blob: 016f94e14fd6dda492f3aa1eba3e51e06b99c4da (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
|
[Created by: generate-intermediary-lacks-basic-constraints.py]
Certificate chain with 1 intermediary and a trusted root. The intermediary
lacks the basic constraints extension, and hence is expected to fail validation
(RFC 5280 requires v3 signing certificates have a BasicConstaints).
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediary
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:f3:d6:19:96:48:0c:01:e2:21:3d:98:21:52:df:
5a:79:95:01:e5:c2:ab:77:e4:7b:10:17:64:75:a4:
ca:b6:69:cc:a9:4a:1d:b6:7f:a0:16:89:32:21:c2:
2a:c2:58:28:d2:f3:ef:a5:2d:81:92:47:17:d5:61:
65:ab:43:22:ce:59:5b:20:31:be:6e:84:23:19:d5:
7e:a8:70:50:6c:de:06:b8:58:09:97:fd:02:98:31:
2d:3b:ab:1b:4a:82:6c:28:ab:c5:a3:6b:ea:40:2b:
48:02:73:e4:ce:ea:f6:3b:6a:80:1f:5b:59:30:86:
1b:5e:64:61:b5:94:d2:f0:c8:bb:88:b1:90:05:1a:
e8:e6:97:dc:7d:e8:53:c8:9f:88:09:69:82:1f:1e:
e2:d1:70:f3:85:06:63:18:0a:d2:f1:71:a3:25:a3:
42:76:3a:5e:02:78:e6:7a:c6:a4:82:dd:79:35:5a:
da:8e:37:92:82:bf:01:13:1b:6e:52:97:97:32:f1:
b2:4e:95:bc:55:89:61:61:73:b4:64:30:b1:89:87:
51:17:29:f3:67:de:5b:99:ee:47:71:07:8c:d5:17:
55:e0:70:bc:b6:06:6e:eb:7a:c6:69:69:97:e1:3d:
1d:be:93:da:a0:fa:cb:2f:f0:ed:5c:da:18:0e:67:
89:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:C8:4E:91:CD:73:65:1D:13:F9:EC:F0:91:13:F1:D0:01:AD:1E:7C
X509v3 Authority Key Identifier:
keyid:60:E7:1E:8E:53:95:1F:8F:00:D1:F7:9F:36:01:26:15:86:53:0E:F2
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediary.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediary.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
88:1d:e7:e6:1e:4b:93:a9:79:59:0e:10:43:1e:f7:79:a4:c7:
68:55:81:b6:b4:6d:b0:5b:b6:46:13:8b:4e:1c:d4:79:17:b1:
71:46:b6:69:21:92:fa:bf:bd:76:cc:6c:b1:04:58:28:41:79:
34:4f:09:e7:17:5c:d0:ac:fc:c5:2e:1e:5c:31:ca:ed:55:ea:
df:4a:43:9a:72:37:0a:8a:69:dd:4e:e9:a3:ef:dd:48:45:41:
7b:55:e3:d1:98:69:a5:ec:0b:43:32:24:da:33:cd:fd:35:74:
17:81:b1:61:37:b1:12:5d:51:86:e6:a2:08:e5:c7:99:aa:f7:
23:c4:5f:83:c0:59:9c:36:f9:a0:4c:03:f7:40:42:fb:90:39:
5a:45:e5:e2:94:a3:58:c2:a1:d8:c9:aa:3e:83:98:b0:32:a1:
85:9a:b1:34:c7:67:a4:03:67:6e:5b:d7:83:b8:92:0f:af:81:
b5:00:50:c4:0f:f6:bb:cd:7d:0f:a8:cd:28:bb:48:b8:32:82:
ef:d1:cf:96:74:e4:25:74:ce:5e:4c:75:d2:80:55:a3:6b:a6:
76:eb:aa:3e:2b:55:d3:c9:bd:2b:32:d3:1d:01:00:cb:8d:c4:
c0:b9:29:0b:10:e5:ab:34:2f:30:63:29:df:a8:4f:b3:28:dd:
0b:8c:ea:14
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDz1hmW
SAwB4iE9mCFS31p5lQHlwqt35HsQF2R1pMq2acypSh22f6AWiTIhwirCWCjS8++l
LYGSRxfVYWWrQyLOWVsgMb5uhCMZ1X6ocFBs3ga4WAmX/QKYMS07qxtKgmwoq8Wj
a+pAK0gCc+TO6vY7aoAfW1kwhhteZGG1lNLwyLuIsZAFGujml9x96FPIn4gJaYIf
HuLRcPOFBmMYCtLxcaMlo0J2Ol4CeOZ6xqSC3Xk1WtqON5KCvwETG25Sl5cy8bJO
lbxViWFhc7RkMLGJh1EXKfNn3luZ7kdxB4zVF1XgcLy2Bm7resZpaZfhPR2+k9qg
+ssv8O1c2hgOZ4mNAgMBAAGjgekwgeYwHQYDVR0OBBYEFP3ITpHNc2UdE/ns8JET
8dABrR58MB8GA1UdIwQYMBaAFGDnHo5TlR+PANH3nzYBJhWGUw7yMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAiB3n5h5Lk6l5WQ4QQx73
eaTHaFWBtrRtsFu2RhOLThzUeRexcUa2aSGS+r+9dsxssQRYKEF5NE8J5xdc0Kz8
xS4eXDHK7VXq30pDmnI3Copp3U7po+/dSEVBe1Xj0ZhppewLQzIk2jPN/TV0F4Gx
YTexEl1RhuaiCOXHmar3I8Rfg8BZnDb5oEwD90BC+5A5WkXl4pSjWMKh2MmqPoOY
sDKhhZqxNMdnpANnblvXg7iSD6+BtQBQxA/2u819D6jNKLtIuDKC79HPlnTkJXTO
Xkx10oBVo2umduuqPitV08m9KzLTHQEAy43EwLkpCxDlqzQvMGMp36hPsyjdC4zq
FA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediary
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a0:8f:6c:dd:c5:0d:76:a9:8a:da:5d:9f:94:cf:
9a:18:cd:32:ee:e1:c3:88:29:0d:40:7d:8b:37:9c:
18:b9:ed:11:81:5b:cc:8c:7c:4a:f3:e2:b9:eb:f7:
3c:74:5a:5c:78:37:e3:7e:a8:b9:34:d7:da:d2:dc:
52:de:c6:bb:ca:cd:39:c3:ea:8e:84:1b:e5:ad:4b:
67:1b:70:bd:70:0e:5e:20:95:37:bf:ae:d1:f4:b0:
97:c0:8a:d3:e5:2a:04:d8:eb:1d:c8:f0:95:1b:25:
d4:49:ae:d4:5f:d9:bc:ea:19:2d:38:d3:d2:c4:8b:
77:37:45:ae:f9:70:b2:43:93:85:06:58:e0:3e:38:
11:32:d2:bc:a5:d4:df:09:2d:e9:c4:16:a7:f9:5b:
25:8d:57:f7:bf:01:4e:c8:25:b4:f8:5d:33:1d:7a:
04:4b:9d:fe:71:d4:65:78:4b:8d:52:ef:04:80:d4:
45:18:1d:d8:53:8e:2a:e8:23:3f:14:a4:b4:f1:00:
ff:30:be:06:c5:61:ac:13:e8:cb:4c:ef:77:f7:6b:
1d:da:5a:d4:7f:f8:5a:87:cb:4b:45:05:8c:06:73:
7b:65:d5:71:c9:35:c7:6e:07:ce:0b:e2:54:e1:43:
f0:da:a9:51:b8:ad:fe:da:de:29:8c:5f:2d:40:06:
7f:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:E7:1E:8E:53:95:1F:8F:00:D1:F7:9F:36:01:26:15:86:53:0E:F2
X509v3 Authority Key Identifier:
keyid:73:D9:03:F6:54:EA:FC:42:DA:77:EC:19:89:AD:6D:D2:A3:3E:E9:FD
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
43:31:7d:91:39:1d:8a:88:6c:d2:2d:36:b1:92:53:1d:18:24:
e9:42:27:c3:d3:f1:77:69:6f:67:7b:39:46:32:fb:36:a1:8d:
07:ee:16:6b:ac:09:e3:78:38:7a:a7:4b:fe:3f:81:eb:f2:85:
aa:d6:3e:5a:68:57:e3:98:0d:ae:ee:45:84:d1:ed:6d:9c:78:
fe:63:50:94:55:5e:b5:41:ef:c9:16:ed:4f:38:03:cb:73:3c:
79:c1:c4:0c:c1:95:43:11:49:c0:bc:7e:9a:6a:05:d2:43:c4:
66:72:66:57:69:46:ed:a7:10:af:bf:e9:bb:48:72:4b:00:a2:
46:78:38:68:dd:6b:a9:ac:62:70:4b:0b:f3:29:fa:a7:a2:42:
4b:d7:88:1f:97:1f:71:60:20:82:89:d6:3a:60:d5:4b:08:28:
6a:6a:97:2e:c9:93:d8:a7:32:b7:e1:68:be:07:7a:3c:76:3b:
2c:1b:10:17:4c:c9:ea:ee:48:c9:ad:ac:2e:61:dd:16:eb:62:
1e:33:1d:6c:8a:b4:56:0f:3d:04:35:f3:8f:d0:12:f9:66:8d:
39:95:e9:44:41:32:7e:f3:17:2e:58:c9:0c:23:b1:e3:db:f7:
ed:da:bd:94:0e:00:27:34:3d:3d:c6:48:d8:e4:a3:66:57:d9:
5e:13:3e:59
-----BEGIN CERTIFICATE-----
MIIDXDCCAkSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoI9s3cUN
dqmK2l2flM+aGM0y7uHDiCkNQH2LN5wYue0RgVvMjHxK8+K56/c8dFpceDfjfqi5
NNfa0txS3sa7ys05w+qOhBvlrUtnG3C9cA5eIJU3v67R9LCXwIrT5SoE2OsdyPCV
GyXUSa7UX9m86hktONPSxIt3N0Wu+XCyQ5OFBljgPjgRMtK8pdTfCS3pxBan+Vsl
jVf3vwFOyCW0+F0zHXoES53+cdRleEuNUu8EgNRFGB3YU44q6CM/FKS08QD/ML4G
xWGsE+jLTO9392sd2lrUf/hah8tLRQWMBnN7ZdVxyTXHbgfOC+JU4UPw2qlRuK3+
2t4pjF8tQAZ/OQIDAQABo4G6MIG3MB0GA1UdDgQWBBRg5x6OU5UfjwDR9582ASYV
hlMO8jAfBgNVHSMEGDAWgBRz2QP2VOr8Qtp37BmJrW3Soz7p/TA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBDMX2ROR2KiGzSLTaxklMd
GCTpQifD0/F3aW9nezlGMvs2oY0H7hZrrAnjeDh6p0v+P4Hr8oWq1j5aaFfjmA2u
7kWE0e1tnHj+Y1CUVV61Qe/JFu1POAPLczx5wcQMwZVDEUnAvH6aagXSQ8RmcmZX
aUbtpxCvv+m7SHJLAKJGeDho3WuprGJwSwvzKfqnokJL14gflx9xYCCCidY6YNVL
CChqapcuyZPYpzK34Wi+B3o8djssGxAXTMnq7kjJrawuYd0W62IeMx1sirRWDz0E
NfOP0BL5Zo05lelEQTJ+8xcuWMkMI7Hj2/ft2r2UDgAnND09xkjY5KNmV9leEz5Z
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ea:c6:b8:66:62:c2:1a:2a:7d:83:ca:b2:7b:11:
e4:92:4a:b8:3a:39:35:73:aa:89:55:7d:f4:ec:40:
4b:2c:c7:56:58:ac:9d:25:ef:c3:26:86:98:c4:74:
a4:3a:94:36:d8:78:7c:1a:f4:f7:5c:a0:56:69:fc:
23:c0:a4:06:5f:5b:ce:ea:cb:32:9b:c3:21:89:fd:
9f:4e:38:a2:b9:f4:de:af:44:1e:53:02:09:41:44:
92:bc:a5:4f:70:86:23:85:48:2a:51:01:70:ab:b0:
c4:bd:97:3c:2f:d0:2c:3e:9c:be:40:2e:ee:be:f8:
ed:63:a2:1b:fd:e2:0f:d1:b2:3b:b3:ce:da:84:59:
56:bb:77:17:93:ef:c0:b7:b4:11:db:b9:6e:b0:4a:
28:55:fb:56:4e:ed:22:b6:e3:4d:5b:ad:6a:af:ff:
df:33:f9:18:a6:91:0a:b8:89:d3:28:55:18:c7:71:
19:32:bc:88:a8:ee:5b:c8:34:84:e5:f5:fe:6e:5e:
c0:3b:73:9b:a4:bc:4c:6a:8a:5a:31:c0:34:f3:c3:
89:e0:57:97:64:01:dd:c2:9f:75:8e:e3:fd:b3:58:
b5:0b:e3:4d:8f:94:e8:9b:0c:c2:12:af:13:31:30:
d1:a6:1c:2c:f1:0a:7a:a4:17:e2:2f:6f:73:cb:22:
15:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:D9:03:F6:54:EA:FC:42:DA:77:EC:19:89:AD:6D:D2:A3:3E:E9:FD
X509v3 Authority Key Identifier:
keyid:73:D9:03:F6:54:EA:FC:42:DA:77:EC:19:89:AD:6D:D2:A3:3E:E9:FD
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
e0:b7:24:3a:ee:4c:8d:42:9f:b9:52:2b:7d:21:c5:7b:dd:2b:
bc:6a:5d:86:57:ee:d5:1f:27:e6:e1:08:e3:72:a3:10:2b:97:
1b:98:b9:39:18:6e:7f:b8:b0:1c:f1:f5:d9:7e:1d:05:3f:5b:
f4:cd:1e:66:7f:77:ed:ab:d0:51:b6:ad:6c:a6:66:ab:fc:31:
a1:ac:ee:66:ae:3b:af:4e:3c:c6:29:07:dc:1a:ac:b5:10:3f:
3f:ad:27:1b:bc:32:19:ab:b3:75:62:47:23:d1:b8:60:78:ac:
96:0c:4f:b8:31:7b:40:7e:f3:f7:ba:a9:ae:9b:65:ef:c5:e3:
fc:c8:28:c6:c0:74:48:00:33:48:a4:e6:3c:0c:5b:a0:1e:c2:
57:c5:0c:24:34:c3:36:c0:8a:f3:a6:c3:16:24:32:c3:dc:81:
76:54:3e:00:68:c8:6a:b6:ee:9f:ab:44:64:64:37:54:ff:1b:
b9:a5:c2:bf:ff:a5:68:b3:5a:ef:d7:bc:64:39:24:2e:ad:c7:
a3:9c:ef:60:cb:ab:de:45:f1:40:65:95:01:0c:52:ea:a8:d6:
8b:77:e0:2e:1f:2b:4f:a3:bc:b8:80:6b:8d:92:42:66:17:10:
4b:d4:b0:2d:8d:4c:77:50:74:83:0e:9a:4c:0d:3b:6b:3d:c6:
0a:2e:f6:5c
-----BEGIN TRUSTED_CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOrGuGZiwhoqfYPKsnsR
5JJKuDo5NXOqiVV99OxASyzHVlisnSXvwyaGmMR0pDqUNth4fBr091ygVmn8I8Ck
Bl9bzurLMpvDIYn9n044orn03q9EHlMCCUFEkrylT3CGI4VIKlEBcKuwxL2XPC/Q
LD6cvkAu7r747WOiG/3iD9GyO7PO2oRZVrt3F5PvwLe0Edu5brBKKFX7Vk7tIrbj
TVutaq//3zP5GKaRCriJ0yhVGMdxGTK8iKjuW8g0hOX1/m5ewDtzm6S8TGqKWjHA
NPPDieBXl2QB3cKfdY7j/bNYtQvjTY+U6JsMwhKvEzEw0aYcLPEKeqQX4i9vc8si
FWcCAwEAAaOByzCByDAdBgNVHQ4EFgQUc9kD9lTq/ELad+wZia1t0qM+6f0wHwYD
VR0jBBgwFoAUc9kD9lTq/ELad+wZia1t0qM+6f0wNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDgtyQ67kyN
Qp+5Uit9IcV73Su8al2GV+7VHyfm4QjjcqMQK5cbmLk5GG5/uLAc8fXZfh0FP1v0
zR5mf3ftq9BRtq1spmar/DGhrO5mrjuvTjzGKQfcGqy1ED8/rScbvDIZq7N1Ykcj
0bhgeKyWDE+4MXtAfvP3uqmum2XvxeP8yCjGwHRIADNIpOY8DFugHsJXxQwkNMM2
wIrzpsMWJDLD3IF2VD4AaMhqtu6fq0RkZDdU/xu5pcK//6Vos1rv17xkOSQurcej
nO9gy6veRfFAZZUBDFLqqNaLd+AuHytPo7y4gGuNkkJmFxBL1LAtjUx3UHSDDppM
DTtrPcYKLvZc
-----END TRUSTED_CERTIFICATE-----
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----
|
