From 920eed74c81e67bbad12e5fe5c04aa3fa6d7a262 Mon Sep 17 00:00:00 2001
From: Maria Bermudez <bermudez.mt@gmail.com>
Date: Thu, 13 Jun 2019 09:32:27 -0700
Subject: [PATCH] Incorporate engineering feedback

Signed-off-by: Maria Bermudez <bermudez.mt@gmail.com>
---
 .../admin/configure/enable-single-sign-on.md  |  39 ++++++++++++++++--
 .../configure/license-your-installation.md    |  22 +---------
 .../use-your-own-tls-certificates.md          |   2 +-
 ee/dtr/images/single-sign-on-1.png            | Bin 0 -> 29979 bytes
 ...nable-client-certificate-authentication.md |  36 +++++++++++-----
 .../use-your-own-tls-certificates.md          |   7 ++--
 6 files changed, 68 insertions(+), 38 deletions(-)
 create mode 100644 ee/dtr/images/single-sign-on-1.png

diff --git a/ee/dtr/admin/configure/enable-single-sign-on.md b/ee/dtr/admin/configure/enable-single-sign-on.md
index a0d784955a..d940e3d0bb 100644
--- a/ee/dtr/admin/configure/enable-single-sign-on.md
+++ b/ee/dtr/admin/configure/enable-single-sign-on.md
@@ -13,18 +13,51 @@ To only authenticate once, you can configure DTR to have single sign-on (SSO) wi
 
 ## At install time
 
-When [installing DTR](/reference/dtr/2.7/install/), pass the `--dtr-external-url <url>`
-option to enable SSO. This makes it so that when you access DTR's web interface, you are redirected to the UCP login page for authentication. Upon successfully logging in, you are then redirected to your specified DTR external URL during installation.
+When [installing DTR](/reference/dtr/2.7/install/), pass `--dtr-external-url <url>` to enable SSO. [Specify the Fully Qualified Domain Name (FQDN)](/use-your-own-tls-certificates/) of your DTR, or a load balancer, to load-balance requests across multiple DTR replicas.
 
-[Specify the Fully Qualified Domain Name (FQDN)](/use-your-own-tls-certificates/) of your DTR, or a load balancer, to load-balance requests across multiple DTR replicas.
+
+```bash
+docker run --rm -it \
+{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} install \
+--dtr-external-url dtr.example.com \
+--dtr-cert "$(cat cert.pem)" \
+--dtr-ca "$(cat dtr_ca.pem)" \
+--dtr-key "$(cat key.pem)" \
+--ucp-url ucp.example.com \
+--ucp-username admin \
+--ucp-ca "$(cat ucp_ca.pem)"
+```
+
+This makes it so that when you access DTR's web user interface, you are redirected to the UCP login page for authentication. Upon successfully logging in, you are then redirected to your specified DTR external URL during installation.
 
 ## Post-installation
 
+### Web user interface
+
 1. Navigate to `https://<dtr-url>` and log in with your credentials. 
 2. Select **System** from the left navigation pane, and scroll down to **Domain & Proxies**. 
 3. Update the **Load balancer / Public Address** field with the external URL where users
 should be redirected once they are logged in. Click **Save** to apply your changes.
 4. Toggle **Single Sign-on** to automatically redirect users to UCP for logging in.
+     ![](/ee/dtr/single-sign-on-1.png){: .with-border}
+
+
+
+### Command line interface
+
+You can also enable single sign-on from the command line by reconfiguring your DTR. To do so, run the following:
+
+```bash
+docker run --rm -it \
+{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} reconfigure \
+--dtr-external-url dtr.example.com \
+--dtr-cert "$(cat cert.pem)" \
+--dtr-ca "$(cat dtr_ca.pem)" \
+--dtr-key "$(cat key.pem)" \
+--ucp-url ucp.example.com \
+--ucp-username admin \
+--ucp-ca "$(cat ucp_ca.pem)"
+```
 
 ## Where to go next
 
diff --git a/ee/dtr/admin/configure/license-your-installation.md b/ee/dtr/admin/configure/license-your-installation.md
index 4bd307b823..c96568e876 100644
--- a/ee/dtr/admin/configure/license-your-installation.md
+++ b/ee/dtr/admin/configure/license-your-installation.md
@@ -28,27 +28,7 @@ key.
 
 ![](/ee/dtr/images/license-2.png){: .with-border}
 
-## View licensing information
-
-You can send a `GET` request to `api/v0/admin/settings/license` to view more details on the license applied to your DTR. Use your DTR Fully Qualified Domain Name (FQDN) as the base URL for your API request.
-
-### Example API request
-```bash
-curl -u docker:$TOKEN -X GET "https://34.219.67.189/api/v0/admin/settings/license -H "accept: application/json"
-```
-
-### Example API response
-```json
-{
-  "is_valid": true,
-  "auto_refresh": false,
-  "scanning_enabled": true,
-  "expiration": "2019-07-09T22:26:01Z",
-  "key_id": "2SDaULA3xBvQ8Hrp-05-7_JPrWdthGINT0ZI3ArdhAK6",
-  "tier": "Advanced",
-  "type": "Offline"
-}
-```
+Within **System > General** under the **License** section, you should see the tier, date of expiration, and ID for your license. 
 
 ## Where to go next
 
diff --git a/ee/dtr/admin/configure/use-your-own-tls-certificates.md b/ee/dtr/admin/configure/use-your-own-tls-certificates.md
index da46d1d4b9..e6478d5021 100644
--- a/ee/dtr/admin/configure/use-your-own-tls-certificates.md
+++ b/ee/dtr/admin/configure/use-your-own-tls-certificates.md
@@ -33,7 +33,7 @@ Click **Save** to apply your changes.
 
 If you've added certificates issued by a globally trusted CA,
 any web browser or client tool should now trust DTR. If you're using an internal
-CA, you will need to configure your system to trust that
+CA, you will need to configure the client systems to trust that
 CA.
 
