blob: f8842981b09ac5e6e167dd71e1e5f92848e4eb46 [file] [log] [blame]
[Created by: generate-constrained-root-basic-constraints-ca-false.py]
Certificate chain with 1 intermediate and a trust anchor. The trust anchor
has a basic constraints extension that indicates it is NOT a CA. Verification
is expected to succeed even though the trust anchor enforces constraints, since
the CA part of basic constraints is not enforced.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b8:b6:4b:46:a5:2a:82:68:2c:9f:19:09:8f:0c:
c6:ad:af:bf:e1:8f:86:e5:2b:7b:b6:53:cd:bf:cf:
57:f2:c9:19:55:2c:3e:d5:33:b6:5f:0c:d6:65:4b:
f0:37:49:28:32:68:c5:56:32:a1:8d:13:5f:2a:7e:
ff:b4:13:b4:69:07:df:82:04:f9:bf:9e:06:61:ad:
4b:82:2c:12:3e:d6:37:ef:1f:be:4c:6e:16:5b:f1:
02:ea:31:75:40:2b:f1:6d:2d:7b:fb:5c:43:7a:34:
70:23:c5:dc:80:fa:76:4b:36:28:91:7c:0f:14:01:
5b:66:51:89:54:79:3c:d5:c3:e3:4f:6a:a9:d6:ab:
ba:57:f9:6d:13:b3:cc:2c:7a:5f:87:06:62:9e:31:
9b:e2:5c:5e:b7:70:e1:1a:dc:02:0a:23:cb:dc:28:
fb:85:03:b0:5b:a0:94:d8:4a:6a:8e:dc:02:2a:19:
c1:ea:32:9d:a2:9b:84:34:6c:79:90:d6:bf:9d:74:
02:cd:21:a3:bf:57:46:db:4e:5a:76:3e:32:54:66:
7e:2f:f1:4b:40:72:9d:bf:c3:fc:33:8b:6b:cc:a4:
ce:2a:dd:74:13:7b:e7:3d:31:26:ae:a8:88:83:ab:
24:27:31:21:55:17:de:a9:d6:d4:ae:c1:6e:b0:ca:
e5:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:79:A5:28:D4:40:7E:78:F4:F3:C5:7B:21:DA:CF:D8:4C:95:FC:EE
X509v3 Authority Key Identifier:
keyid:21:63:3C:E9:BA:5F:79:17:3D:28:91:51:B7:72:6E:26:3C:9E:9C:65
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
96:8e:91:69:58:40:6d:ef:8b:60:3f:35:57:0a:93:85:6d:e5:
a5:df:99:05:e4:b9:32:c6:e3:9b:e6:2e:8c:4c:b5:4d:c4:fa:
40:cd:44:2c:f1:b3:bd:d2:24:9a:d7:cb:1b:64:46:b7:db:11:
a0:7f:49:5b:ec:fc:0e:d5:36:73:f7:60:48:82:11:be:92:1c:
41:0f:96:85:ef:c3:e5:cf:3b:a6:2e:41:99:6c:77:6b:3b:74:
e3:a9:d0:35:9f:17:f8:7f:4d:a7:33:6c:ce:fa:a3:be:f4:0d:
fb:38:02:ab:10:d3:46:22:e6:ae:a6:62:5b:5f:48:98:cd:ba:
4b:ef:1f:5c:3b:2a:2e:ef:48:76:8b:3d:05:d6:e4:25:2b:60:
2d:a8:cd:64:98:95:73:22:62:d7:67:7f:35:93:2f:2f:cc:99:
ac:d2:07:1f:9d:ff:1f:e3:33:84:4f:ff:a6:b7:48:7a:fc:24:
c5:25:c1:22:b4:4e:f1:cd:10:10:0a:b8:9b:1d:9e:86:d9:9d:
52:3c:af:04:76:b8:3b:98:83:6d:82:51:ca:b2:ff:15:e4:22:
50:98:8f:fb:2c:bc:2e:77:8e:11:6b:5b:06:97:ff:da:ea:29:
51:88:df:94:2f:7c:75:26:54:99:d9:0a:bc:bb:8d:a0:23:6a:
db:cc:85:4e
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4tktG
pSqCaCyfGQmPDMatr7/hj4blK3u2U82/z1fyyRlVLD7VM7ZfDNZlS/A3SSgyaMVW
MqGNE18qfv+0E7RpB9+CBPm/ngZhrUuCLBI+1jfvH75MbhZb8QLqMXVAK/FtLXv7
XEN6NHAjxdyA+nZLNiiRfA8UAVtmUYlUeTzVw+NPaqnWq7pX+W0Ts8wsel+HBmKe
