blob: 3ff36828983ceb27efc71043b0d9dd972b218e1a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
|
[Created by: generate-intermediary-basic-constraints-not-critical.py]
Certificate chain with 1 intermediary and a trusted root. The intermediary
has a basic constraints extension but does not mark it as critical.
Verification is expected to succeed, since although not critical, the
basicConstraints indicates CA=true as expected.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediary
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d2:25:d5:a0:7a:94:e6:21:0b:8b:e5:68:21:06:
c4:a7:fe:fd:de:97:31:a6:80:a2:3d:be:f0:03:c2:
de:d5:a1:a6:3f:6e:19:3b:fe:f4:66:8f:8f:c8:d3:
e4:7f:73:fc:e7:1c:2f:b4:9f:5e:bf:25:71:2d:d0:
65:60:76:0d:a6:be:af:1a:1f:3c:00:bf:cd:8e:de:
04:6f:6c:8d:25:c5:7a:64:71:31:d7:4a:e9:bd:5f:
fa:e6:b8:e8:55:a2:c7:2b:b4:7d:4e:e3:bc:23:c9:
0f:79:29:86:dd:4d:b3:dd:12:c5:1a:d3:fc:4a:31:
54:47:7b:62:20:f5:bb:7c:47:6d:7f:67:d5:69:4b:
f8:99:4f:dd:13:56:a4:9d:0a:fc:d0:da:b5:bd:e0:
0c:c8:50:d6:e1:73:d8:59:37:95:99:70:31:3d:46:
44:d5:68:7b:45:4b:9e:4a:fd:25:33:05:7c:24:05:
0f:6c:00:4b:3e:0c:cf:56:e8:88:ef:67:bc:bd:66:
b4:7c:bc:db:c6:4e:8b:44:0b:65:8f:c6:a9:57:d7:
b0:8e:88:19:fc:d6:b7:02:b9:50:a0:e2:06:61:1d:
d1:03:7a:ce:75:09:d2:64:d5:c6:61:3b:f1:28:5b:
4b:de:08:2f:b9:96:55:d9:4c:8c:48:d0:c6:2b:ee:
59:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:45:14:0B:10:A3:AC:77:3B:19:DE:FB:66:FE:CF:E3:9A:F4:57:1A
X509v3 Authority Key Identifier:
keyid:73:DC:40:FE:F8:8F:F4:BD:DE:B0:63:30:AF:05:0B:6C:4E:99:54:7F
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediary.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediary.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
41:3c:ca:d6:88:67:86:f8:dc:35:ab:37:d0:40:96:7b:4e:70:
2a:6b:cc:15:31:fd:06:87:ac:81:6d:89:ce:66:b2:26:73:bc:
71:3e:af:be:b2:ba:d5:bc:a5:b7:64:0c:7d:31:9b:0c:e1:0c:
73:14:0c:e0:fe:95:d3:ca:1d:d1:51:8a:fb:b1:e1:8d:68:58:
30:51:a6:2f:86:57:61:a6:20:7c:1f:0c:7f:14:c7:fe:fa:88:
14:7b:d9:41:5c:20:da:16:3c:ce:77:b8:ee:7c:33:d8:cf:2e:
6e:e3:43:01:00:0a:c0:1c:a0:eb:6b:36:a0:d6:bd:6e:91:a9:
e1:8d:8d:b2:4e:12:d3:fa:56:84:be:eb:65:d8:9d:e2:c7:d4:
36:a2:7e:b8:b2:d4:5c:2f:c2:47:1e:ca:7a:fd:b4:30:3a:59:
19:8d:ca:7e:44:65:86:97:2d:f4:65:3b:f0:12:4b:d0:74:48:
f9:dd:d3:d3:89:97:83:c6:4c:bb:da:e7:ce:e7:5e:93:f3:51:
4c:22:95:31:59:a9:3d:82:ec:8d:4c:8e:44:42:5f:13:d0:56:
c2:35:e1:07:11:6d:23:92:3c:de:b1:3e:1c:4e:0e:e3:c6:06:
09:e1:dc:b8:4c:89:82:35:3c:51:60:1f:06:65:11:39:8b:b4:
20:04:f0:90
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSJdWg
epTmIQuL5WghBsSn/v3elzGmgKI9vvADwt7VoaY/bhk7/vRmj4/I0+R/c/znHC+0
n16/JXEt0GVgdg2mvq8aHzwAv82O3gRvbI0lxXpkcTHXSum9X/rmuOhVoscrtH1O
47wjyQ95KYbdTbPdEsUa0/xKMVRHe2Ig9bt8R21/Z9VpS/iZT90TVqSdCvzQ2rW9
4AzIUNbhc9hZN5WZcDE9RkTVaHtFS55K/SUzBXwkBQ9sAEs+DM9W6IjvZ7y9ZrR8
vNvGTotEC2WPxqlX17COiBn81rcCuVCg4gZhHdEDes51CdJk1cZhO/EoW0veCC+5
llXZTIxI0MYr7lkzAgMBAAGjgekwgeYwHQYDVR0OBBYEFPlFFAsQo6x3Oxne+2b+
z+Oa9FcaMB8GA1UdIwQYMBaAFHPcQP74j/S93rBjMK8FC2xOmVR/MD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAQTzK1ohnhvjcNas30ECW
e05wKmvMFTH9BoesgW2JzmayJnO8cT6vvrK61bylt2QMfTGbDOEMcxQM4P6V08od
0VGK+7HhjWhYMFGmL4ZXYaYgfB8MfxTH/vqIFHvZQVwg2hY8zne47nwz2M8ubuND
AQAKwByg62s2oNa9bpGp4Y2Nsk4S0/pWhL7rZdid4sfUNqJ+uLLUXC/CRx7Kev20
MDpZGY3KfkRlhpct9GU78BJL0HRI+d3T04mXg8ZMu9rnzudek/NRTCKVMVmpPYLs
jUyOREJfE9BWwjXhBxFtI5I83rE+HE4O48YGCeHcuEyJgjU8UWAfBmUROYu0IATw
kA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediary
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d5:4a:96:98:34:e1:a8:92:88:9a:0c:d0:b7:e3:
a0:dc:71:4b:32:cd:59:a1:b9:9c:d5:e5:30:1b:ad:
7e:41:7f:e7:39:81:25:d1:e7:66:c2:5f:79:80:ea:
ff:6b:ef:b9:95:9e:8b:a0:0c:6a:b6:c8:4b:50:2c:
7d:f1:ad:46:ed:9a:7c:7d:6a:65:70:de:c2:45:7e:
1b:28:af:dc:eb:3d:bb:4c:98:a9:8c:b3:a3:35:a1:
2b:cd:bb:8e:2a:2b:74:6d:0c:91:72:36:c2:2f:0e:
46:2a:77:34:ab:98:f8:28:c9:02:42:78:2f:b2:e0:
9a:0d:ae:03:94:c0:31:79:1e:72:ce:8b:7c:21:c8:
d5:1c:9b:94:04:29:ce:1c:5f:22:e3:f0:20:62:2b:
7d:7d:c2:fa:29:5c:8b:2a:dd:0f:08:31:49:58:7d:
85:76:21:b4:46:0e:d8:26:dc:26:f9:0a:9b:58:a2:
b8:29:b4:df:c0:4e:10:56:28:96:02:54:7c:e9:a3:
3f:84:12:6a:89:ed:f0:0d:a0:03:54:0c:b2:33:6d:
1b:a7:84:f2:a0:b0:57:5e:4b:c1:2f:6d:e9:22:52:
50:b1:3b:a7:7d:ee:a7:dc:6e:6a:bd:b6:a6:ea:66:
f8:1f:30:60:18:d8:5b:a6:dd:9d:9b:d3:4e:2b:0a:
c4:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:DC:40:FE:F8:8F:F4:BD:DE:B0:63:30:AF:05:0B:6C:4E:99:54:7F
X509v3 Authority Key Identifier:
keyid:6C:05:B0:A0:A8:03:A4:A1:90:D1:A5:74:D2:13:D9:2E:57:83:36:73
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
81:08:b8:48:94:05:02:aa:61:ea:32:48:55:02:31:f6:e0:5d:
05:6f:32:9b:6a:a0:3b:6f:0e:1d:2a:01:1a:14:20:a2:1e:23:
b4:70:61:86:55:b5:4c:5b:61:3f:dd:1e:38:a4:98:3f:bd:61:
e4:1e:56:54:ed:0e:51:65:6c:73:af:99:86:fc:a7:50:48:87:
95:6f:5a:93:0d:c9:7a:ff:fb:39:d1:f4:40:2c:fe:1f:28:aa:
85:cf:12:bd:7b:df:2b:12:56:4a:91:4e:e4:80:00:52:4c:bb:
b2:e6:05:27:47:e2:3f:bb:a4:d7:cc:92:c2:27:02:10:50:10:
0c:f8:ee:4c:93:90:89:8d:db:8a:f9:05:f1:ec:d7:cf:67:20:
a4:da:90:e0:38:34:fd:79:9b:6b:04:a8:bd:6f:e8:82:4a:d9:
37:49:b3:10:50:e6:c5:56:d9:ac:9b:e8:97:52:41:a1:66:be:
cb:64:1d:12:0d:86:8b:34:42:26:9a:ad:c3:8a:14:ff:35:0d:
82:8f:96:e0:af:b7:e7:20:30:3e:b3:fe:57:4a:80:5e:53:8b:
ec:15:ca:a8:db:b7:c6:87:b7:ab:81:8b:42:23:4a:74:9c:9e:
59:b8:3c:8d:0e:d2:f3:9d:79:45:9a:0e:fd:8c:6b:9e:b5:c8:
e7:03:64:79
-----BEGIN CERTIFICATE-----
MIIDajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UqWmDTh
qJKImgzQt+Og3HFLMs1Zobmc1eUwG61+QX/nOYEl0edmwl95gOr/a++5lZ6LoAxq
tshLUCx98a1G7Zp8fWplcN7CRX4bKK/c6z27TJipjLOjNaErzbuOKit0bQyRcjbC
Lw5GKnc0q5j4KMkCQngvsuCaDa4DlMAxeR5yzot8IcjVHJuUBCnOHF8i4/AgYit9
fcL6KVyLKt0PCDFJWH2FdiG0Rg7YJtwm+QqbWKK4KbTfwE4QViiWAlR86aM/hBJq
ie3wDaADVAyyM20bp4TyoLBXXkvBL23pIlJQsTunfe6n3G5qvbam6mb4HzBgGNhb
pt2dm9NOKwrECwIDAQABo4HIMIHFMB0GA1UdDgQWBBRz3ED++I/0vd6wYzCvBQts
TplUfzAfBgNVHSMEGDAWgBRsBbCgqAOkoZDRpXTSE9kuV4M2czA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIEI
uEiUBQKqYeoySFUCMfbgXQVvMptqoDtvDh0qARoUIKIeI7RwYYZVtUxbYT/dHjik
mD+9YeQeVlTtDlFlbHOvmYb8p1BIh5VvWpMNyXr/+znR9EAs/h8oqoXPEr173ysS
VkqRTuSAAFJMu7LmBSdH4j+7pNfMksInAhBQEAz47kyTkImN24r5BfHs189nIKTa
kOA4NP15m2sEqL1v6IJK2TdJsxBQ5sVW2ayb6JdSQaFmvstkHRINhos0QiaarcOK
FP81DYKPluCvt+cgMD6z/ldKgF5Ti+wVyqjbt8aHt6uBi0IjSnScnlm4PI0O0vOd
eUWaDv2Ma561yOcDZHk=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:f1:d2:f8:c9:10:d5:cf:0c:55:ce:8c:38:a2:
8f:f5:f1:cf:20:85:56:92:df:42:8c:5c:1a:db:8e:
1d:2e:b4:b3:95:72:e4:67:76:7c:c5:61:62:2b:cf:
97:f7:84:29:80:ff:df:e8:e7:da:f6:05:11:1d:40:
1e:73:76:ff:e4:eb:fa:45:59:20:d9:35:cb:c7:4f:
2b:49:2a:61:7c:45:a1:fe:da:8c:89:05:38:84:ab:
cb:0b:c9:36:3b:e5:3e:31:5e:0b:a6:27:63:b1:c2:
34:88:3a:e5:e3:43:93:0b:46:69:03:dd:31:16:65:
18:6e:64:4c:84:e4:a1:37:6b:15:ef:f3:8f:57:e8:
57:f6:a8:86:62:9b:92:d0:67:d3:ed:0f:89:d3:4e:
09:aa:e8:74:ab:ce:4b:51:63:52:55:f1:24:9d:42:
70:cb:14:0f:e3:b4:7f:ba:6a:3c:87:27:eb:3b:82:
64:99:6a:f9:be:20:5a:9e:b9:8a:8b:ab:94:ed:f3:
33:eb:ea:42:5c:7e:20:df:f4:9d:82:8f:ac:8e:52:
99:06:db:d0:9f:01:38:e7:b9:0c:d2:b4:ca:7f:74:
03:e2:f7:0b:0e:a9:40:14:6c:7f:1b:15:00:77:0a:
98:76:ee:bd:62:24:f6:a7:8b:d4:7e:4b:8d:c9:eb:
04:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:05:B0:A0:A8:03:A4:A1:90:D1:A5:74:D2:13:D9:2E:57:83:36:73
X509v3 Authority Key Identifier:
keyid:6C:05:B0:A0:A8:03:A4:A1:90:D1:A5:74:D2:13:D9:2E:57:83:36:73
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
52:82:fe:3f:2b:71:41:fd:4c:9b:db:c5:b1:60:72:a7:cf:f4:
29:91:36:0f:ce:92:72:95:3e:34:ab:84:0c:af:23:e8:e1:28:
35:29:c9:c8:78:9a:12:d7:f1:22:1c:21:e1:b0:b4:df:af:36:
c4:ca:71:2a:6e:6f:4a:d5:65:58:31:7a:c2:d1:30:66:e0:0a:
61:54:e0:61:97:7b:41:72:58:d9:02:da:22:8b:21:e6:d5:31:
4c:d2:3c:11:d8:0d:12:f0:dc:eb:e0:1d:16:3a:74:de:9c:b4:
b2:bb:69:ed:e1:53:14:9e:1c:06:3f:ff:e7:2f:8a:d1:f6:37:
89:76:b2:61:60:5f:48:ce:a3:8f:e0:b5:6f:92:18:21:e4:a8:
1f:12:70:86:54:2a:da:78:3d:5d:3c:13:b8:b4:7f:a5:81:f0:
55:cf:ea:56:b4:0a:8a:ca:2b:ca:be:08:9e:a6:4c:12:99:5f:
23:93:08:58:70:8f:c8:fb:88:11:fe:d6:16:c7:a3:3b:1f:6b:
78:b0:05:29:9f:7d:4c:01:ba:ed:8a:5f:a8:38:e9:a4:c2:44:
ce:e8:37:1d:d8:1f:16:e4:ef:84:bb:1f:4b:3a:b0:9a:00:57:
aa:ba:52:1c:f4:da:f7:69:5d:ef:8d:35:ef:5c:03:fa:8d:87:
fc:92:60:28
-----BEGIN TRUSTED_CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbx0vjJENXPDFXOjDii
j/XxzyCFVpLfQoxcGtuOHS60s5Vy5Gd2fMVhYivPl/eEKYD/3+jn2vYFER1AHnN2
/+Tr+kVZINk1y8dPK0kqYXxFof7ajIkFOISrywvJNjvlPjFeC6YnY7HCNIg65eND
kwtGaQPdMRZlGG5kTITkoTdrFe/zj1foV/aohmKbktBn0+0PidNOCarodKvOS1Fj
UlXxJJ1CcMsUD+O0f7pqPIcn6zuCZJlq+b4gWp65iourlO3zM+vqQlx+IN/0nYKP
rI5SmQbb0J8BOOe5DNK0yn90A+L3Cw6pQBRsfxsVAHcKmHbuvWIk9qeL1H5Ljcnr
BKcCAwEAAaOByzCByDAdBgNVHQ4EFgQUbAWwoKgDpKGQ0aV00hPZLleDNnMwHwYD
VR0jBBgwFoAUbAWwoKgDpKGQ0aV00hPZLleDNnMwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBSgv4/K3FB
/Uyb28WxYHKnz/QpkTYPzpJylT40q4QMryPo4Sg1KcnIeJoS1/EiHCHhsLTfrzbE
ynEqbm9K1WVYMXrC0TBm4AphVOBhl3tBcljZAtoiiyHm1TFM0jwR2A0S8Nzr4B0W
OnTenLSyu2nt4VMUnhwGP//nL4rR9jeJdrJhYF9IzqOP4LVvkhgh5KgfEnCGVCra
eD1dPBO4tH+lgfBVz+pWtAqKyivKvgiepkwSmV8jkwhYcI/I+4gR/tYWx6M7H2t4
sAUpn31MAbrtil+oOOmkwkTO6Dcd2B8W5O+Eux9LOrCaAFequlIc9Nr3aV3vjTXv
XAP6jYf8kmAo
-----END TRUSTED_CERTIFICATE-----
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
-----BEGIN VERIFY_RESULT-----
U1VDQ0VTUw==
-----END VERIFY_RESULT-----
|