 ### Command line interface
diff --git a/ee/dtr/images/single-sign-on-1.png b/ee/dtr/images/single-sign-on-1.png
new file mode 100644
index 0000000000000000000000000000000000000000..c41d8970ec22a3aae8ade7b265123b43062fe5b4
GIT binary patch
literal 29979
zcmeFZXIPV4xGfs{5=E9uQB+W*NLPACrG{P-dQo~2klw)x0@6b7HI&e#1f;772uLRh
zgx*W&5PG>Y?7h!(@4tP1-22>f?#+7E<7Za#WqxzM^L@t{@0cq{O+}8JjFt=nfsjMx
zr8OXsi_#Ft`E&nV2JbxoVbcQsxNM>*Ck;6z{gYmw8wK9E`c_`o83MWajr8xiKP*HT
zc=L)2R9WWA^kwpY@A0y)&XYqR4<S(L7cdX}@~FEDCHz9mq+rsgPZ8(Oy<DpgdRQMg
z_EN5f^5#vob4d9ZhG5E@*<Z-y<-FGFgEf$GJ-2Tm)cWL8)+o%(p)dEPFV62KHwlaK
zy0?#2GbXvO)tg%033vp46})bjs$Dv}`0?f+FnI8KxA^auvkOT7qkqqxUFAqUJb!kf
z6!`q&*+u+~_y3$-JbiHf=Gnz7k&6sx7e8G7m$^|+<>|y4s&`?<e|b-IXIb;OYFMK;
z{4TF!S%5FUK-<dAn>X2DHHZ%%KAy%9Y=@DxT7|l&CFpyQAClpuiKx@Ke4QS-5tUod
zgVW6F9VUI4ET%YHkR7I3)WXSkkOU153ffm44@{r<w;rA!@X~%9`pvF6k%$%XEYKjw
z*kSc<=N_jY?q;2o5)uyjIYLu}W>3c?85mw7>uhZ?HK9i=7a;P8`*~pg-?1d^5oy@;
zH#ud-!uu{68<W!t>lGIlFP#{*;&#OE24oC=7ZMg>JaK&68KBIjU6U=QiBxj&p8T-S
z@4R_YMtTgFutl@oJb1N+hBoJgub221zYa(D$*4iwR5K;j@#z&Vf`Egj0tE%9ZnYly
z684~#Ajr%t8x|IJG=J`$_8oC)qYvO=7mF152hiHa&8@APk47FtevE%}!O&u?v3d?#
zdCY0lD;2Lh1coJj1nuA<Hw<BYwXvuH+d^wzi{Urp6?VBxe6~d<R0RdZTKa`{G(lB7
zSF_B_$<a~WrW?j)IK_#{H-gjnaEosV)4OhN>$>hQ+>R+(%qqhWP~GXTgX{dqYmQfT
z)~uWH<V%AqrkFPaFVVDBJ%6jO*@ZbSEIdOm4Zxe(w6u{T<ouSCCWOl74()u4ENV7&
zWUPoAfpxq?`%RcH_#pA%%@+mjqO8w~u`He`>^M8MtOHlX$-mZ?ks%==ec3y(&pgO&
zM_d=a!8Sbminu)9ZP8xyWFq4+O0O}$vu1D4gZ$3UX9Z83)(|amdv-4<I5bpw+h^E)
ztv7b1wy@*m-1~#PwdXP0#mGK5A+LL4QnfBnQL9)hoGZoUB(p?0MP9>7Ctl*gcC`X5
zA4!Jx;afaRi(W2$I&HmT@%MLIV)@%rX5Z5&wt-Fcw4Y6k(7^EHjJXxj0uSVp%|Ok^
z%C#}uQI>VB2(RsZC36%8&bo%T0b$BzSbZ=dQLJMpZj8R%$+sVva5R7A9nJFR-G4o+
z<hUQ~tweN+h>D6<S68!z=H>=db7kAau;(c>Z<dvp^U5%l=vArjW@T1*kDt3VLZ%Vm
zV#GaL2iC;;piuZ=df@J*i<jGZ;cT<rN&1HPs{VVQubqsyrU;l;g28631Tuukuo@Ud
z3u|7E;V@F-OyYx87V3VNgS?}$*=@Lx_|&|n<?9`kAQ@H9np{}^`26FTN4_FdoCflU
z=q~oqfbBzRPv`joux#5ZadarP%4jm0KP9$;M+5GE-ujN6YGT%l3pFjf^H1j=rxoOW
z@PD4ZvwR9)tFV7<xSQ=P(bd^W`b)-?1Eto?@e^0VsOq)2LbcXP&LVSWmE#w@IZA3f
zg}N?H-Nwqp^#!+@gHiGs=gG)!sN;-$G4;-J%6m4SUN-$Qb8z5>;+-ebExPpcf{epq
z*uM!CZ-*2}H)N+d;$UH6f%c_GW?>5SX+jUDwiw5!7t7~e*q`Xcw8#0*d6nvL1bcUJ
zQ^gh;<vu$0vQ--&tGWAcUh44`+to~_rJkHw&E1tD|A;d4wnAjNKO!qD>-@(L2oCR^
zBN@Xw7hOy}`(jm-92#sc;{HO(k2%8CC|BNxYV7mfi1PAs=F_KAq<FaOO1I7EiFMoB
z`d|#Jvf#HfL`#D$TjM()Cb250)^ueXo}j_xvb}fJcf=uL?vxK+?L5~L@4&(?RpWxM
z^a?UDnchB(%xaI9Nb%t|?%iwa=d*2>p8XRmgR|dTT&-90gFt><+tKj)awj0ed-vt6
z_kM6}iEb{P@8vwlq%aZxUL0l2NV+|zu&8jpNi~l`oIt0d@O)*8_dvECOVQ|e8SN57
zZ5XWL$l<cpVR609=>CPG@w%1IsoWA0Mj5YPi}>!;S#a;kgyLNW+FkGcN2JWveFjs6
zY>)O)<l^E&!5Rwjd=99)&eS>`bwmqwDz*q!@RaRoELCGq4Af}2Bo;bLeTaH7UIp>A
zn360?Rs&esUXsmN-cQZ$!?qvY@P?dl(pIgXE5c;I5a&l}A0~9|e=khn&3~Dofu&=C
zvupQw8V`3%hx#tD9i|y`n6<~haA;81VNpqoWaKm|RcH>T)Cv^fjOk)8a+?2}aet^x
z0b$XppGPsal78g5^{2U6CIw%qq2uvAEJes%+%4f&GrZh}N|z&+@nbrbtze!}5iRsa
zuIG{S*w7XY|4MEeJXaPyUz2ueYZl&rnK+9Ot9G*J&LQ2enO#fLwQ)TBem}+*$N%QJ
zv3VzAi1}Z|zf)8Nuq*|pYDU%K19XAyES?-I{AzVPybndZhnb&VZI6ETQNue&V?5k@
zaQj~n7f~Zay7e{n+#p<aIjE1zd}8X@W8>VBWD2Xxg=I*EJf8#&{CC$tMpiBfBkGQi
zsRDGX_9(6D%;e-`vpWG((^IpFzhv4FOq#{_hv0QqH~%9X!n+>vcn!W{Qe7<siE#89
zIVQoGrowvo#-&Sv3r8}>q%_Q%>sP>V>Do~)d$s#+@zQ8LK~a2Odt6Dwz#tjHq?qF;
z?ww~f`9Z{S>1)HC-69hc6Ta8&yC}`9rEv+>`5n7$*^CdtAt9O*MGx)pl~RFWblNU1
z6_>;B7oGRqdg8EZK&n31CP6%kH1@Yx7-k%KqW!kC2%7<%!xb*GdY1w}$-BAL_%*5W
z*Rd-iij5jGKJ0Jem(zH?D|1ub)zXaE_OVHzM8~YnveSw>24`kw5$$WSs^at0D#;RA
zx?9xkyPF>~Za%7VD3C7A6fiF{>oO}}UY^NbU;iRWm_U)ub;m7~avRkY{xtrIjZin%
z$2GS$vp!spb=?nrsk+KUd;4C2Yf`1vL6vEm&gwuyIh%36+~m!hn{VAUJ90uX)xJp}
z0EXxZ%88<uZic&C{!8l^#ki6umOF320v!!Fk2KOF(f0%iN!)VsUQcPDJgsK<O51Q7
z_*U$AXA&qm@b`6|CnyI?7W2OmV>L&GD>?E%j|9ZiNuvtYue2owbo!5m?|D?$R!i(1
z^-lZx4p^qsqF2+kI%x}DkK&!&+%&+_V)j!6Z1Agw@DdHEoxXtPiCFbMfPW>L4>j_A
z?t(856&`LkQGhxJ)vGg!VOSf-$@yNfS>bk`otpYJ>hWUrbHGwSV<Tf*t{XY}4PG7r
zduVKQ>^75!wI9hO_?>{E#(ZoVw>|Gb$(9G|jb7YvrB#l^#{lcmxgxO4{h8+M{NEiM
z?8zV#pTC5u?3vLt?GcDOhTeQr1P4CzBW*0*g$K1npX|cO3HP*e&9dB7LAU}1a@Xr=
zGLK@;*RsK({M{cJO9PcLZp&kbznvx6Ky4IpCFJ|nds%IN`&m|1g&Rn-Se!z32+ShH
zU-PImeNlB9bTlxiV-BO+|DC}_5!l6OzB_h7AquZ~iS8PNE{?@r#aD1gvAVWKqJRGT
z!otEu!W8-N#AAsukDN!Cjew26QYC`+!^Peiua|l)-*uunbW3H?D9?_k*THrpe9LNF
zVjXg>N@^ttfNZx`;iaGEv-cts7b|Qk%b6l7<xO#aK-HPr3go*)exg2dceBs?0UlMV
zYRIWqsqsK^PafnHtoH*CA6`hEz<YU(#!rDer_z2WC-_5x16dta_CCNbdzEsCuH?pa
z;cGO6-6lC#b|IY`J2%=>`9o0f{JcsBLCs*wtN#0yU{kiLrfP(9t)X1YTMis|#Oy|^
z^#M?Ea#P3|5q3t&L<OLXYXcY<9`ie|z9j8BoWovQmx+4U8(mDD;{|?)nWzO~nuxQC
zt)LzDr<9xv5l=qa=x<C%x5}pR?VVoZsPwF2oWf=zX@ftmt<u4*4V@N@tqsYksI+Yp
zutX83qfc`j28E_9Dodcacz&<V_vmHtYMd5TJyzR%5;xN}J28<yIH)5dJ61L11_~Zx
zCPtuh{Du@_)BaFEZ+BkMm7;c6K?4Sh4%S9Jg6i=c%2EA^)9%nJ!Hj%XobjGTm05OX
zQf*ltkK0ZB-M?ltwBg(Q`}Y&O!~s3@+e+n!fc}WMuH}CW43kH+gdL6G6`AwBw|kBc
z)%CuaRSUcs%>g@*O@K>lvAzyg?W61ZW>~=}=z977^o(_<ah(!r3V#$m6c!m|w@c(>
zi<d01@zB;nZkng%v-3bExc4__u=(Zluws|CMnAzc@!b1E^w;kSdn|lmi{m!s^_dDt
zYb3hHDkZqgF7YRs9-QviZg>t34YfU`JF@r01K>L~0Crq$zV*igtSc_+NmBG1-Lk<W
zKVKNwsIGg1^xgcst<ze?!|AfbB{6hz*2gS<Mum0V-_0`W>XoXWs=bb7KRCse43333
zgVOj<aw<=*;!a_L>&7OPjEsyp|AcOtNvKGrb$->oQ~uwxiD_vyJIe(GKfm_)NA(;a
zXL=n6xGqG#zJu*n^3NTeX^%AY-Z?!OsDx#_v4%g<*Bg~wEWr>2bU%jk<%?sE>%&kQ
z8OZ=37k8};$6MTxfOy<JiOKy79%}Jpm%n(<>c-F{ll94zIfaF;ak&xh_=t*%s%ZVo
zKPh6)T7U!P<*bM-F5R~HJYIVE)8H=e99K__EspBJgCel8M0}RNACN!DaL7GLcOP5J
zV3q6|xHPU<Lr;bL^GBX^hctg-SxrABp{QN(zRg%eIjGConwDLx9AXBgj*etEs*4_Y
z@8oyLrP=hB#dI6etE>0YiY(c>F7K39uHdsKB8Ews^z9!zyRinvB2oALUP%=(@Alb=
zhik#Jj8J{IRc!S&8Ybv?cXE-GT(}})%zk8@zP2%eZqekx<KY%*wERBXLgaM9dY0S<
zFeRn028NnPMFJ6$s`jp@<%XkVWY~Cz+`;<}U;x;s*(#x^ZZWebPlTk4##d0KQ8^30
z^Lfd_zo-GARBTXNJamnw06H8d;yRbyDbdJboUgU!h5<F+b$^LpMpkyo$SR%-BzO!#
z(E1OJF*}z)SlV+)#HTM`<VUYxuQ<6@M|}0`ue%;Uu6v7S@rOeo5DPL!4{unFO(B=|
z<{6Xk@@C^Mjdx(j{wbg1g#9RL3<%*XHkK3JS?%ADoFDiH%$SU#w%D<|t4jp~1B1)1