MZviXF63cOEa3AIKI8vcKPuFA7BboJTYSmqO3AIqGcHqMp2im4Q0bHmQ1r+ddALN
IaO/V0bbTlp2PjJUZn4v8UtAcp2/w/wzi2vMpM4q3XQTe+c9MSauqIiDqyQnMSFV
F96p1tSuwW6wyuWfAgMBAAGjgekwgeYwHQYDVR0OBBYEFMt5pSjUQH549PPFeyHa
z9hMlfzuMB8GA1UdIwQYMBaAFCFjPOm6X3kXPSiRUbdybiY8npxlMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAlo6RaVhAbe+LYD81VwqT
hW3lpd+ZBeS5Msbjm+YujEy1TcT6QM1ELPGzvdIkmtfLG2RGt9sRoH9JW+z8DtU2
c/dgSIIRvpIcQQ+Whe/D5c87pi5BmWx3azt046nQNZ8X+H9NpzNszvqjvvQN+zgC
qxDTRiLmrqZiW19ImM26S+8fXDsqLu9Idos9BdbkJStgLajNZJiVcyJi12d/NZMv
L8yZrNIHH53/H+MzhE//prdIevwkxSXBIrRO8c0QEAq4mx2ehtmdUjyvBHa4O5iD
bYJRyrL/FeQiUJiP+yy8LneOEWtbBpf/2uopUYjflC98dSZUmdkKvLuNoCNq28yF
Tg==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a9:38:35:27:ba:37:72:ce:20:03:31:f3:dc:4e:
96:e4:69:f4:d4:d1:77:8f:59:a8:93:d8:02:d3:a6:
14:c1:d4:a2:8e:a2:69:0b:fa:28:1d:3c:71:f4:59:
de:c7:a0:80:09:7a:3e:b0:74:be:50:29:93:ce:73:
66:67:64:30:5f:e0:8c:8a:05:2a:18:16:77:03:c6:
09:26:b6:dd:c0:5d:d3:99:07:71:98:02:82:bd:ff:
d4:5a:f2:84:6c:9f:3c:90:d5:d7:fb:06:24:65:12:
fd:df:29:f1:2e:81:d0:b8:2f:ea:dd:0f:52:15:50:
91:b4:10:6b:2d:88:d5:91:44:57:51:ff:1f:db:62:
47:5d:41:9a:b1:3f:03:f6:fd:3b:79:e0:46:b0:69:
01:ee:72:d9:48:22:6a:b7:59:2e:39:6f:1f:01:1b:
e0:b2:c4:a1:9e:b8:dc:c5:99:87:0f:84:d5:55:4d:
bb:0b:73:fc:85:62:a6:14:53:13:1d:d8:36:a1:96:
b8:7f:65:81:e6:04:20:97:e8:05:ca:c9:4e:55:9b:
eb:74:97:7d:cf:72:52:17:7b:ac:a2:10:0f:96:7d:
0c:f3:d3:52:6d:d0:af:36:44:be:6f:18:d9:39:0c:
75:b8:e0:9e:5c:38:ec:47:72:a3:61:cc:e1:e9:de:
a5:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:63:3C:E9:BA:5F:79:17:3D:28:91:51:B7:72:6E:26:3C:9E:9C:65
X509v3 Authority Key Identifier:
keyid:A4:4A:EF:8D:03:05:5A:85:D8:D5:43:64:B2:EE:06:D6:D1:75:36:8B
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
ad:e7:db:f0:f9:65:22:52:9d:80:63:50:03:43:15:e2:19:44:
93:31:c8:7b:f3:8c:81:d4:72:84:5c:a3:b9:90:b3:97:78:c6:
7c:c3:50:8c:29:e9:49:d6:f1:cc:6e:f0:20:a2:2c:ff:ab:52:
15:04:90:73:b1:3f:7f:be:21:87:96:c4:31:87:ae:15:ca:33:
4a:79:84:11:11:4f:2c:dd:12:36:b0:c4:03:dd:c6:a5:a4:d2:
5b:71:23:40:56:4e:49:97:1f:cb:af:c3:93:69:69:a0:6d:cd:
ac:47:9a:65:d1:c0:2f:d8:6d:56:4e:a4:90:16:6c:8b:fb:38:
b7:b3:ac:52:d6:0a:17:21:8d:a6:6e:ff:f3:15:13:d4:3b:0d:
74:77:4e:60:63:9c:10:6f:36:70:a6:a8:93:8a:88:ff:82:13:
25:0a:ba:5e:e6:09:c9:bb:8b:3d:cb:e4:d3:c0:28:6e:c6:2d:
21:82:d3:81:b1:28:41:dd:7a:aa:cd:be:66:1e:06:3a:99:cf:
41:ed:02:81:0a:0e:98:a2:f4:03:4b:31:c1:d8:78:79:a0:fd:
25:a1:30:09:1c:29:e5:38:3a:b3:f2:48:70:5f:82:b6:71:b7:
f4:cd:99:e6:62:f2:78:b7:8c:92:af:d6:ce:96:c8:0f:84:60:
93:19:fa:21
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTg1J7o3
