1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
|
This is a real-world certificate (in fact the same as cert_version3.pem)
$ openssl asn1parse -i < [TBS CERTIFICATE]
0:d=0 hl=4 l=1087 cons: SEQUENCE
4:d=1 hl=2 l= 3 cons: cont [ 0 ]
6:d=2 hl=2 l= 1 prim: INTEGER :02
9:d=1 hl=2 l= 7 prim: INTEGER :2B63A42A705076
18:d=1 hl=2 l= 13 cons: SEQUENCE
20:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
31:d=2 hl=2 l= 0 prim: NULL
33:d=1 hl=3 l= 202 cons: SEQUENCE
36:d=2 hl=2 l= 11 cons: SET
38:d=3 hl=2 l= 9 cons: SEQUENCE
40:d=4 hl=2 l= 3 prim: OBJECT :countryName
45:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
49:d=2 hl=2 l= 16 cons: SET
51:d=3 hl=2 l= 14 cons: SEQUENCE
53:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
58:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Arizona
67:d=2 hl=2 l= 19 cons: SET
69:d=3 hl=2 l= 17 cons: SEQUENCE
71:d=4 hl=2 l= 3 prim: OBJECT :localityName
76:d=4 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale
88:d=2 hl=2 l= 26 cons: SET
90:d=3 hl=2 l= 24 cons: SEQUENCE
92:d=4 hl=2 l= 3 prim: OBJECT :organizationName
97:d=4 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc.
116:d=2 hl=2 l= 51 cons: SET
118:d=3 hl=2 l= 49 cons: SEQUENCE
120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
125:d=4 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository
169:d=2 hl=2 l= 48 cons: SET
171:d=3 hl=2 l= 46 cons: SEQUENCE
173:d=4 hl=2 l= 3 prim: OBJECT :commonName
178:d=4 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority
219:d=2 hl=2 l= 17 cons: SET
221:d=3 hl=2 l= 15 cons: SEQUENCE
223:d=4 hl=2 l= 3 prim: OBJECT :serialNumber
228:d=4 hl=2 l= 8 prim: PRINTABLESTRING :07969287
238:d=1 hl=2 l= 30 cons: SEQUENCE
240:d=2 hl=2 l= 13 prim: UTCTIME :120419135324Z
255:d=2 hl=2 l= 13 prim: UTCTIME :130419135324Z
270:d=1 hl=2 l= 79 cons: SEQUENCE
272:d=2 hl=2 l= 20 cons: SET
274:d=3 hl=2 l= 18 cons: SEQUENCE
276:d=4 hl=2 l= 3 prim: OBJECT :organizationName
281:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net
294:d=2 hl=2 l= 33 cons: SET
296:d=3 hl=2 l= 31 cons: SEQUENCE
298:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
303:d=4 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated
329:d=2 hl=2 l= 20 cons: SET
331:d=3 hl=2 l= 18 cons: SEQUENCE
333:d=4 hl=2 l= 3 prim: OBJECT :commonName
338:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net
351:d=1 hl=4 l= 290 cons: SEQUENCE
355:d=2 hl=2 l= 13 cons: SEQUENCE
357:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
368:d=3 hl=2 l= 0 prim: NULL
370:d=2 hl=4 l= 271 prim: BIT STRING
645:d=1 hl=4 l= 442 cons: cont [ 3 ]
649:d=2 hl=4 l= 438 cons: SEQUENCE
653:d=3 hl=2 l= 15 cons: SEQUENCE
655:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
660:d=4 hl=2 l= 1 prim: BOOLEAN :255
663:d=4 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100
670:d=3 hl=2 l= 29 cons: SEQUENCE
672:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
677:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302
701:d=3 hl=2 l= 14 cons: SEQUENCE
703:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
708:d=4 hl=2 l= 1 prim: BOOLEAN :255
711:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
717:d=3 hl=2 l= 51 cons: SEQUENCE
719:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
724:d=4 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C