zQC`@6$qa`aC2e#&m077ys#lks`QLaW_tg>f$ur-*1;-?oT(OY3P+ymYKhH?pq-t%X
z7k$qU`!3u05Sw_|p;0vSP1k*O4C5*(3GkFi@7Ud-YUkbJ9Xg>rFSN~3(P5mVDi?sh
zLkD*mK?$X1+>}mortw9;YIFJ=@Og3Mb4ViK$ovjR+rowl)Z97SM%MhGG|bTdo0mTE
z>iFPr^5QHB!qVre6i6jew<j`{6OH%#klWZK2dg0znuK_2_zP?|DR?Qj=5O0mbL!`V
zmG`e5t+48or{Om2{cSDz1pKo7rAxNMUE<i>kvAhXhT6qOns43|0{Hsp)Z!hFg?ug`
zBNfhTeqd0nfFP670pLiV9zoVW9NQYJ(r_B60RluxcQd1Wo|}z<;TL{%6D$Fr%}5o`
zb*WYR;-!&>qF_pn^e=zp?FP$~3vdp7V4_I%gZlJHDs%jLvXHMVDPJ~Ebi>N^s6h6z
z+4&%YZJkg~<Cmijk*W7~AtA<@nVD?mVK=Kke|m#ML;Al~Q!v{(LsLh*{(@YdXCG?g
z<m9A*W}}K>(Y`U%rqW0!Qh3wYKWkyZD)iJokrr2yW!8oe*Y+(ms8T0Y<#TC1h3EG-
z7rI7k69Jv0=Flw$pH+_MF)Ytf@tK<@u5P^FIX<ZU^_XE`CF-Od!J5T?Jx{0jE5Kg|
z^tDxjM-F<%xzLpatAsVnF0f-7oSa=_+?zKQRubAR3Rh2uFN>gUkzgw>Ezq-|-w^dM
z1#m-ig$Ab6ch5;fVq^tLns#J<C~#x@p2$nElcG~nQpS99(X<1ePtOq=jQ#rup_;CT
zU536R{t?&{9&Hjb1$eR{;i&$4lNt~aXm@n!XWJ8`GW;(y47;tUpVWEIEHD37eF%~N
z^?|9w?&O_Hs#vw(c&YjrRY!qwHwBR-iMTbXCh%JHq^o)_6$#S+{n=Zme&NCK^d}%!
zaORq|!A5Hl_{u$kddX0kMeq8#;{o@De@I0|*+#V<myyz<n!59wun*`ylp-}70Vo1W
zyEu<xeC<eSzJi?0slfTL(&o@ekV!FCY2RsnAYGy!L{NieaniPtQ6is3G`K-d@9l=D
z+N6RS*VVjVmo^K07By)5s;U~&g!M1T`LN<BSz!QvCtZD&W;U8r#AcZ3foN<@gJU@o
zFeUSWB&ngf^`1gZyA*xh@C#EGyq|7wBQ8*6r}b)Rnwav9ogEukNf=;Jn*-DO9MsB3
zUeU6lDG$@ChTBa_^Sok$!5zOVS2MBW^4we<kkAy7pU?2<H^q^r4eGnQBKiI$6vTaP
zQ#ji1Hu9~bdJNettkEsBanv5jOam0RTdkL~SrdgFBJbZ{j^TFaBEQ$8jc@_kD)eMd
z^z%q{)<C`n>UBLHrC(lCJi6Y$olx$2(jDY^ZKh-EckcOfkP}I_fQ^Me!;Ndbt*fi!
zWdc9%GlbjpRYrBCHa>*vHM+bnI}v`bGt4#WIx|R*$WCiGlm($<UOv9wJ6$OLEMVvK
zcTQDPQw9ZMTOHR$LKIlLfY*6OTLRem7Qv1D+?yW{hVIwmETu?11=^Rq7?tKJyY|{R
z6vN%24Mk9Q?HS3CQOUnmhLR^lW>a!;;VVocHM~4@s#=?y^R=R4HyiIhyyETsV5DI(
zfAl3i5m4@J;-|I34nRe{N__R}$4f`YX}Pu*Ox;=hjz4$aXDBT#UD_XdWjBr%{3-6?
z^5-ifRePFhKl9f}OH}mLt_^qm4?yrRfGEq1HJ1Fn%WJiNq`O2M`qwrNlRquTvY?PW
zAbzm2uI{=w@ffN>m{aCk*BpK}84_DG03MqWY8-wi(~G}=9TYlbfy9E10l+KDcO?_k
z_(*E(dT{Ac5{tXze!*^YQw9|&`Swmz1O(1>q_F>_|Alyys(hMlpA+7_YHw+2x%E40
zX)NZ}a@1Pn-8zTy>aD+Pv%R`~X_k$F?J-=|w*%x6_4V~cFO%shm-*FtOOe>ucMkmK
z-q?nJ2^1R{h1J%$e|T!P5NA42<St2EmfXuPuaR8cYtzKnI9Flq@Th#r<3eUTQQfA9
zfz<qgGVAHz_fnfPOCJX^(*_)k3PkWLT7VQY5%dh;17g>qc;RdLa#@LP{$j7g)p{(B
z{Pw<Ek;zaW7DrJs#4kf;>kwyncw=EWU-HP<?o6Rx@7~w8bh%DJQPtq)?%xyjdv_Bq
zzFdLe4r&cC?@WdkvuZp6GX=CP7SE%?aPcygGV<3vmVeiOuQ)n7Ui}czIqYsTn!`zw
zBtCqQayc!%+LV2TH%+o6Fv>%`ix>%&GCjSIJK!_^n(}JJVmW~gnaG!y3#cy}sN^fP
zetGoFVdW})UZdTridu!Si~uVg<VVGeuePSmGu24=ig5c1T11PD++KSWE$Ge#SiNws
z9d{;qg$-6`*nI`l@Ud}mduR)LIJ!2y+D$y++A}I^u*V@=Z+A%0dTp-}Grar-qyeN!
zl&}r6=rqn=ieX2|^vhnQD>@V8pQ=B+1t@0$j_$8ODu*r)@}xZX`OLAr?OoOGXz1!1
zpz^OLC&|bu6kTewvZgfyKZ|wWmYABJCOS60Ao0rVEA@h#Gwu0cfo5JgkYu;Q+h)g-
zbSVWhYeLSeb^O<%NzCZEQz1A&5ZW0>`vaEiZ$}%PwE;65sJLoO=w$ee-s^rU-N)Pc
zB+X39>1{+{ZSCe<S3Vn6d%ojwO_0Q;g$!_a#K;Z<{vF8fiGud&zE}LqiwlfvTbw1w
zggKT=dRDD(_ccrKKy3inKwDv5d_{>@R>n>XGPAPK_FGy-!*y_`U@8oal!WHo*Sq^y
z&)O0e*Q9UUKN`i?W&%|K3zgUOJR)9s>)~P6=bslKCyyA>_|9B&EYtl9Xi&1YcMy^e
zbjlAT@pI}0yz^WGpst*(O*iHdMr)kIiLR}cMTJs=Hd;jta#yYpX`jM?Qnhq6$wE7j
z8#l*o#0+gm2y13aeMz0$5SBLjMALiuSJUHLN+SZcV+@!QL*BMAp&-wS)}C0nV)UaF
z9Pe5Z>F18;Yz^!Eq<{*HotiCh;pS6nq!-S)LGM!tzh>F^?cw#aUF&laBP>mlLx3J!
z*dgI+qi1Z{iGYGEgUIf;>}IMt1xbTyXZ~%HfpA%4w5{K^x;?%7${W%S1)@O7Z}NI7
z$~V5pd-Q8#F>F?SIO9KUtO*Q{AM?N6dm<w(_Rsx;-GlXNufIo8M$-58mXe?~lWW{i
zuiX@^)3++zao!W+sm}~Ag}B$zAj_#w_M~%T+TVnMT5oMTof<WB#h3`j{qgHPK+62j
znLkCu(S7+e(vU@Qcw?ZA*OCb;TyClPvBqCnYcY}GGg~w#)8fx8XL<>?9rf}#Zm*f}
zqfPGF8v5hMBKxM}OMwBOb-lxnhWjLMeGp5Q-&UvUhyg{mQWcv&X$Xb0MSGjm&W_t%
z0Ma_93}eegdP{R{)sQ5gTxk_`mF>6e^qjNJH<~Rm;??v^M#jg-OLvGLd}D5U8a>#Q
zBqlb3DSYiqaMHQeRDaf`I<51sQ2bF`e<fP1x;!(>l+x+25~z0hcA~paHcvjXv}Y?U
zW~{Y*Rp{ZJ%-R*TU3))H3CIY=;dQlncYK~z<jWfW(*~@=SPq;ZsNnVVZ&s=5Xq<*R
ziTc%a>I0&nl2Y95<zE<0w<_Y^s~zPZpOJL#Jy@9{{VY_@37;aU40<&-ML=a6_-15>
zREbe||KbH6z5C8JEHV&ql7bk5Kpv21N|c(8{D*(6h`RH+4BUYtk_rk)5;<Z3t?3QO
zyWBkY!P4Q~a(Jo1T`E?ciF}+o&^=MG;;(KiqUivC<_(FakVLKagvUuHrlzhyp9YF%
zZwu!z+UaLE0Em4lweFZ2XF*JnI-DtlMzfM5!Ms$5RJl9j%YS$+zue#2x_y>hPD0+x
zH)cFWjA-S|=pUH;u~b-#d8-moSM6-Q{p|(q(<8;tp95`w4J=-5&sLpBwwX4<oGj<T
ztSH~Z_9x4PP*L8`eB7$KuySKfw~EQ#4g0A?HV>5JTPt_hc|a=EP1`+%k*FLgzcqR!
zxTZ$P0pSVdy2T8L`RCQK+T8a|jWDwrU!X57#8}0jI^4UngApR>e24>|5#`0YKCl*T
zt6yFm59BxtHn%h{mUlPyAciE{01?f{ZDPLt1ULzD>^Bn+GHah@Q-jBn1dyk36?e<|
z?OK+ltE%jJmB1oSvHVMllOsi=_UxMgVn%^!2X!J{aQsQ32&MpZ3|Ra{je)v5+a0C9
zMa|uxdfd2V@jRVlhuXXYp^IVDh9y-cwU2hLAmK1nG%NpFD=Vq<u|qGG{q5URq|#yr
zqInz!a22auWnp_9OI260=xNFLK#PPcJX`Htr(p%G@qt7ph?(G!@VLO*q|Mp3B8A!Z
zKe;NLB+W#N-@)}{{Wf@XtKYb3s+)K7RqXWZZ-s7o4*yspCRKPIsz5b{G?)e|Uic<W
zgUERP0AJCgT0T$ciz%Sp9fgq}Rm^LaG&PMX^D?XU)F|tty_%R)B)nDJ*FLxZ{ArXg
zE)IX<Z-hZ<VMLy-H>I)yEZsZHu1)207zR>PG#fIIY_>ZWjMpw;>TFLLNr+C5ulAi?
zL)H<(q|WjL+>x8ZKoRGl{by8-?E+-I&(rIBzI6(lle;UDN9i3MXc|w%JagWlg|iWJ
zoXk6v%pnk?nh@<`TinmArNKIhnAhj2QQ)3+Y%f;>ZUsOfC;ZiA<~ebhLI02Ssq1!P
z3k|aTq~wk)$H$MFJNRZodPl6lI3JRl-|K1R08X+2tyJtLsVlyx8WbGdx3`wVR4oo9
zzm1Iz7$pS4JpY^u^l)*V&5CjSE(5sDEebV!MLrzm@eE4wD`GXxkGV1F90~5$_2u+d
zI5cQ=pL~Q1n^U~|FE2o@ESw|>R(<%uPfY4<Pkxrw`HX^Iytt$xAsZw{Ht$#tT8VEZ
z;OpwcyEO%!!^-eRH*(MxRvGmMz*_{M|4IS7;S9jc)IB`DFR!d%N-QbhY{puM8N<e)
zn)=}vr2I;LngqfzZV89VNZ6ug1N`>JjT^MQCV721(4s9GUlLntPvH$LHmWTKpGVms
zgO~7&4~B+@m^@B{3~d9p7jH#xHQr5+G-X)`kIH4byM!Z1VG48&fy_uNJa;dpaf1EI
z6>olr0a8dt00huwyo~{1mS_?AQp9^Q(|&Kiz`E(6EGorqbu<@fM6+!%nvbs#<C=fD
z+kz>K2UEQseCM#~C^t4JB!qXVaTL2}zR%Y5^m>!z!ykEL->Q2-s}THkT1zcLy;#;a
z$rrT3{^a#n#5k_Bgi43sz3(*q#JIe{5$J5-W2T@VCmTp1A#lCvDbNp|p|B1nBV=R(
zbH`-^3mc1;*kh0^cz`HyH{kUhefMPn8$mnsQ7v#|)4x?w<V{b%#>d~uQYY-l65MNP
z)z#H0#t6SzTfVR5(1I__a~bfF#iFd12g|#`2)}%-bKvvOEiVN@L;CG8ZpF}_j~l&~
z&=PDCKvk|i_HF^q?5{upeJsZC>pKmt&F|LMdz>O}&-`>N`@kJYZ&fTFy)X6YJdiG#
z1zBf9R@h;>VB>ZXalCB$uw~Wviq$uW(qZjCr{up6zy?E4fgTBHX%2uQ2-Wc7=H}1S
z+{!=X&(jxuQ4$eYxjKmKV+t-%d+&qDu1ew?$jEA?q@yEsxKO6UT1$d1pZroA<<tDJ
ztu@9#fsA2xwE@Yck7;J!zklvK(H0lMC@duO#5i>XWrQpP$}ck%sG@1bhP&mluI}!d
