportedTypeError):
        transaction._fulfillment_to_details(MagicMock(type_name='a'))
 ################################################################################
 # Version
 def test_validate_version(create_tx):
-    import re
+    create_tx.version = '1.0'
    import bigchaindb.version
    short_ver = bigchaindb.version.__short_version__
    assert create_tx.version == re.match(r'^(.*\d)', short_ver).group(1)
    validate(create_tx)
-
+    create_tx.version = '0.10'
-    # At version 1, transaction version will break step with server version.
+    validate_raises(create_tx)
-    create_tx.version = '1.0.0'
+    create_tx.version = '110'
    validate_raises(create_tx)
--- a/tests/web/test_outputs.py
+++ b/tests/web/test_outputs.py
@ -14,8 +14,8 @@ def test_get_outputs_endpoint(client, user_pk):
        gof.return_value = [m, m]
        res = client.get(OUTPUTS_ENDPOINT + '?public_key={}'.format(user_pk))
        assert res.json == [
-            {'transaction_id': 'a', 'output': 0},
+            {'transaction_id': 'a', 'output_index': 0},
-            {'transaction_id': 'a', 'output': 0}
+            {'transaction_id': 'a', 'output_index': 0}
        ]
    assert res.status_code == 200
    gof.assert_called_once_with(user_pk, None)
@ -29,7 +29,7 @@ def test_get_outputs_endpoint_unspent(client, user_pk):
        gof.return_value = [m]
        params = '?spent=False&public_key={}'.format(user_pk)
        res = client.get(OUTPUTS_ENDPOINT + params)
-    assert res.json == [{'transaction_id': 'a', 'output': 0}]
+    assert res.json == [{'transaction_id': 'a', 'output_index': 0}]
    assert res.status_code == 200
    gof.assert_called_once_with(user_pk, False)
@ -42,7 +42,7 @@ def test_get_outputs_endpoint_spent(client, user_pk):
        gof.return_value = [m]
        params = '?spent=true&public_key={}'.format(user_pk)
        res = client.get(OUTPUTS_ENDPOINT + params)
-    assert res.json == [{'transaction_id': 'a', 'output': 0}]
+    assert res.json == [{'transaction_id': 'a', 'output_index': 0}]
    assert res.status_code == 200
    gof.assert_called_once_with(user_pk, True)
--- a/tests/web/test_transactions.py
+++ b/tests/web/test_transactions.py
@ -89,7 +89,7 @@ def test_post_create_transaction_with_invalid_signature(mock_logger,
    tx = Transaction.create([user_pub], [([user_pub], 1)])
    tx = tx.sign([user_priv]).to_dict()
-    tx['inputs'][0]['fulfillment'] = 'cf:0:0'
+    tx['inputs'][0]['fulfillment'] = 64 * '0'
    res = client.post(TX_ENDPOINT, data=json.dumps(tx))
    expected_status_code = 400
--- a/tox.ini
+++ b/tox.ini
@ -13,6 +13,7 @@ setenv =
    rethinkdb: BIGCHAINDB_DATABASE_BACKEND=rethinkdb
    mongodb: BIGCHAINDB_DATABASE_BACKEND=mongodb
 deps = {[base]deps}
 install_command = pip install {opts} {packages}
 extras = test
 commands = pytest -v -n auto --cov=bigchaindb --basetemp={envtmpdir}
`@ -1,2 +1,2 @@`
	`__version__ = '0.11.0.dev'`	`__version__ = '1.0.0.dev'`
	`__short_version__ = '0.11.dev'`	`__short_version__ = '1.0.dev'`
`@ -21,4 +21,4 @@ We’re actively exploring ways that BigchainDB can be used with other blockchai`

	`.. note::`	`.. note::`

	We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or tranfer-enablers. See BigchainDB Server `issue #626 <https://github.com/bigchaindb/bigchaindb/issues/626>`_.	We used the word "owners" somewhat loosely above. A more accurate word might be fulfillers, signers, controllers, or transfer-enablers. See BigchainDB Server `issue #626 <https://github.com/bigchaindb/bigchaindb/issues/626>`_.