770:d=3 hl=2 l= 83 cons: SEQUENCE
772:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
777:d=4 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F
855:d=3 hl=3 l= 128 cons: SEQUENCE
858:d=4 hl=2 l= 8 prim: OBJECT :Authority Information Access
868:d=4 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274
986:d=3 hl=2 l= 31 cons: SEQUENCE
988:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
993:d=4 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7
1019:d=3 hl=2 l= 39 cons: SEQUENCE
1021:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
1026:d=4 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574
1060:d=3 hl=2 l= 29 cons: SEQUENCE
1062:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
1067:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017
-----BEGIN TBS CERTIFICATE-----
MIIEP6ADAgECAgcrY6QqcFB2MA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEQMA4GA1U
ECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIE
luYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9ye
TEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYD
VQQFEwgwNzk2OTI4NzAeFw0xMjA0MTkxMzUzMjRaFw0xMzA0MTkxMzUzMjRaME8xFDASBgNVBAo
TC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBA
MTC2t0aHVsaHUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNL
J7RCgAYmH4vG87FFPFm5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1b
bP3Z4+Ra3ENv7cpwQbQjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7
ss/zwTVspYnxvU7oDcqOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvr
LAYt/etAxrmHcMUVJbW+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4S
rPYLxXytqrU1yLi32xgWwHu1A7fIQIDAQABo4IBujCCAbYwDwYDVR0TAQH/BAUwAwEBADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDMGA1UdHwQsMCowKKA
moCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RzMS02OC5jcmwwUwYDVR0gBEwwSjBIBgtghk
gBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL
3JlcG9zaXRvcnkvMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv
ZGFkZHkuY29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9
yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axhMpNsRdbi7oVfmr
rndplozOcwJwYDVR0RBCAwHoILa3RodWxodS5uZXSCD3d3dy5rdGh1bGh1Lm5ldDAdBgNVHQ4EF
gQUox4asank9VC8PgXhdM8B0J414Bc=
-----END TBS CERTIFICATE-----
-----BEGIN SERIAL NUMBER-----
K2OkKnBQdg==
-----END SERIAL NUMBER-----
$ openssl asn1parse -i < [SIGNATURE ALGORITHM]
0:d=0 hl=2 l= 13 cons: SEQUENCE
2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
13:d=1 hl=2 l= 0 prim: NULL
-----BEGIN SIGNATURE ALGORITHM-----
MA0GCSqGSIb3DQEBBQUA
-----END SIGNATURE ALGORITHM-----
$ openssl asn1parse -i < [ISSUER]
0:d=0 hl=3 l= 202 cons: SEQUENCE
3:d=1 hl=2 l= 11 cons: SET
5:d=2 hl=2 l= 9 cons: SEQUENCE
7:d=3 hl=2 l= 3 prim: OBJECT :countryName
12:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US
16:d=1 hl=2 l= 16 cons: SET
18:d=2 hl=2 l= 14 cons: SEQUENCE
20:d=3 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
25:d=3 hl=2 l= 7 prim: PRINTABLESTRING :Arizona
34:d=1 hl=2 l= 19 cons: SET
36:d=2 hl=2 l= 17 cons: SEQUENCE
38:d=3 hl=2 l= 3 prim: OBJECT :localityName
43:d=3 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale
55:d=1 hl=2 l= 26 cons: SET
57:d=2 hl=2 l= 24 cons: SEQUENCE
59:d=3 hl=2 l= 3 prim: OBJECT :organizationName
64:d=3 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc.