zvy$F%LZYJi(2rjDGE<zhAt4L&s8R3qs|FfeuMG_kcQAQ6Rae(6f!suP{kq0h3ppdy
z9#|WIP7+(BXF7`O#9+KQL3(EkwPeE_Zq@5>Py@|ZPP=40{n>elk?r*aQm-OL|HV&*
z`53IllOSz;Ma}B`>F;A6W}fVsjHLJP@&4-(q)@5p0y*zzl>@sB84ZxLv(|FD)%pX7
z(Rkh%^k2NPe#Pr80Vv{;RKV-O`?#j2rUSf5>7UL{OwAhy2X&wWxss?ylCQWXQseEP
zmH7s2;CY8jOnEF&vVZE371o-=g^Fu2TIb$Z6?U+SkJwe}FR#q5F4=4u0or8s6~r$s
zDNA@1WkXl;Yu(p|3a^o0^EPYa>OH=d6f*s&q{14G*0>aUe?+o(C92^R3TKbO&Dqrs
z6lR1wnRTFy{Ur;*kb6cJqhi32LDvQKvgmSn%GS`hw)`Kv=H}+Mu`wgW%=}sjkY>{k
z_2`Rof9Sv9x!yEa&r*3}F~N!4QaC&{6aw?b8t|8tlN7p^hd{Tx<oJqz9OEeHH+2rX
z=~a1uuVvlz%LWf8z9DoimIDVmF^o`9*?LkhG%kVtiePMd>ax*i4($W+QsKL6M83Kk
zbg;8re3BLp0~7V(<x7Bk<It^t@S*xA*h7+D>lqRU1%?_aQX?I+U5rQ{i7F;)seO|;
zbt)uP6<%)v<mP%0&}q!?1elnZk{|=<in0Njg;S@@pzq_;MZly;IszXT<Xt|g1iZrq
z16JCw@AN&Vb5EDV!Nx8G<XNB_KU|QLlXLa1%F=UL&J;+Il;0GR3p>r|pYKvc^ku6Q
zT{RBv0o`s`wf$pw@vsiy05A`aPnW~?6dqsR(R8x3B(=hHc`dQqy3VkACz<N+jM@Zu
z$(}3q2W%qDvI#sEdyV7TV<W<(uDk>%KHofd7xO!}7^PJlk#3-YV}m}bTC<uT^9}w|
z#~sp~c{NMUrZv@fvv^#ZpH=`@(nybBB&jfNYoZU=4wMHnrD)(>#wwu%9MbU|M5(#U
z!{-}2=)E_Zjf7v@hR$o{c#o6NUY6g-3cofV+H;Wg+JCsOij#a>M(2FwE<t{D$oyZN
zS`)^xEZQmnv%d=lS%8V*|7Jf|9gmp!h|5O1E8BU<ddYW>*&6Woynmv;@m_CArv*<^
zFkx@?J=SipIHEQKb{R5(+}eJt8HI<>OwK8o$3y;yr;HSqq}TuU4m9wLInyLy06E&d
z_<5u^Bg)dXll%GP&E1$^&APfg+5P&Tw^&0h71;iPyz+7b)dY3{<PP}tI}!@k8r~?-
zRu>?sf>yPgq1VEnRZiNcKG9mmqY(=yx;&N|8<{ex-+i0<E(x^0b#{fv{=JK-(Y?*T
zlYfZEO-4q|S4`s`2Zx8Ne(MARphAKPo7PkAP;$sCn{85{l%%{!+kvHp*FX_-TzV);
zmDIk4$&aT;AIFWtZtSRzoTwdQIR~ce!)m;_VTb;QhL2mm#)T+4VNi3&RVB~3xKt1z
zshk4MY6Mw;uRM)lWHqhfLmAY>*NJH^8tHs@J9Sf{DK@}W`UcJ{Aq+grEHj>gxDOEq
z0sX@kNNzIu8aX8J90M#20EA%8Dcq}a?fw4%bP7Bn?GX|wiF*T@(+93--`z3kZefcl
zGhad9fP?F_IhQ%d)qw+yh}jFmPCN#FI&<5Beo}9!w=_h-3)km4u87D+7GU#K%CTPM
zFZuT?ta8cqD?x6OvM+eaNxyPTOecytQ*&uWRi?OrcB)K=HpwL*fO|&j^4#Ar&&1uK
zr!QGKq)<eR7#I!|R#x$NA=S-b(PEl49l3g*NX2PZD8AwJZKk+91oHG62`avm1Tcw}
zi)%4rB2d?PpyIV}k)Du#0d*JlXOkTNZX6Q3l9BP67El_JdK&0vuhlS8O|oH;BzUPq
z-%Q^mt%7d3QNB0ZLJve8HS)zZttWEp`Ib8zgTH)@PCHdr-nWjGCEr)F*38xVT!sX8
z2m!*z^z<~^ywx5!>-c*KwNBGHzZe*ppsyz*MLdq81y&E>{WOIG8@x22s}s#{T5|<Q
zOP5jLcW%T5^3M7uDZ^@ab#M8r2eF~woS^+roBWr30DHw(yEg(MCa;Dc#jIPrmm~uR
ztPqhMO-JX|Xe!ES)X-it`t&*)2wVGGGqC{XEiW(gIgh<`wd&U(N&Yl6G$in8mnew&
zDtwI*>S_an|2*>Kx5kIl3V0>s(N;OYRU?m}9mvlI77Cqkf6({@K7n$hrfEP0@CF_4
zAG5elC6_2rwv~MFbb127HtzVsDVzU19Vv?S{yqYlppme$&l1WsDOP~cb!gO=`!S%t
zXX~$i1q{e@Bp6&~*@1d};h?=%<1=H2Wmo)93t{cBWzY`jwpeHb&bGnmjd~xMlyPg*
z@?y1<I=x2E0$0zs<6|~Gn-7qRNwRCMR+fgw$d|(85BOzsyOK4*BcRO>Rp7hDj8_6J
zPyf+==<WvRGE{nfGg7bKJp9Pv(kZ$(tnxDCDfbzBXm@mWCTaL~*wJg(yeH?amo>Ew
zMJhB=(R5BOE<QH<c?(aHW&s)mp_4<_rJ^Fx(cAm%YS`8u@5$;&eZlwdLZj8*s*#bA
zPA=Y0yMv;lqChtqd(f#5f9h{!H&&{c72p#)Lj=5wNylA~PwDW+X@;%exy@_Wy$b6@
z&t~cjJ>|?!Aq<SH`^7ZxFhJvq4bZw0jt7NhX6;Wxm=?of|Jl@jgG~|fRuL|<jM<*B
z=DQFOu2Hosf-<S@J8&A2PAUUhmCaU|p@`$bS5VI3nS)8tRCfKGZ6{Z#eL0t6fD4;;
z-4`CDs%`lg=jRYt39u>tet8bmyNSCgjULb~8g5NsiBw6ID6r=B(*ig!^?SEyQ6gb}
zKg4CCN-FrvmmYv_`5ZPh2odS@mfcYw>+A6iqp&o;0p%-xlG!V@J371Ex<|^OH)FK}
z9C76~vn&!VxU&Q|1$~2FX`3?4*}MJmJ|L2WJ3Jtpu76GBFD$v8t3pTu=Fp#GMxjd>
z^`trF)bHV-bG3xqlJb4#_5rjkNJ=B$LVv0kp)(V>-n4n=IC?(Z?FYMNW^M`f)7Oiz
zRnmg;=oOrqoa6%bN>Xo&^qFPrs8p}eeJ2aJhgr58olvGnQ%{MU>Jl!CrD&Mb%?+iI
z^L=yX&oA;zkod%u*J2XEq=FEB5BQK79<SNTH>w&PR9CHz6mhpG^<XiIxBluPqJK;b
zi}*|x7VlqS6XVffMX+ecUN>Sh5=yJn$eju}4^avyQEN!|!uSE5HKA)1rCo5q8~6x#
zDMVsyw7Hs;FF+n%J+o|=q=OJ@ZfRK}nGNmc={S=_KPsGqOk6sH3m%s)T^!SB!U7CC
zmjfCotfm3mFkpG-{?{2~2GXm4QrGtE;(sCMHyH1K-_$-4!}DtI2|RB$OVoXhc~C1~
z<#CFzyTs1}*&<OZ&?Xij<QxfUqLV5SpggldAoA}>0bS=bH8sWOHZ@?$<_&zzK&Z(x
z+2_H!0zE*l(klh{>Ri`*Ub6vdfblsAv>6GLj6Riy-oT7$s>)gGG<umtn!`Zda|I?L
zprl#Wk7mD*E!2_vd>-=dBFSa{gPjGC7~+0j5-_Z5J$v>H8XFQ6iUDE{NmEQB0-0Go
zg%%Dkv2e8;MT_=M3WD#9{O31CMD$2jM=25RV?N6lh*`JQA(j$8Ym#e=Py_nuD}&{#
zU^}x)9k{R=JZuDR6L};U=RH!;OvG%xr5os$BxF^GP!pDj_kv>etKB}*VoOZR?e~|6
zURi1{%-f>X5i^>#IkClNgFx5*HhZRkXv15sFJg+E<wEa>8%ZkBvV=5u)vWBKhys4*
z?t7w3PY`K(TH!*}0}8VmC^>Y6A>kxN`hl?D%jU5sN~AGB&&EK7L+P3VC#kZnpnWWG
z&$=E1o&l?w(I<7AYgTdN6zq&Mm9bs>&^9{OLyTZlh1skPDd)awj<^f<y#jF2_5-Pq
z@AVQzaCk_0v2nFMcm!V`9t_3?WMSZwRRf8+=v1V_Iv+Uc*!eiVk^xN%aW;Xr552J*
zHoe&y_Ls*Hj46!^1^4^}XAMh}(SLzfTVaQzLtBqA{yagBvE{tcEw@@};e;_mAQ6m1
zcUzjQJI;0t<nQ~lT?$s^f1Ohk|5JMheE9#3k9KyT0^$tRqy8Z0IG3d(rq3hwEKN^m
z68a23Z_dCb>x2PzRb>KQ>8)j;3gv+#J?p4D09}*L1%S?j9X1VEG*)W1dm=~m`9OLo
zGN^sjdt7eTl|3aBBIbA)fV}o5Y!cK3js#xdwPOYWh0}Ax)_vBi@QJa%e6byf5DwI=
zh2R_ptFlcuuF_Ac>2ZZkhy7?B6=Gp$+gcox?j=)=e47FEjg$U`Gb|(eQDP-ug5EWX
zk)#j%CyOC_o31D#IH<jW7fsUfP-;cLN-ca>gk-E+IbCrNy~7KTavQuLu?ierDY@%R
zV>Oe0LQ?Ml%q3JkmW%0YI{sW22;?ha5s`)guMprOY45D1`j?WyJ49wyu`c7KrxOWp
z&vP5&c8&vGwzR%z*$oxN5)1k@F9PXP_AGUY0yysE=-Kn}QFVFw{rmT$+05H7nx|G6
zB7hm7sMTglQ<X(E4YM=qO&SWR&yol)$kW&_Lu7xw+gAYW_d!Og($b&m2!a@}A-DUN
z_sPg^XrW-NBtz)g(SQomZV67~dKID#9QPfnNfNwA?`e^owhi}Bi*`;9k~rL`Nq7=W
z5i13S`-<dVt;F5EYAw!WyOo$t(A`u3earg~9#BzI7Cw6%s8{m%iI5K5H_`eSu@6ks
zQXdFM)5|iKE{ZSQ)u?uPM#Ubj4RBU)xFGC_>J4Eg=YjT43a{{FA$O?EwV9k!5E<q1
zFi@x`RNdU%04$ATr1~4D-FV`s<GwcLo#Wf|s|jt=>D8GipsugY4KJ_=CB9C3U*j*?
zt~WOr6h*25)PMJkL~%tCjG$MpL$|uB*J$=$i#zc#bV=0Z6J!3H{97o)QT?nIUv?-S
zoSXq2f|9Y(@i^6$M0|sH3GiqZwUSQM02w~c3ShR}ZsW=Z39o~?E`z$v#cSF&*gjW8
z_M3!0{i-yvHN}sBWaj?2;JgBY)YNuDDx$`Q?fATYxz{)m@tWcN`G&TjYZJ@JZ>MGq
zq%AbaafBUUprVyXF99Zy=w_2%pai+><N3+=W=xUL6;>c-ZF`=o0?VRfinzZzVtX-=
zo@8{>D|P!wTDJg-Wfs5#sQ#vDlMHDfK)@r_`Nr9tdL9Q|^<*5mTJ5ZATeSw%7#4n%
zx;nyzDEqF{4Pdv9Gwk-?NB5VYB=3R*;W(0%&5^+5GI~gl(wilt9jU6~i2dED=~ZVb
zOR`rI56B5lA|(}@3P~+B%ifE@PUhXrz&%f>0f!2rITbAozq>#I8b*LqLSXy_?%vxP
zz{(A)k#@AzO~dn}?fbPzm78RLn>1}D&dy&*Ex3`0EzXQywHI+asB^n7WMb%GX(=al
z@qesHSW;3!nMK>1@>L_9!E2JLrfEP7%}CKeZp%A;=)b;LH;|>sg0>wp2-U07&aVnC
zP`OqAG&3vnO{}S@DbcEU;z)k|5w!Q&vmm<p4NJ(_`fgl#RMgRt1HP~X_<3`>;*qtx
zFG(u~c9R<LwIX~PQ|VSW8>zrg{;mdO_+zWeVs9XYS3`Q6={X=VJTn71FFqC!dQYVC
zmXfOX2C%HB8j!@Ur)@k9+QoXtt*xzu?dq-eL}6#d>=x)xg#hFFQshG>F|n80CC1vo
zGt2}fss4i2iGD|`_x4Ax_ki|okvVU+YA!hcGf-TAh;{|UwAhFkw3hKab@?hbhTTZV
