blob: e531d9431dfb35682984b570a5f5254f0fda5631 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
[Created by: generate-expired-target-notBefore.py]
Certificate chain with 1 intermediary, where the target is expired (violates
validity.notBefore). Verification is expected to fail.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediary
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e0:ba:cf:dc:e5:4a:42:65:18:58:f0:f8:21:32:
87:ad:b6:d8:ff:96:c7:54:50:9c:6c:ff:f8:ef:1a:
3a:46:57:8b:9f:8d:f3:ea:a3:f8:37:eb:57:73:bb:
cb:0e:bf:2f:b1:2e:7e:0f:10:d8:93:be:20:41:f0:
6d:5c:ce:52:20:10:13:37:c5:fb:88:1a:72:e2:f4:
0a:d2:14:43:21:ae:5f:7e:0f:3e:95:53:38:56:f3:
ab:b3:67:e0:b7:d9:f0:07:98:b0:50:7c:9c:05:9f:
a7:ef:ec:85:cd:e5:ab:22:a3:f1:55:b9:96:5b:c0:
50:7d:8f:1b:37:a8:cf:40:5d:1f:be:6d:48:bc:22:
e4:65:ea:15:79:1c:9f:e2:7d:58:25:01:15:ac:7b:
50:6f:53:4e:ed:14:d9:02:55:8d:84:35:34:bc:46:
11:b3:27:5e:27:47:79:8d:f2:df:d1:43:df:73:19:
e8:06:11:ee:55:87:4b:11:d8:6d:53:12:47:8d:87:
f7:6b:e3:d9:a1:aa:8d:8f:81:ad:dd:6f:52:ce:39:
97:28:83:63:39:3c:e4:f0:b1:93:4c:82:44:b6:2a:
7e:fe:c5:7b:9a:f3:01:35:9c:e0:de:d5:0d:ee:b1:
e9:04:f6:bf:74:94:83:56:bb:3d:57:01:56:f9:24:
2f:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:8F:E4:91:5B:59:E5:5A:12:DF:C4:31:8B:24:14:1F:CE:B1:8B:33
X509v3 Authority Key Identifier:
keyid:22:8D:DE:5E:4F:B1:54:9D:71:73:E9:6B:39:85:BB:08:D8:87:CA:D0
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediary.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediary.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
59:d5:11:a5:3a:be:47:f7:57:74:59:36:de:85:9f:e1:c4:17:
e9:03:98:69:f7:c8:f0:b2:49:f6:ff:96:0e:06:4d:e0:1e:4b:
b6:09:67:17:28:a6:3f:56:f5:8b:fe:03:0e:b1:76:a9:6d:7d:
07:22:03:ae:df:92:a9:0a:94:96:d9:86:8d:55:34:05:c6:3e:
bb:59:c3:a1:84:da:f8:76:4e:cd:42:09:be:d0:72:18:8f:07:
f3:8a:04:27:81:05:0a:1a:13:a7:ce:ee:c1:a5:43:b5:a1:64:
c5:78:84:4c:fd:02:d7:3b:33:b3:ff:13:32:c3:1f:15:55:92:
74:93:21:4c:c9:fd:a9:33:a1:a6:00:5a:ec:42:31:d2:98:58:
8e:f3:12:32:3b:3f:96:58:19:a3:6b:fc:40:68:45:80:60:85:
30:b3:50:d2:52:74:9c:7f:01:b9:8a:22:8f:60:18:c5:4f:04:
0c:10:7e:ff:da:d6:8f:93:f2:80:a0:b3:3e:61:82:8a:c2:a6:
a7:6e:e1:85:76:ef:d3:64:ac:41:37:df:9f:1b:51:ac:8b:c6:
42:e9:54:57:16:fc:ab:cc:79:b3:5e:6e:84:36:3a:67:fa:bd:
8d:c8:b6:1e:a5:c2:af:41:7b:8a:5a:72:5d:bb:87:c8:8d:1e:
51:06:44:ab
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgus/c
5UpCZRhY8PghMoetttj/lsdUUJxs//jvGjpGV4ufjfPqo/g361dzu8sOvy+xLn4P
ENiTviBB8G1czlIgEBM3xfuIGnLi9ArSFEMhrl9+Dz6VUzhW86uzZ+C32fAHmLBQ
fJwFn6fv7IXN5asio/FVuZZbwFB9jxs3qM9AXR++bUi8IuRl6hV5HJ/ifVglARWs
e1BvU07tFNkCVY2ENTS8RhGzJ14nR3mN8t/RQ99zGegGEe5Vh0sR2G1TEkeNh/dr
49mhqo2Pga3db1LOOZcog2M5POTwsZNMgkS2Kn7+xXua8wE1nODe1Q3usekE9r90
lINWuz1XAVb5JC/lAgMBAAGjgekwgeYwHQYDVR0OBBYEFMOP5JFbWeVaEt/EMYsk
FB/OsYszMB8GA1UdIwQYMBaAFCKN3l5PsVSdcXPpazmFuwjYh8rQMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAWdURpTq+R/dXdFk23oWf
4cQX6QOYaffI8LJJ9v+WDgZN4B5LtglnFyimP1b1i/4DDrF2qW19ByIDrt+SqQqU
ltmGjVU0BcY+u1nDoYTa+HZOzUIJvtByGI8H84oEJ4EFChoTp87uwaVDtaFkxXiE
TP0C1zszs/8TMsMfFVWSdJMhTMn9qTOhpgBa7EIx0phYjvMSMjs/llgZo2v8QGhF
gGCFMLNQ0lJ0nH8BuYoij2AYxU8EDBB+/9rWj5PygKCzPmGCisKmp27hhXbv02Ss
QTffnxtRrIvGQulUVxb8q8x5s15uhDY6Z/q9jci2HqXCr0F7ilpyXbuHyI0eUQZE
qw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediary
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a0:cf:ed:e6:2e:fe:fc:9c:7d:c5:b5:f9:ad:0c:
07:3b:61:9a:29:79:7d:0b:c2:a0:2b:64:10:ce:17:
64:a9:25:35:b4:17:0e:06:73:83:b2:4e:bb:d2:9d:
38:05:06:0d:61:24:87:ee:f8:eb:0a:87:f4:8c:2d:
cf:ec:c2:13:43:f6:a0:ad:bf:e3:94:56:a6:7e:30:
93:3d:65:64:62:88:a5:78:6a:dd:ca:54:3d:36:17:
2b:79:bb:f0:fd:fe:ba:94:99:c7:ce:61:4e:aa:c9:
f3:87:98:05:8a:b8:fe:e9:96:52:e3:c7:3e:e9:60:
e0:7c:94:75:a2:11:d7:11:d3:70:f1:8e:25:c1:20:
af:93:f5:8a:be:76:75:2f:d0:3f:82:8f:99:c7:44:
79:c3:f2:31:d7:24:30:cd:14:ba:b6:c4:a2:16:86:
9c:b7:bf:00:1c:f7:eb:a1:e2:fa:14:f3:08:00:06:
f5:b0:a7:79:05:84:ad:a1:4c:e7:f7:e6:14:68:2f:
67:67:aa:06:c7:31:f2:1f:d3:b7:c2:e8:e7:bc:0f:
1a:69:55:a0:75:8d:45:fa:1e:52:f4:ea:87:5c:0c:
ef:d6:e4:b4:bb:59:7c:34:eb:67:16:5e:06:56:05:
e3:0a:6f:f6:c8:88:e3:1f:a6:cf:ab:6a:93:cd:b8:
e8:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:8D:DE:5E:4F:B1:54:9D:71:73:E9:6B:39:85:BB:08:D8:87:CA:D0
X509v3 Authority Key Identifier:
keyid:85:85:73:C1:C8:A5:7B:1C:6D:25:84:2A:CE:2B:A3:E4:21:E4:AE:D0
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
32:34:d5:49:6d:d1:25:e9:5b:f5:a8:29:b0:9a:ae:56:da:c0:
56:b5:e1:76:a8:71:a6:af:c7:3d:a9:cd:d2:7e:56:b4:12:ad:
ae:61:94:02:bf:f2:0c:c3:64:1c:a2:70:41:3c:7c:30:3f:db:
c7:97:69:52:fc:39:63:a3:ed:27:f8:d1:e1:90:09:b5:8a:75:
dc:6b:db:4c:f6:b6:e3:57:84:f8:4d:f2:dd:d6:eb:63:ca:5f:
39:d1:c2:52:1a:44:dd:02:b9:7c:4a:46:69:25:52:e9:85:48:
a2:22:b4:a6:cc:a3:bb:00:e6:ea:67:e6:ed:40:15:5a:51:d7:
a1:a8:e3:58:91:ec:80:65:63:db:f0:85:62:b4:0c:29:b9:c2:
0a:f7:96:10:ed:c9:92:b4:71:53:d1:71:12:9c:04:f7:c9:44:
57:1f:fc:40:57:a9:e1:df:b8:39:17:d0:79:d9:ae:4c:4b:cb:
24:6e:25:01:8b:ad:37:cc:6f:b6:c2:58:ee:54:3f:78:71:45:
69:21:c2:15:7c:86:03:1d:64:22:53:d9:65:68:d2:10:d0:38:
be:bc:f2:49:11:a2:39:04:e5:36:79:bf:20:fe:10:03:1a:b5:
6c:12:c7:8a:06:dd:9d:bb:4d:f8:5b:b6:2d:3e:18:9b:26:b2:
6c:59:c3:15
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM/t5i7+
/Jx9xbX5rQwHO2GaKXl9C8KgK2QQzhdkqSU1tBcOBnODsk670p04BQYNYSSH7vjr
Cof0jC3P7MITQ/agrb/jlFamfjCTPWVkYoileGrdylQ9Nhcrebvw/f66lJnHzmFO
qsnzh5gFirj+6ZZS48c+6WDgfJR1ohHXEdNw8Y4lwSCvk/WKvnZ1L9A/go+Zx0R5
w/Ix1yQwzRS6tsSiFoact78AHPfroeL6FPMIAAb1sKd5BYStoUzn9+YUaC9nZ6oG
xzHyH9O3wujnvA8aaVWgdY1F+h5S9OqHXAzv1uS0u1l8NOtnFl4GVgXjCm/2yIjj
H6bPq2qTzbjoqwIDAQABo4HLMIHIMB0GA1UdDgQWBBQijd5eT7FUnXFz6Ws5hbsI
2IfK0DAfBgNVHSMEGDAWgBSFhXPByKV7HG0lhCrOK6PkIeSu0DA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
ADI01Ult0SXpW/WoKbCarlbawFa14Xaocaavxz2pzdJ+VrQSra5hlAK/8gzDZByi
cEE8fDA/28eXaVL8OWOj7Sf40eGQCbWKddxr20z2tuNXhPhN8t3W62PKXznRwlIa
RN0CuXxKRmklUumFSKIitKbMo7sA5upn5u1AFVpR16Go41iR7IBlY9vwhWK0DCm5
wgr3lhDtyZK0cVPRcRKcBPfJRFcf/EBXqeHfuDkX0HnZrkxLyyRuJQGLrTfMb7bC
WO5UP3hxRWkhwhV8hgMdZCJT2WVo0hDQOL688kkRojkE5TZ5vyD+EAMatWwSx4oG
3Z27Tfhbti0+GJsmsmxZwxU=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c1:48:07:e3:d2:dc:88:8f:f9:f5:ff:26:b3:cb:
73:09:cf:36:b9:28:23:c0:8c:90:51:61:a7:a1:f6:
73:c6:e2:41:b5:d3:ce:8f:38:99:84:3f:96:be:21:
df:15:74:e4:dc:1d:df:45:68:a1:bd:d8:75:ca:bc:
42:64:74:de:25:3b:a5:0a:0b:fb:d7:6a:63:e3:19:
48:a9:5b:33:07:e2:bc:02:d5:86:06:5d:3c:fc:75:
96:ea:eb:6d:41:ea:96:52:28:63:2c:a7:f2:13:e9:
a9:7f:e3:15:c1:94:31:59:c2:48:e8:b1:9c:ee:10:
57:64:ef:6d:35:66:c2:46:d0:af:5f:b8:60:d8:48:
47:ed:75:5d:ae:86:d4:85:ed:95:5d:0e:e7:ec:be:
85:14:22:03:3e:ed:62:b1:c3:05:b9:b8:2e:77:6a:
86:42:13:68:2c:33:86:f4:89:34:67:db:90:77:51:
0a:a1:23:b4:46:06:22:16:e5:fb:c1:85:ef:2d:60:
60:76:5a:1f:d7:c7:93:83:5c:b7:3b:76:d9:ba:01:
90:29:d3:ea:84:de:26:10:79:7f:05:2f:ab:80:6e:
18:80:bb:eb:26:d1:8c:5d:bd:79:4b:24:05:62:0f:
38:7c:87:fe:1d:6e:5c:16:a2:34:b4:7a:d3:bb:54:
24:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:85:73:C1:C8:A5:7B:1C:6D:25:84:2A:CE:2B:A3:E4:21:E4:AE:D0
X509v3 Authority Key Identifier:
keyid:85:85:73:C1:C8:A5:7B:1C:6D:25:84:2A:CE:2B:A3:E4:21:E4:AE:D0
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
37:89:65:ac:ae:76:77:0d:71:a3:1c:e3:bf:80:fe:87:f8:49:
d3:8b:7f:cf:2a:51:18:b1:f5:a3:6a:d0:e5:e1:7e:f9:83:ca:
11:2b:fc:e5:9e:cc:df:ee:a2:f9:ea:d2:19:32:fa:58:88:cd:
59:5c:d6:42:7f:75:2f:17:93:7d:90:8c:7a:60:3a:24:15:15:
62:82:97:c1:49:81:81:12:25:4a:b9:83:d7:39:dc:2b:da:39:
a9:58:6a:82:5c:7d:49:00:c2:cd:c2:dc:84:4a:23:df:9c:81:
a2:42:fc:4b:66:87:0b:63:12:d3:b8:59:9b:a6:5a:b0:5f:ff:
51:37:92:03:0c:bb:61:6c:1a:ed:2e:05:e6:d0:a7:2f:d8:7c:
5c:31:f2:84:f2:9b:05:bd:b5:35:35:a4:28:55:fa:23:32:33:
4f:6b:91:55:9e:0f:1e:c7:1e:9a:12:c3:97:8d:3c:f9:c8:51:
27:5b:19:a2:7a:c6:2a:0d:d4:b3:6e:b8:f0:8f:d3:c4:e4:26:
3a:64:93:70:65:5f:2d:f7:73:31:e7:95:e6:23:1f:f4:17:b9:
d4:ed:20:e2:4f:45:32:a3:e9:7d:6a:2e:02:76:40:8a:ac:64:
c0:b2:99:11:63:de:64:f4:1f:6d:65:4c:84:1e:59:4f:e1:07:
99:23:0e:d4
-----BEGIN TRUSTED_CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFIB+PS3IiP+fX/JrPL
cwnPNrkoI8CMkFFhp6H2c8biQbXTzo84mYQ/lr4h3xV05Nwd30Voob3Ydcq8QmR0
3iU7pQoL+9dqY+MZSKlbMwfivALVhgZdPPx1lurrbUHqllIoYyyn8hPpqX/jFcGU
MVnCSOixnO4QV2TvbTVmwkbQr1+4YNhIR+11Xa6G1IXtlV0O5+y+hRQiAz7tYrHD
Bbm4LndqhkITaCwzhvSJNGfbkHdRCqEjtEYGIhbl+8GF7y1gYHZaH9fHk4Nctzt2
2boBkCnT6oTeJhB5fwUvq4BuGIC76ybRjF29eUskBWIPOHyH/h1uXBaiNLR607tU
JNUCAwEAAaOByzCByDAdBgNVHQ4EFgQUhYVzwcilexxtJYQqziuj5CHkrtAwHwYD
VR0jBBgwFoAUhYVzwcilexxtJYQqziuj5CHkrtAwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA3iWWsrnZ3
DXGjHOO/gP6H+EnTi3/PKlEYsfWjatDl4X75g8oRK/zlnszf7qL56tIZMvpYiM1Z
XNZCf3UvF5N9kIx6YDokFRVigpfBSYGBEiVKuYPXOdwr2jmpWGqCXH1JAMLNwtyE
SiPfnIGiQvxLZocLYxLTuFmbplqwX/9RN5IDDLthbBrtLgXm0Kcv2HxcMfKE8psF
vbU1NaQoVfojMjNPa5FVng8exx6aEsOXjTz5yFEnWxmiesYqDdSzbrjwj9PE5CY6
ZJNwZV8t93Mx55XmIx/0F7nU7SDiT0Uyo+l9ai4CdkCKrGTAspkRY95k9B9tZUyE
HllP4QeZIw7U
-----END TRUSTED_CERTIFICATE-----
-----BEGIN TIME-----
MTQwMzAyMTIwMDAwWg==
-----END TIME-----
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----
|