83:d=1 hl=2 l= 51 cons: SET
85:d=2 hl=2 l= 49 cons: SEQUENCE
87:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName
92:d=3 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository
136:d=1 hl=2 l= 48 cons: SET
138:d=2 hl=2 l= 46 cons: SEQUENCE
140:d=3 hl=2 l= 3 prim: OBJECT :commonName
145:d=3 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority
186:d=1 hl=2 l= 17 cons: SET
188:d=2 hl=2 l= 15 cons: SEQUENCE
190:d=3 hl=2 l= 3 prim: OBJECT :serialNumber
195:d=3 hl=2 l= 8 prim: PRINTABLESTRING :07969287
-----BEGIN ISSUER-----
MIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTE
aMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZX
MuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZ
mljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4Nw==
-----END ISSUER-----
VALIDITY NOTBEFORE: year=2012, month=4, day=19, hours=13, minutes=53, seconds=24
-----BEGIN VALIDITY NOTBEFORE-----
eWVhcj0yMDEyLCBtb250aD00LCBkYXk9MTksIGhvdXJzPTEzLCBtaW51dGVzPTUzLCBzZWNvbmR
zPTI0
-----END VALIDITY NOTBEFORE-----
VALIDITY NOTAFTER: year=2013, month=4, day=19, hours=13, minutes=53, seconds=24
-----BEGIN VALIDITY NOTAFTER-----
eWVhcj0yMDEzLCBtb250aD00LCBkYXk9MTksIGhvdXJzPTEzLCBtaW51dGVzPTUzLCBzZWNvbmR
zPTI0
-----END VALIDITY NOTAFTER-----
$ openssl asn1parse -i < [SUBJECT]
0:d=0 hl=2 l= 79 cons: SEQUENCE
2:d=1 hl=2 l= 20 cons: SET
4:d=2 hl=2 l= 18 cons: SEQUENCE
6:d=3 hl=2 l= 3 prim: OBJECT :organizationName
11:d=3 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net
24:d=1 hl=2 l= 33 cons: SET
26:d=2 hl=2 l= 31 cons: SEQUENCE
28:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName
33:d=3 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated
59:d=1 hl=2 l= 20 cons: SET
61:d=2 hl=2 l= 18 cons: SEQUENCE
63:d=3 hl=2 l= 3 prim: OBJECT :commonName
68:d=3 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net
-----BEGIN SUBJECT-----
ME8xFDASBgNVBAoTC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF
0ZWQxFDASBgNVBAMTC2t0aHVsaHUubmV0
-----END SUBJECT-----
$ openssl asn1parse -i < [SPKI]
0:d=0 hl=4 l= 290 cons: SEQUENCE
4:d=1 hl=2 l= 13 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
17:d=2 hl=2 l= 0 prim: NULL
19:d=1 hl=4 l= 271 prim: BIT STRING
-----BEGIN SPKI-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNLJ7RCgAYmH4vG87FFPF
m5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1bbP3Z4+Ra3ENv7cpwQb
QjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7ss/zwTVspYnxvU7oDc
qOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvrLAYt/etAxrmHcMUVJb
W+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4SrPYLxXytqrU1yLi32x
gWwHu1A7fIQIDAQAB
-----END SPKI-----
$ openssl asn1parse -i < [EXTENSIONS]
0:d=0 hl=4 l= 438 cons: SEQUENCE
4:d=1 hl=2 l= 15 cons: SEQUENCE
6:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
11:d=2 hl=2 l= 1 prim: BOOLEAN :255
14:d=2 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100
21:d=1 hl=2 l= 29 cons: SEQUENCE
23:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
28:d=2 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302
52:d=1 hl=2 l= 14 cons: SEQUENCE
54:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
59:d=2 hl=2 l= 1 prim: BOOLEAN :255
62:d=2 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
68:d=1 hl=2 l= 51 cons: SEQUENCE
70:d=2 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
75:d=2 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C
121:d=1 hl=2 l= 83 cons: SEQUENCE
123:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
128:d=2 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F
206:d=1 hl=3 l= 128 cons: SEQUENCE
209:d=2 hl=2 l= 8 prim: OBJECT :Authority Information Access
219:d=2 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274
337:d=1 hl=2 l= 31 cons: SEQUENCE
339:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
344:d=2 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7
370:d=1 hl=2 l= 39 cons: SEQUENCE
372:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
377:d=2 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574
411:d=1 hl=2 l= 29 cons: SEQUENCE
413:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
418:d=2 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017
-----BEGIN EXTENSIONS-----
MIIBtjAPBgNVHRMBAf8EBTADAQEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgN
VHQ8BAf8EBAMCBaAwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZH
MxLTY4LmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6L
y9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wgYAGCCsGAQUFBwEBBHQwcjAk
BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEoGCCsGAQUFBzAChj5odHRwOi8
vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RfaW50ZXJtZWRpYXRlLmNydD
AfBgNVHSMEGDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zAnBgNVHREEIDAeggtrdGh1bGh1Lm5ld
IIPd3d3Lmt0aHVsaHUubmV0MB0GA1UdDgQWBBSjHhqxqeT1ULw+BeF0zwHQnjXgFw==
-----END EXTENSIONS-----
|