zJcOq5suW}XtJM2^|3ZHFp9!YV8MF#V(}DML(c)G5(S`G9k7k<(!Y6_4v0RZe68)B4
zy`Zz=%FPEGS2=tEpb$zg-v==pLc^H}&Uh?_l-{NUQX&vS0k<q1djeCtv^g8YNPcWm
zk;soKF>#>8etCb)XE8-Ndi{t!I^Vc9r*e4^IUaT&-id;z?xhCLbRb=<#cmh+`@B^;
zs7Pf?jsqxfeY}MPCEiKz?H}5<Q}9wz-r@jmF_N{z_YflwnuFU}R-%=5NYE-L;K?Ot
zyAlke8tBY<CI3uwP>1A%o$6(^D67@a*)c*v&l?+mlY$Oe>#@&9nyTz)S&UEzO0GOv
zS6f?P@k^9&OlHj2LbCy?Rpqr6`U@+!#k~Ksd(4R376#H&ZBh96u|*3*63=3v2kHee
z82H_D0o*z1U;f&9C<k!UM76ZEbY8Z*-HJigRDQ;9$qeYQiVdc)G*NKVGiMXDT@OGG
zOp)*(I+(euO5slRC(2M}a~5&o^*@jw7td<Y`meg9wS?ls{l#{SEo#wle@GI7A1=`O
zSw~Wjs;&dxO#)|-k_>RFk&@~`5qGPq1~^zZ^HcLRP_DR?P=GwF)6$As2c!1+V(ObS
zRlQu0FTsCOIpgc#t4e|YdxD~Mg}VSifWv&fpyPh~O#v)75~TFBSH4-;2Ni&LCAk9Y
zLO$p~v^_n+jrq#S!TDa@_Y*YNgq}Ok7@_uZ?Lp+&CF$pCs6I-ndrK^NuP&(n{_yI>
zbINlsB5W4wKaY8@@kfjeukOmddc^qr-IvHi@2)oCw$Y)s`lz9i+O@8~=)OGAO}s$D
zz!B5gIXO#&Uehv|+v(3HGV*Jh^&;UzmEh1q=MB9liYOWV%C+<t=OE87lh*TL>*8pA
zfmX3$iJhqXIC{D6a|ou!Q&U((Xt45<1D=7#(o+0zTQd>xB66_6JP%0<qA)3|jrnG!
zNjx|~Bch@l^tptYWUj?=X%Aynvxg;|$9&LlusTIaf|y`5fhWZeu<@^<B=R&P1cgFv
z#&cqPw&wdkwe{QU+jkz2x5o*Vv`4d954-X6!GLL2Eh(0BM*m@BdmL+#=e4*V(!-sd
zM~;{_Fup>J+8xJ4FZwV3t=>wAO{#iTikBGT8Lbq45dteU(A}rmj$%Z6W>#Btn&JUH
zk?(#F;5kG%Ce7g-(K{n9z;C~(#s4&Pd0DBl6&PMC96JPjH&1FS?X(Ku<sYaQz$p^c
z*f$xxK#0uMpdfs;Wf}^`p_&D@*%>`~7)a<VttVNGFDb^h_4f8w`u;@BqTpGHn=?C=
zcEfdcfxmwJ;<w$rnBc%B>NB&OD9nAPgbY442bp)qia81@b%kQU-L$0xk!Uk4;V@}}
zwsR$zpk9zBCYXjD1v!0LS&}*`V%xR}4-N~;0IT(m@k~^rS7ZEPoRVr^p!i6e5h@p+
z*0X;tZXj=Lx{?PRKGLgptFIB?atWBn6>7<RzHmfxSkvAHbAV9NA`s30lbn2gf0MM6
z0fK+~Uq`wp|EuTT^j~Mg1ODr5`1Suf8-C}1oDIKE8Vh*65;{u>|No8t`*ZZezoj=q
zXx5iohbiz)&a;z8sz+>)iyI)o&;Gvv6>{Kh?BchJw7^m!@0@-W0(q|Dw5(7Uz#)O;
z%*~`qOGcS^8V;1bv9BNfBPq8$o`;#|bJ<uNmhjtaN=*E|k7&^Gl1(X??WgFD{-egs
z{0yGPEnM{Z$}bmwW?jEj3;rjQ$f|o(h>~2*%GI^}o{OD>cQYl>zA>$x8^yy-CQ(#L
z(Wn_1d&*5P0Mk$ZKp=mfAv8Icwuk*VN9dUg3O5}E2|tiJMMC$vu6RckCD*4c8V}3S
zyUWGwx@vkF3sxueb0Nt*g@-DI&0dd>rFa`m3mCw3-jtDfCAdD~f%@B1M3$TG7$=63
zH>BU}=w{;(5LO(<HNs^AB@2;L5?n6wkROjjNg?{MRmh9UD7Wd>?DT40%7ucCp<b0q
z$2PK1WvF%+=1p$tPZ~ZiqHr^dKCJP3T!S^e)xE`kqvBDjG%0-_d^3WT<kj1JioMET
zKSCG8YwN4X<zwRO*(RqmL)Tz2jA*)Yxg=G&0*grly*&jPs78u|`@&oKy4Xf7Xw0?h
zVLx}=(mn?5<p<RmcJ!w5VNm#}cX1(sZNJPXxq~855%IyOI9=h=XiPkS#~qHFZmxgT
zc9c9mNbDVE3#5f<n3T!LYzh^~6`fzw9M(ouEUU!_aEoS1#Z5=!I@OEXXM5ABKhLh3
zm2^|5VSjhVF+$OeqpZ+_EV;XO;tx_5f#b-jU~}D$EC`CNIf;Siyh}1l_R?|QHNq@Q
z%<`G+>#kJ)`<ULne9V?QJq+%{2#wreJ@A-h<rJmNiHJATb)YriDRJ=B<<Ro2oT<2B
z7#5XPpVB_#j(L}Jg3=xdQK5kB;hw%ErR6(gTsL?UvcK$67KtIKX+3I1EbbJ&1*_FW
zou>85hz6-wnApe-lcG*36F-^zn{{B<&xF(~LM_Y}e~g>j{x#5)ST&DA?aw0u%j?68
zg0$sb5K~c_=q-b<1`k#$2nJtoAvkMpMP)ZV+GwAiOAq$5AM#7CHtd&(BHgzwpITUW
zFkj=vu2RQ|Lzg3`#GRZe5au;Lbj{32HnvBc4@KUxYK^iy7|8#2QQWxvox+SWW{;eP
zh%GclWPhRzDGt~6M7^YQEr~S#T$gNLd+b)Im4D2AIBQa=S^u0ng-o%Bz#F~<v%-r!
zrsovOXVvE}czu=ocwOo0@J2n3<2jSB!GLey3p>esSuITUaKRqUD_pJZZIK;nkhA{f
zJH|F#KXgs-nwk>|-mNN;Jtw(}tueiMx1A|hk7&EwcW{U#JE-wZXSD9me**0bD%eP@
z5`?MTU@r2@Dx)SA<h`~FR#4DCZ5r#!u6dt|$PQ)6syJ5qiqI%pf^nvSKk%*+vV<@>
z1q3bSE@D*jsrWp>?Y)!JQ|lR&GfKjwmf5a48>TpC>t+xNP3qIgjn8c$s2L2873F9X
zsG=E<zs=QYaQ1b$9&am%OZxUps9h5Kn^?PxnnGw0hoWTc`rnQ@P^YhnP-+VsR}I@Y
zM&%&u__N%Fl^4}zXMIPblWj0N<-Lpela!W|B^ZAiZQOP&W6Zi^WO-JKNfZZ&4;A>9
zwaIRu$kV(W8|t0(rVEg>0#fW<TiR$rWX(<d>}=gSbO(KE-Y8on5m)^6V+vGRAxF9D
zNkTUqL75W41{Jw=iyO+8GLETyZk=_@+I-hIIHuVIeO$L;7A=tcH97_Al^>SIXx)+j
z<WidaHEG(IBg-6@0rpiSzk`-~V7sU5Gd8G0w?wghBYiYelv*~<^b#X<yhtLqy{QV!
z)IB>#Ax0I%_H0=>>R{Fley`LpE)!vfR+wkFRqmQ*OVwt6cyeHcAlMl(R+Tea4^6&J
zxuMuoy!8x`o#~kz(=qg-8@3UNVRKD$Q6tK(4tzMyaB%_6`Y?VV%svn6PyZB08@=AQ
z{os+8Yl}L$v0F=}MF69x&~S&D!o6xo0wgRO7Q#40*O-u%lA@GT5lN4zIQ04IR4bh4
z;-^iu>loQs73G!^UOMVjseX0MfB8<x;diSy^BP`gqZh8p-;6<SvBmWM!_OLX;x3_G
z{;r++ZT}zme8r4fyo9lrEKL?-8(#aonF;xTAR2njJl<(KuG77sZPsPFYy+Efe3WnE
z<#hzmnn?bO7c8?guljyioS;1H()_$CKPATPU>Er3(Yr4T4^%`MM5CZ9Y;(x+3&4E$
zA82sU|Cv_gRaURUZ-D?H*{F+D-Ct2wP(iaj8bTmN*bb2OS0z1IwP+sSo+T`1!{z#O
zMx)!;7^2#;L0N(cRYj3D|EkWFVamj%lWLa*r(~5traUF^;OkE<51+|0Wn0Zg{)2up
z%}FEY4PSTGj1=o43kgwIGO@{-Ex0t(7fokQS+R@qI(8haY)}|FUn~Mjz|9R-8#q_^
zim<i`VrJEh8_F|03{`-ey*#LKs5<t$Uwf-0L>+pN<D1S#<)U3$*R}aprS`9q3i^pK
z2DKC8GthttA3Ht#)Z*|xFGlXyRj`t0$VCIskWr!}$tGBya#WuJs*`$Kz7~dcE~9QW
zj4WKS!S(?ugZnnuC6>>lXusl-KkB&fo?Lcht)ijFcC%og_GNR%QN=`LR?*TR7~vc4
zxVn06^HPg$mjvXMrh%D5!^$)Q<<<acQ-UPPGn_QDwvzpwF@#H&iM1pti;g?i(J&OG
z5_Ka%xtPE6nbX?+ITvDT1e6yr2ba+6&*Pcj)MY<@w81v<8XFlQ<XJ6bg}pY*1ZCQ)
zURY`~BPKe@H>6tBYv5E@*!M@=4v&Ryr#=jU)0UrnIA51y=D^d|-BAe2`|RvgI(~e)
zXIe%a-qQgEX(n3~pwSb~LXrUK^tJucD5l21zFKsMU}jY(W_W-5rJeCHwrE=%v(;42
zw5@mi!O7`c|LWE=vcH5v`c&3Pd&*{_t276;BJvRe)+rfR%st)v?f1tk46hwo@xBt+
z9akQ{7pYt~mUIi=`G|Ll&_w3JLg1k6VUuY(+FHe@zeIbzPZhaKTVg#d<+A5ghu8X(
z<xtGYsE?71v#3{7aSisgI!v(Y9Ce023(EJ(d}BYn6<EQAD!XJrMVnOEp$@Iozdde$
zc>LDsTU7bSlrX~}T>ImjdTv4njSdZkZqqw$ZyYq>rv`X0W<AX+LoJhFcnNm5ylCh=
z*v`#nXuTpnKujR3tw+8YOTx1eMm{6jYl0LJf#n|=rZu+*2J7+utSYr*1%9pi2f+E_
z@VXuF2?*U_Y`^+}v-cMzW@}vaod;w=nzJug!70Ia_e0Kr^>+urBuE)avMO-FM;h_>
z1~b*ROJCIN*1~L!-=@ptmLTMLmo!OX1+VLYGH}4DfY|W=Ef7Ba91xRt$!2Yn(#I9g
zROE`Y+1Pp&KAQ1TutX^w3=)VU#Ws4sf-awf+=*?oK|3MABsqPWmAj2G^`a!-h)`Nu
z&R}l7Dg%ME{Eh}%O@yfr{e8K|V$xZ-{xJw-`mD<--10L5MmzaPgj&J-0_1DR83(;n
z3jI6d8_zIh?Erb_NK#Houm4HrbAu0z=iNYVKuBuIT;Ye*o!~E3R;~M#$91eKqFuQ?
zz=kLG;SOnYT`y5Iw<NcoEH?36c74PKFSdx%i*rQemIt+fZtTtGe*l?!<q;Z^!~~U!
zYqc4f^GINX?>P4qU$f4VGI)SIM?N}`{Ykf>dYLNbRd4$=l(vjROFc-7+-|aXjNgFI
zQ?71I|ITA5*?L)j3vTntvt|_A_-8hrpQs;VI|ttrl5DQT1B{BnI=7L&$<m~`{}@O$
z5zk1-?~aj2oeTn2lBYYy#jMM;QWwEMK(|gKkhCXZHMFLfy5p<CDitV2a~g8{C1z+M
zTJQy8TN=tTWOxtOhpLDI1+<q@hFNEJ`JpmlDPQ)z1*ceap1EAqK=yZC&05d)=Ez1c
zQ55$cgPi+r(zl#hg*+qy^ZmPSl5uxd(C`#d>TPo7t)faEJHL>KX11Y(Y}BO(d?mS6
zHZ&@VJZ^^ay`=@LY^k^x{6`Pa`$}b;|0YzkaB^5{bJ_VKVp<W~#6%q^K%G$4XeW&o
zNVyiB>J-H}$PcNr{dIlK>8ng<Yan43U%Uh#)h&@&MX_`UEiOWD)==81OSp^r4h$$0
zgA-#~F^o~Hc6a2twnBeamhUjxypp<tX0yXCuEXG*3+dm4LbQypi74z3Dk>zUmM;>;
z7XADmabI2mdEwhx2+0S_f3w*`>4c8o&kafugQL^4yl`)O=h;n(`?ptZbn#GI6~@I}
za>w=+o7`ur-r3$K%k@`jdw#$<6+{*XF|Y(B=FZWy^qGnwAtyJbYwFbWDg(wi*-!)b
z2_E+{5Gt>yrvV*%<+0K(%vz$a_v$9CB_@`)4Z-N{jIS))@0XA|u(PehrYUq)ggHl2
z+et)m_;Y*nb4FIm6NqRT#zi%Gy@km&^O9M)sEWO}cwD7(o5=0gli`5COSSw*7_JGp
z^ivpByF6;o{6txBeoN?&3EE~dLmJvw+CxdTQ;7>y9vvvFh)Rrm%HC|!sn%Us9|XXH
zZs_?=5jXy3w>Vm8VmY^ZiTEnYY5zgRwv59{bp(Skg(#eTCU45vX!ig7V^LMDgq|3f
zXZ2uPYp2R^7jwbx*C)eP5sx}d&|5xbWS;l}*+*B16v5b<sJs71d*2n+)b@UhdXS?W
z?7|ULEEMS;5l|3f1EfYu=tZR_p(xTJL{UUVKtVui1VT#;p@kk|LqMd35(p(IQUZh`
z1PmeMuAJZak8z*wxZ}Rummk9yHSC?e_FCWft@+J4m*MkokT=EPOU<)P!8H75)D5fw
z66R1YWnKOZrXf40bR3(cw<n_p@(==+Gk<$>KY~OB0sDmfncqW)K@iY^48|IODStpP
z7s1c}OTc~U7Fzel`wzO5(1Y0M|3s7KmBHRWt3U^SudsmV*!qtPal#nHA^(A(e6X~i
zcvLtLY%;(i_<5*3Q4SG!H!H!(2o`uMO<|~`eF%F%Z!MghfX_G-l6M7s`hSR?f5j@O
z|NAZf3(^RN8T|Zj_*3jWZl<p;u1Wyx34|GE?FlwY9smAC=*8pz4&1*Z@qZ6Wfsg+m
z*Fwul`T5T^kga!+!Y<2r1Z=fe>yw9<*E(^b{jrgitdW)c3yXqZlL39wKAc(7#!}_?
zuPhe9HR^8##wKT`S#bGnS-YU!c{^@vOXU=kCGPkP?`X`P1f_7Q$9;S>Mn_E8y$5pO
z>Cp>;*U_6ACc_~M13;1_Yg9)jTc0a?g8-tHR5Ph|dH>^%9Eyah#nn4`1HOaUcH2_P
zS+lJad~U|(w5tQ<UZub+=O<PsEcB;k&&O>z3sMD;p<*p%xBE_}y|W_}&-|^g-{L*D
zmK~0R#qmGilarN&kA0MNkZQCLNjwSzJaJRG<VJAUCR4bEuN@S6-d8yyBElsFJj8pI
zC>QjVN7I;ZtL3-!jgkzMA$ZmPU(8DRxUap<4-IxKoEmnOMSpu!@clF;t@(~o4Uamx
z&$<3+9!W|QJ~2g*R1bK}Dlc*%mBsICTTG^%ji=o2(ql(NJjly)qx$X@O}uFr`nY<L
zo?oIq?cEW5@myv{5?0(y62bdo_G|5zVC=WlTR4;}(sP!rDSst4yEbA)CDh=cXCuiS
zc8@>)kE#Cl%`gv8b&S8dCqvCUZDA85XKa)j5#bkU`MmJmg}j3j`4!et^tFA$n5TV<
zT`8Vbf8Ldl!}lXPO26&_s-uLi^;gYzUV)yfgO)$e`0!T+Sy_DvRp)_JmQLW(k_8I#
z<GzO9O)W#s)=wGdl3%~Z%I7TPwcAp!MrZWn0D-?{^2a<jF70X+fBYmcU9oc3siwWJ
zap89bmt_O1mUTQY<@IYBBgL0ph8>a`H@^#^!Q#!ngfalcO&h=wlxgezbgfrDAsKxI
z;*u>SH1Yw^kXG3<nDgi_hm5GU`Dkn4>!cU8h~|IY!eX(-mf2q%w7u$gZ*YEzg#Urs
z>Nq1XDKR(qjOQ&Vr6?bN!{Yt6NPdIpuMib?enH`D%c()$?eO}z$O+pvX70c?@Gy8T
z6!MZlOej#Y9Wr>**uN;to*lb*4Y+Em;)Ld0yjvE?)n~C+vgsSlVKw#F&z>iAo~2Gv
zWE2#P_)?qCRQ`gmyPKfSkNaM{c(Fif-G<U6`Fq(*fX1K7&s!a9xyEi$a|;dH{@{b}
zXt@d5l|^i>EF7gt&6|@q5F7pzTkMIyF9p_y2cm3bx5pVJY5I<qTDW~d(uoiV6;1i)
zpq!$nra3<%pK%RN<7Z@1A(dc8bU2iU6SlTiLIgUS)3&PD)*2$%Z*R9g?7h8y_{j}w
z`qK4yyC{QC^g{<9eDgq_IB<MFoV!&n2~$@|9uhW78&gAeZS4S4j9%wg=Nob7P9D%l
zffDchTEyhaa*tZ_R`-{V;X?szTvm3LHSYS`dfnkG9a37~ZW8+u{qt{yGj!19fb)?%
z^Ty6Y^Te0-UaJo#j{rCdUL^Hh*b0f?y}$YM7sZ;IG~k(m1^o=XQ@Z8)hz$v0-Ckwt
zDW9Pef2$5NL3VK^%);31>kPy~v_81#tAwLExsN|zpImRlhbKY`(<0Vyj$Nu-EP?!?
z;({|tyC!2aX`DuVxp${~y}?sF9&hj$?*<U~c5~t+NXW$~-?8dzB%EzWx1r12uwfT)
z-Cz`TcK_-}2Cj_=gUKfRTf%xyyrVB4DSuJ>W%Q2s`M0JTPjIHXh(lLI*&8OP1!kSR
zdG<iviUgnScEj9!;0s~6FMqDG+E;%!7eAV;a^I%`5C;HXclqI5i3RETf#d_~C}j-|
zSkgiStLz({P3iNzSb!djn~;Z=IHgm+X3BR_#%dO77`i@&r=*qtdWGd=LLuENEjwNN
z9u#hSabTO@X-EHQ%b7y>9;s@d_JL#B=UHk&Gh>eG(>s})&2h%&<~D(*FREE1gqkrv
zppIteocxQ!7>BO*l<lXNM<gCS)}iQ#!#ZVU_sU=0vuC%m!vz!W%Zv=%Hfgb*VW2}F
z?{E~5YhJ%T6ysEfi)pthMq<)5biA*K56>E$tx}Mp&t6Fk0pi4PuWoq|!_`PA+Hw7s
z&u1=Pv<FhRzN+;5eWWg>=PzE=7oi-Q5Cj$%yi&$;UQ6?ky)y>x&kY;GX{4t*l2z@T
zxs7?4D2|z7LiWwbtI-Dz90b-LyW%(Rz1yIypClrLLjSmKppR^x4GLc*&@|+|b6H|l
zuQlmaPJ|6(&>>vU3LwqSeH*&39l2WT63X(`H_$IJU(v+%HpXB5MAf@J3c7OjYhn7Z
zSq&KAu(ElByQ+KM0ILVkxr-Ut>2E!(s@qo<6cMz*OG-En$=#nHW!;|O+>bRAL7n}1
zUshgzIBM}@fl^<ImutUw-&HZk8d?{{Jn6M&4EFwFS`ahfX%3pH(GMRpXtyQy=bmmk
z&*`F2SzOoqTLTA=)fWeh%7y=63M^#TkIgkD1H&H}t``Wf3(%)EezyCc_nwhB@)fPI
zVQ99sqK1M5N6%J!=Z8Qxt&;*T{(SDjV{macl=KWzgw2GUx%v8)_MQp(K3;PaoI8>m
z2imci1t$t(G<=wJ8F=6zw2%Z~tA?{8R!v+C|AA!<X4cGMXT=<g0WXQUrUT;8C(1Fx
zhRQGw!7H3ya*~dDV(3mUt=YKMIxWdt`5ibMb(EjEGwRZ+K|`0AB^U`<fs2(!7%pG%
z@2v7;4ePV%$JL6#ZzE`=A{&Be(>>jas7GT*FW8ybmfFOvW%t#Z#a2zv)AKvYu9l>Y
z4(l3yDe}d;Wl8?bqV-{jzedQ`sh~wJqTUzum#rt{bw<j0Ao?AakSKD9cSL{;HQQH7
z%&20%1sSGi0mW74Ip=?QK^tVqAz4q%1aG#9x9sI8&E${W61);%{@d3ey~iko9NN$n
zRMYMLxmX%T@z8;l(5$;Cs~LNa>86%`BU%-fu+>LbLo4NBr8cM(Jj^vaoZV5yfcXzz
zRT_9_#r4zeZ*-O?&C#vqw0y%ZJiO8Oh-kX+_{#YA&ZfBXEb9lc`=3_%(Ct9N7>0Dd
zg2cnztplt3$iQ^8uJ!_Q_33STwP%SY(FuF<(azTI^k?g_%M=igRh>D&%GM}JyBcMQ
zpX#E%V6-56-oX{;U4h?impoCEXood&L$^}(UhsK)RqT>9qYHpqcVmTC?r`M1iCYuT
zQeRZ$jI0I>6SYhNlk^^~{%fitT<S+%@FzL))`AG|2%FzQ>Uwn4KQgj0wbY3a46W|_
zF@#2RJ%R1c&=ZK!O&fkUhFVy8egkWg9x?uw#clCZ-#z82fgk;Qe}xz0;WvIRP^JSG
z4dQ(!5y4BMknWEL@YZ_IOs+4N3(J9b^)p3Gh=1=&Tx#*vx^sw;x250AJqg3L7u&m3
zV5e@Lj@|pJC^j}aZKpyg{3YmcgA`rs5{7(0*X2AOP{}E}m)|siBh9hrUc;H4vFHvl
zsw*XthT~Mi1}QJK*Tao+j@MOrPgx6hyvYN;wupsI{p#tTU1_$`Vv&YYshzYg2CBeS
z9ts>%Vt)dIK>K9*Rv%3ybx`_H<M|uFV4$mvf{fNe{De-NACI>s{a8%j_>ufU(WPnz
zEWCqiP-s8F*#y|;RQXogDLXWUXFF*6W-;$aVKlF`DYQ8(ubZN{oP9=A5CgG*`iAJp
ztCQ54MGC7p;L`8+8oVh4bcv3Kk6`ugy9oAY4c!bAx?eNZgNh26z&>J?x#Yjf6xmUQ
z>NuC8c)XaMSv>;^;l7#u7&z<WMcjI*3Mk*+9yr)L_D8}NM?&Db2#Hd6GMWC?-Qd4!
zb=;q*Oqv_bx)9{R*!o@B#Jy7t=0!0WG#ge%fA831gX=Tk=6yscR9G#W_>kw?`#$l>
z?BFx0kl%x3e~PDwN?(<03!>v=9o$!Q#!Z)2lCP=i`ZhgTz8GkRju@2c-QYLcrjsy5
zhV(ywz8SRZ$fn#lh(1m@e5JClz%2sIqZ6_+?vXpTrj*oxtV|VQw|-ApO^iBBY*IFw
z<&VYwT3zbSOYc2&9#tU&e{c4%m$fmF9SI^9@Y>9O=4Jrz_;?XPEo<6nT25eTqeq{Z
zW&AVk&s%PX?sk#Hf+=Z@_cZg<;R$3qR{RV?+eB0!wXT=#z!;NU`o7OmnkyfpH%@Gw
zJ%tN77<nowdH2%U?fV(qIT~gBIp9leg+Sn<IJ~`rXr#yafjo9Gc=O>L|Hs4?1odqW
z$Y%n9!XBt@iMW}RQ4-+Zlf3xxT0Kg%cN8Wj)OA>1TrX^;IHCwxsJv9N4I1zMuFP8)
z9K65_W<9npwB8jjsb_uoYl_8Iq#n+-sM-L<0YFQ#rKJ_S<;744p$mv=uZf6RtFBk2
zU~B;oMl(Cdic%wj01sMEBl%TMgyOB0iMOSj)cDa+fO%zGekw*Iu>11xgj9_uO2)+4
z__?pcOJE}r5D_uTzPJ_R_u}mCx^Q;&WH^Kd)2$Cqs!2=x=2?lb!ROh!%)lcedk1_Q
zE4Gb8{H7W?;W!UEVbT$l+UYCN$7}1Z9Iq4-I`mj@MnLD0`&%}X&nMYF-0Fak`&Ml~
z9!mZmn9DdDhNutFZ3s#l@=0xTx2!Y}b5DVhF>{JW0YUdHM(L!$rB(|^4sc=xrH3WZ
z8d)=eVR3n+{V|=WbM0J><wWLeKcP}ms~CT&jtncf6BZU8e(B~Y6nKKgnE0Ds8!L|>
zT3T88bGOCBRaTD8t|tjBgT1_pK$=iIf9WdEWkxncOY5-8(YLC{hLImg+BH6mlBK6l
ztF#7ljw>D=CvFi}$rE%h0E0VgSKETydz?#mKbL-fIT6A(#^fkES3GudcJ6P8kN^du
zz&sq3Hv_;#m;L=g4RE47GTD)=V<KJVp3;v<k?lVfqGg-j;VCSxl7~xC9NaL@4-e`q
zj&iQMpo0(Yn8mHwnW@;9Z+yudExRkmx%B|Nh_=qoPVr0Nm%tyOCx?p7>E*C^>i7z3
z6c{Oll-bDl68XtVW-hRI^eWk6H3ZM~4OMQ8XKSTsLH#CI+VIdZE=I5dJ{cx5s{KcO
zF-70rlw4U{6}<k*S4wH&fnhcvetUOr#w20IGHY;Q6FYzXT73=PNW*|iFIlA3l#w$E
z=B}I(f?n2?l#~>>@DT#>P*8|f7Oq|2e){@@*aJ^*SQZrx&(fqRR?H+>8D~Cr(x0?A
zU_vBwn>rcO5X{J!OLgCtCn$G~L+;csAiU|$CQeRH=NgZ!uc+MOZUGlm`wgCB@VvFD
z&pb)A(lek|mbF*e;d+!Xb#{~#;+i`9?q=x=PqUo2a$=xgbgu1AxwqMp0eN#kNKjn@
z(}S-8T=$mcYQ)(2Pt_l{Z2@Dyj_#(AgP50hC$7)@$SRl~xkQ%NR9)D^9g=D10pOTX
ziComn)<J)$*0ak@?I5X!CYL&iq27i=v$P54Xr)k}>BMsdhYlakF7*TZe_w`<&P4_P
zg-cAm$&i2m<B%MO#>fJfNZv8sQ9@eI!kA;k+OeBINW#sPKYlWM6&(xR3lm5EN5LyA
z?Jm1}3_t=&RgwLY8ot($PwY5W2G$1-R`75auxF%lL?r~3%rNb#1w`?uF<nI5t20~h
zih5OEyC{oVy;Mq7OJ0};WjOQGZP!AsE}(wb9}Uo-R&%kmw5$O6mXo+z`94p7_2bHD
z-}gE_$xDHu_3$HtYc~qV^|EN-D1*ZRzE>iRzGAuzIg!5#@hdBddfnao8MsBMMKG3M
zA~qf<;r}zYYD!rWc2!RW>^~AuH_YK-&FVHSE!)FuYFIaU=vcMChX=+aO*zLeVu)H0
zIR9C}$PyqK^QKy3AK#c3Hk9g5xR%|j$7E+^`Ow&WnM&u*-x$ep*5_x!wee{8ARzfs
zLJs`gMX&Y9EZov?1XQ_~fSZjYeV~&=C{bMaYrq~0hX#qSsl8@GtZI;OA~x{;GoqT1
zB#^YW7JCmbT{dExdycu}fLYT*<Q+`K0xzWAnR1HznfoZcdv>AMQxoxTF+_vJzYD>j
z!Rg;FW;EO?2R>o~sy91~rGi>+J3;D{DXxVDAN7AF#5b*JXsA=rR8@86x&U+gSoI@p
zs}pFw6jckSQdQM+>81eve4Yrco!&PY{%0~XN_<bNyR`pnN>Hh)&^X0oYJ_8KYHayv
zKx-h?*vPCuizC`!Gkrf@PhRO0BRRQJ-11EaQvy|0N#QkQz>qZL%+pt37yi9ErZa*)
zhlaKw%k4ap6ddP*fg>geg;m}|yHix0Ed{2*)6!&g%P;17TV6$h$yl&tGypmFm5w+V
zdS>}6BxfLcX4D{7JZ+M?*q^18?;WZ&s@0r3T?+yhUSU^GkqfagcWks_wmD}M_$IAJ
zrg^bD=ZNkcJDCzcmIHtso=mCP7Xqk<hEboMi6v56sXxl?S(uQdKr6doR8?m-U5%Ma
zGXn{tf<9uTMaWNX@}J4!HWRp*lQ-&_(=7<=-d4<)lHtl@KUtF{AOV1=mK_mp22l>n
zTD=^H3vcj(zO)$Yia#iNSBmfLXW!r%gyQ#4XXpgw;cRf;qM}bCIUTyR$=M$P(8<j6
z@4UECt6dYmapf_F*9Qx$Lc>Fg4N{ElacbI{a-(gh6ciLb(b(uQEw#;5*hBp|@1+KR
zIH&Q*>|kj;AqU#@+ZYhd_fCd7J6Dc<L2CI>@r#XV-;va+BT3Z4Kb)mY4oFF)6}+4o
zG0V68HQA8~KLU&x7EbLDN-P7Fhrmjo@fY`cr989@MINY0^yHH-gB0LLySnuGvy}f<
z=h(UJ)Xq+Gag&XednE^&gT|L$1r7t}q<2mW3+s`fMz02W1e|+d5<;tSH2g##9#UZM
zu`+u8$DyxfuJ#13IlaoK)B{gLFg{!Z8N-6Dn6k*M{|USvYMezoDK9aCg|`qt2MFVf
za~oa&wn^8s>8^PIEOCOCmU>L3DUJ>Gb@hrT|3S6hU32>Ksv>OV=Kx-9jjF~-?1LVZ
z`-&jB3=?(N`{lE;v-`?f$r-wnwk$}X%xDH;Xb9r$?5zIBL#@PxT1PHm`1E>Fh0h33
z!^^o>?X^2CWuMReF6m{iodjSF2t!uorh1KEpFg-7^Ai}$Uo)ht<%N$g?LVxNWaAYl
z7camyLG&{@mNR!+ZSP(%V9<n3v<-FQ!^caDPD6*D{yy+jh;Mu%V5QA(zL;nY7L^ed
zSamF*-q3ZUw7bD!2PB`=>brxO$|+o%)v<oCmDTWP7`2#Zy?*rQ(UU#L&(L&UT(5OL
zvC`b~s0zJ8AC4MrSBdloX|DvzK+~!(*a097APT&j30gXkhp(`^C%@907>&M$sj7-Z
zyj|1$wIM^$sjdJlQsG0ZRzS6Tc-*yhjqNm@uv;{-yO1ypuB8A<Inpg=1@gm<JM|5Z
zZX~%r+zw1@fvZSEN><i8fH&xl7LwNHhl$`64Fx$(8^eTSw6xO{+b+NCMegR0X~)ap
zD_5W@bU}3x#3_6QjxF%+CVh}f$;ilH-bh`@)<*o0MuV-X%Jb(50|Ft+!p9ipeiRUn
z*w_RFRLGfS=1#>+jr6Mc;cZK>RN3w9EqM&{b4f4I&i5raM*!m&8zV~s0ygQcIhTkO
zEtN0AdXIc=TOWy1Tb;ovsCx<wtOXwiR?w@okrT4AvTbc`MqO3N{M)YRqSGx2O6L?E
zz+R~;{tVf%AyoxtIj8AUfhwzVTX!Ms8hfdF-SJ>!Pp}tRm%F!B3#|w8Q&4z)b^_)S
zp$C#kn|!HMAE03kO4hEs(>abj4Xqot*RFx*!wD|^&p#HNmC5!&|B766s_On?5O;?L
zm<=FH^?G)e>qgbAC1dYV%m%;_J%<4A-U5<n3!Yk%;ZfBb1XF_Dyqp^?xyBBumy|37
z1u&bL=8C^lSD|<x)0-uj#U<AqQCqAt*<cF-R`&*q{ugi<FlG@)aT_0-P3V>U2Zel1
z^MfrfsF}PC&szMQgk9G!v3}0|x)o%tw6JoyYkfV~QWz3quKJ#G<f+r%L&l8rYQHc!
zHD2e^SC=FBR^_MQEA|r;2Lr*`JHWvVZ`MAQ@z1?RAT<hs=5_{gD{J@7J*sUgPLl!J
zZN1eAa;7=7rsMoy8=LuieLOP8R=MExmX!oif~<@TV%AklJfE!Re^ls}vih`eiDS{8
zBh?_oFqxVJpE!IJhk45k!>bVhCt%^^*OQRAw~O)YePCxgAf-lmOJf|vZV>3qfL7q(
zHl4rBK;t=aX(dtZ)#1zWA=VUgU-Dr7Flup8ot2Y>J_#Ys55frA!7#h)kLwu~{2dz<
z9A#=JI9Eu%D!}*d6K&8vC{7F4C7%35u^`LSas2lmz(A)K)Gr46cGv4$sW{bNC1hyS
zO}laZe%}OEM>r(L7GNbJsLf{E=XJqFdqqS<P+F12;;PQMI|=j>6fFm5PcW{hT(RjZ
zfmun5g*v*SGqK>m@K#-ERhpssDng;tY+LIlA2@rK<|;s@X!+=h_-HWms^LRUf?3~C
z3a@d@J{yMHAa}Q~)dD!SmLXSSl$juaQN-0;OZ=apPAT}Z>X-8=Js@VRUXN8puuW}w
z+8(pcv_I@Yw*wlqkSiJQFq41#^lBS-@v9d4%Vimz4X+32lVbDy`mw*y-sl((qDt)$
zVW#Nm_NLTXag8jA3(kFf@?HT91H=J&i-wUolM1RpCnveW`m?#Y1rMN@zQW%76?V!S
zh?$nXtB`R*lv+t}{OoN1qFKNHka@c;p}*F`72wtMz`MiIEvy{as5rDF{Lxf+VT<TG
z+59_%kj{7%bBZ9Xr0iA6LqYhlUdDItY+DE{ts0wSnJ(P=G)2HU<vJDS?*q<P{iVpg
zF)@a%9sMw=)Q*}CT^5z=0Z!k!>{)5ALmRc*uM3tJuyQofxvghoHDQ3tZj0%SL~U~Z
zG@_R6W!N?#ndQxQEYkGUkc@}d!nvfh{%QK`QpgG`5rX`Pt?F+qGXL96s!(v=hn%mr
zB8XqAot+svzInSj91n-s<~wzBiu8zeX=^=9BPbE&d#BgKSiZhPIhwdT^v4+A({g?_
z=pj_27IM>F#JMRzKdMQ%%4gw)@_H;5D?^H^Zcue<lu=*>zkkF)nIt4Ir|*4fZkgjj
zpTIe@RS{ooOYB^%zVKg{eq(L426=VnShXj>TSltc2bs};_3{GIoDl?!MM50*pHH?(
zt-Z%OEKwvGpVJMfn2QnhgOrm1zJ-P?5^P=P3kt=0#djqnJnNBQyhsw{h>^gM&skG9
zu=<91?{=Ftt~YcYy>P6sO(|hyWihfOf%t@^U=S;^aKcf-?f0(+>A<zkuzu9L)URnO
z1YjrLriky%X?Qz?Rx2Z%?)hFaP~$v#sR01Ha4?ifShp6a0QM8~u&7g6;bCDo>*dSC
z)eZMT?)RFIF*Gekq6Gklwb_wIsEA<Om<kVp?YUBJE;u))%I2L59_*G2>J$4L-B2sy
zssn;FXWYCS7?CAyigF72?@!_cA`FyB?;6>MnS{Gp`t2HIZ2p#JrpBFC!&x2z4Z=7a
zY_UPL+~9EDNNT4F9wvbGKYA$ngtRRK*kcJQvhwv0p%a<gUk#{a9C$LW`Ho)##DwJO
zXNB>;!vS>-pkqM=3K0K<vGt^!U`1va1-fR@a=FrlJ6GKKgn`-y-|H12<}LX)ZEmBd
z`C;slr#IlDSp>UEbAUazuPz&~=Vm%=H?}53rdX2&)7n9OKbh+6^*q^)h@PasJOp=O
z#F1Acr@bnyy@-C<K>!>sG{uwvJURYv_JnVzioH&q9l?e*NS>~a3qHJSiPoz2#GQF+
z3Ugs>{wCPFoBh6x-O`#lD41GcSJMXoQ4a^rGVlHI8^0=t6B+^UAS4ZB8jyzt%_oq9
zX!8mb>X}fP-yHFqPLYk#TK*Q<4sdC`g;Dg)<id`d{3tbDYKse?7u!%Q>`$j+ES8>~
zVKuzDXG{jn)vw%oxLs!6?xo<uPeS%D2@hL~q#Fe>7QWuZ(+>Hb_v6llyO%#v04;zX
zD#^G1YWyq>bw(r@oK)q!dskic^N^_tYM$Gj)ydXH*a-|Yb>Q9EbklG?OREnYM8dm>
z%mI!Cc(C;Yk|h95oB_|G@y^x|rf5@(bQa(q0FMM!O940rLh;l&;|hmKCNuZI!)Af)
z4k$HXsnhqi4z^@Eg9`breq|wI>|?V-WmNv2V;6BttvAx$Ef<ieeE6sE@I3fLgu@az
zlhIv($<u>bClj6O&Ic}C=5WN{S}fgIYE3aYP5B$w;}+G!#Y6(@k7OWQq9IY-K|j@{
zGb@4jZfFV1{l1Q6aep=W0bZZ^i}&QO0~*%@o(o(@hH_Ac!M1A;lr&&M&PfCEBTyEA
z_LHCi4Mb0ZHaXbwz>;^e&xe0Ln;`LT)BaIe#G$>2Ul_CkfYU&z5X5F2*pT_spS8Is
z6&b4P_TyrVQ_iRwfnsPX6ue#FLG;q_+`e6P0kEXk?H#P@kceksiPs@(rU4Ywwfry3
z@Yab$_Y;=&?(`c^KeZ$vKmIIv4!u#Po0^oAXXaRg@51{loKrLgR`RobO)4#-f~!7w
zcqs|_6s%@EH;xzhqYrK*2pPYo)>37h#YAnvu12P<zh56<XQm-@s{i@=4-6Tn!4eRh
z16A0WmES)X9kkg82OcDCKx*!CJV(){stiGUSGoqRw)FE?`=4hHbKmhFLD7TZ@_Zn9
p5!}7!zlx-P2jcAiC$ZHEdg7p#kBV}vn&4{~>6>3Ky?QJ9e*v$TVq5?K

literal 0
HcmV?d00001

diff --git a/ee/enable-client-certificate-authentication.md b/ee/enable-client-certificate-authentication.md
index 112f295a80..4466534554 100644
--- a/ee/enable-client-certificate-authentication.md
+++ b/ee/enable-client-certificate-authentication.md
@@ -6,11 +6,11 @@ keywords: PKI, Client Certificates, Passwordless Authentication, Docker Enterpri
 
 ## Overview
 
-In many organizations, authenticating to systems with a username and password combination is either restricted or outright prohibited. With Docker Enterprise 3.0, you can manage user authentication with your own public key infrastructure (PKI) using a pool of X.509 client certificates in lieu of usernames and passwords.
+In many organizations, authenticating to systems with a username and password combination is either restricted or outright prohibited. With Docker Enterprise 3.0, UCP's [CLI client certificate-based authentication](/ee/ucp/user-access/cli/) has been extended to the web user interface (web UI). DTR has also been enhanced to work with UCP's internally generated client bundles for client certificate-based authentication. If you have an external public key infrastructure (PKI) system, you can manage user authentication using a pool of X.509 client certificates in lieu of usernames and passwords.
 
 ## Benefits
 
-The following table outlines existing and added capabilities when using client certificates issued by an external certificate authority (CA) for authentication.
+The following table outlines existing and added capabilities when using client certificates — both internal to UCP and issued by an external certificate authority (CA) — for authentication.
 
 | Operation                       | Benefit                                                                                                                                                                                                                                                          |
 | ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -114,7 +114,7 @@ Note: The above configuration means that Docker Engine will use the same client
 
 ## Image signing
 
-DTR includes [two containers](/ee/dtr/architecture/#dtr-internal-components), `<dtr-notary-server-<replica_id>` and `<dtr-notary-signer-<replica_id>`, which provide the required components for using Docker Content Trust (DCT) out of the box. In some cases, you need to additionally set an environment variable, `DOCKER_CONTENT_TRUST`, to `1`.
+DTR provides the Notary service for using Docker Content Trust (DCT) out of the box.
 
 <table style="width:100%;">
 <colgroup>
@@ -168,17 +168,23 @@ API by passing a public certificate and private key pair instead of
 your DTR username and password/authentication token.
 
 ```bash
- curl --cert cert.pem --key key.pem  -X GET
-"https://<dtr-external-url>/api/v0/repositories?pageSize=10&count=false" -H "accept:
-application/json"
+curl --cert cert.pem --key key.pem  -X GET \
+"https://<dtr-external-url>/api/v0/repositories?pageSize=10&count=false" \
+-H "accept:application/json"
 ```
 
 In the above example, `cert.pem` contains the public certificate and `key.pem`
 contains the private key. For non-admin users, you can generate a client bundle from UCP or contact your administrator for your public and private key pair.
 
+For Mac-specific quirks, see [curl on certain macOS versions](#curl-on-certain-macos-versions).
+
 ## Notary CLI operations with DTR
 
-To use your PKI's TLS certificates to establish mutual trust between the Notary client and your trusted registry (DTR) using the Notary CLI, place your DTR's server CA and TLS client certificates in `<home_directory>/.docker/tls/<dtr-external-url>/` as `ca.crt`, `client.cert`, and `client.key`. Pass the FQDN or publicly accessible IP address of your registry along with the TLS client certificate options to the Notary client. To get started, see [Use the Notary client for advanced users](/notary/advanced_usage/).
+For establishing mutual trust between the Notary client and your trusted registry (DTR) using the Notary CLI, place your TLS client certificates in `<home_directory>/.docker/tls/<dtr-external-url>/` as `client.cert` and `client.key`. Note that the filenames must match. Pass the FQDN or publicly accessible IP address of your registry along with the TLS client certificate options to the Notary client. To get started, see [Use the Notary client for advanced users](/notary/advanced_usage/).
+
+> ### Self-signed DTR server certificate
+>
+> Also place `ca.crt` in `<home_directory>/.docker/tls/<dtr-external-url>/` when you're using a self-signed server certificate for DTR.
 
 ## Troubleshooting tips
 
@@ -215,7 +221,7 @@ If successfully configured, you should see `TLSClientCertificate` listed as the
 
 Avoid adding DTR to Docker Engine's list of insecure registries as a workaround. This has the side effect of disabling the use of TLS certificates.
 
-### x509 certificate errors
+### DTR server certificate errors
 
 #### Example Error
 
@@ -223,10 +229,20 @@ Avoid adding DTR to Docker Engine's list of insecure registries as a workaround.
 Error response from daemon: Get https://35.165.223.150/v2/: x509: certificate is valid for 172.17.0.1, not 35.165.223.150
 ```
 
-- On the web user interface, make sure to add the IP or the FQDN associated with your custom TLS certificate under **System > General > Domains & Proxies**.
+- On the web UI, make sure to add the IP address or the FQDN associated with your custom TLS certificate under **System > General > Domains & Proxies**.
 
 - From the command line interface, [reconfigure DTR](/reference/dtr/2.7/cli/reconfigure/) with the `--dtr-external-url` option and the associated PEM files for your certificate.
 
 ### Intermediate certificates
 
-For chain of trust which includes intermediate certificates, you may optionally add those certificates when installing or reconfiguring DTR with `--enable-client-cert-auth` and `--client-cert-auth-ca`.
+For chain of trust which includes intermediate certificates, you may optionally add those certificates when installing or reconfiguring DTR with `--enable-client-cert-auth` and `--client-cert-auth-ca`. You can do so by combining all of the certificates into a single PEM file.
+
+### curl on certain macOS versions
+
+Some versions of macOS include `curl` which only accepts `.p12` files and specifically requires a `./` prefix in front of the file name if running `curl` from the same directory as the `.p12` file:
+
+```
+curl --cert ./client.p12  -X GET \
+"https://<dtr-external-url>/api/v0/repositories?pageSize=10&count=false" \
+-H "accept:application/json"
+```
diff --git a/ee/ucp/admin/configure/use-your-own-tls-certificates.md b/ee/ucp/admin/configure/use-your-own-tls-certificates.md
index f33ef805aa..13e32cd636 100644
--- a/ee/ucp/admin/configure/use-your-own-tls-certificates.md
+++ b/ee/ucp/admin/configure/use-your-own-tls-certificates.md
@@ -45,6 +45,10 @@ certificates, in this order.
 * A `key.pem` file with TLS private key. Make sure it is not encrypted with a password.
 Encrypted keys should have `ENCRYPTED` in the first line.
 
+After replacing the TLS certificates, your users will not be able to authenticate
+with their old client certificate bundles. Ask your users to access the UCP
+web UI and [download new client certificate bundles](../../user-access/cli.md).
+
 As of UCP v3.2, the **Certificates** page includes a new text field,
 ***Client CA***, that allows you to paste or upload one or more custom root CA certificates which the UCP Controller will use to
 verify the authenticity of client certificates issued by your corporate or
@@ -52,9 +56,6 @@ trusted third-party CAs. Note that your custom root certificates will be appende
 
 Finally, click **Save** for the changes to take effect.
 
-After replacing the TLS certificates, your users will not be able to authenticate
-with their old client certificate bundles. Ask your users to access the UCP
-web UI and [get new client certificate bundles](../../user-access/cli.md).
 
 If you deployed Docker Trusted Registry, you'll also need to reconfigure it
 to trust the new UCP TLS certificates.