cs4gAzHz3E6W5Gn01NF3j1mok9gC06YUwdSijqJpC/ooHTxx9Fnex6CACXo+sHS+
UCmTznNmZ2QwX+CMigUqGBZ3A8YJJrbdwF3TmQdxmAKCvf/UWvKEbJ88kNXX+wYk
ZRL93ynxLoHQuC/q3Q9SFVCRtBBrLYjVkURXUf8f22JHXUGasT8D9v07eeBGsGkB
7nLZSCJqt1kuOW8fARvgssShnrjcxZmHD4TVVU27C3P8hWKmFFMTHdg2oZa4f2WB
5gQgl+gFyslOVZvrdJd9z3JSF3usohAPln0M89NSbdCvNkS+bxjZOQx1uOCeXDjs
R3KjYczh6d6lqQIDAQABo4HLMIHIMB0GA1UdDgQWBBQhYzzpul95Fz0okVG3cm4m
PJ6cZTAfBgNVHSMEGDAWgBSkSu+NAwVahdjVQ2Sy7gbW0XU2izA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AK3n2/D5ZSJSnYBjUANDFeIZRJMxyHvzjIHUcoRco7mQs5d4xnzDUIwp6UnW8cxu
8CCiLP+rUhUEkHOxP3++IYeWxDGHrhXKM0p5hBERTyzdEjawxAPdxqWk0ltxI0BW
TkmXH8uvw5NpaaBtzaxHmmXRwC/YbVZOpJAWbIv7OLezrFLWChchjaZu//MVE9Q7
DXR3TmBjnBBvNnCmqJOKiP+CEyUKul7mCcm7iz3L5NPAKG7GLSGC04GxKEHdeqrN
vmYeBjqZz0HtAoEKDpii9ANLMcHYeHmg/SWhMAkcKeU4OrPySHBfgrZxt/TNmeZi
8ni3jJKv1s6WyA+EYJMZ+iE=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e9:d3:1f:75:ed:64:d9:2b:d9:1c:3b:ab:db:86:
88:7a:65:57:87:7c:b9:51:2f:57:7f:34:7d:73:5d:
53:8f:a0:13:08:26:ec:46:0d:05:cb:91:36:4a:9b:
13:65:76:9d:68:b9:30:6a:13:9e:b2:1b:95:e7:3e:
11:fc:16:50:ff:6f:8e:bd:88:79:4d:9e:fa:74:20:
2d:1c:f0:15:98:d7:de:f9:99:46:f3:f5:c2:17:08:
c2:c3:3b:e3:6e:1b:bf:c9:3f:db:c3:ff:a4:d2:ee:
c4:8e:91:e6:af:12:e7:5c:1c:73:af:df:0f:0f:05:
d8:f0:f6:21:95:5e:40:97:ee:5d:1b:df:a8:89:30:
f4:08:e6:e4:c6:ca:aa:58:fa:e6:8c:b4:2f:3e:56:
ea:9b:02:4f:bc:65:c5:a7:41:bf:8d:e2:34:dc:f3:
da:f3:23:36:07:32:62:96:5b:be:44:69:39:47:44:
70:96:96:03:f1:d8:1b:e3:bd:32:bc:9e:3b:5a:4c:
38:fa:75:d1:af:2c:30:d3:59:0b:87:43:85:b1:2e:
43:15:97:13:89:8e:e7:15:c2:8b:39:be:5f:f1:59:
57:45:b8:ac:e8:bd:4a:46:a6:50:5e:22:40:68:60:
5a:77:81:2f:3d:be:03:13:3b:70:2c:a6:ad:eb:58:
c1:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:4A:EF:8D:03:05:5A:85:D8:D5:43:64:B2:EE:06:D6:D1:75:36:8B
X509v3 Authority Key Identifier:
keyid:A4:4A:EF:8D:03:05:5A:85:D8:D5:43:64:B2:EE:06:D6:D1:75:36:8B
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
26:9d:8a:78:1d:b6:59:cd:cc:23:10:2b:9b:2c:a1:b4:fc:53:
1e:c5:57:d8:d8:05:f2:dc:a6:13:2e:4b:13:af:14:bf:fa:c0:
af:3e:96:24:4a:ed:38:0f:10:f0:90:a9:c4:0d:92:59:6d:c7:
12:bf:17:e2:d7:1b:20:1c:74:ab:7a:50:38:52:cf:55:58:40:
f7:c4:ee:78:a4:c1:79:ab:50:0c:a7:90:86:09:b0:05:bd:2a:
ec:31:00:a5:83:43:95:45:27:06:c0:e7:49:a3:81:9e:90:56:
97:29:fc:b0:f1:4d:75:68:04:93:a2:1b:8e:fd:52:e1:2d:b8:
30:be:4e:3d:e9:2b:96:4e:38:a3:26:4b:fe:36:72:45:55:57:
f1:c9:98:a7:9d:17:e2:b6:05:c8:bb:a4:ed:5e:be:23:8b:60:
e0:c8:42:c6:29:5f:37:37:2c:86:7d:06:67:5e:67:44:19:7f:
13:5d:d3:8a:1e:50:b7:1c:03:52:0d:ff:4e:3c:69:f6:2f:d1:
70:37:47:63:fa:60:1f:34:a4:1f:d8:2f:ed:e0:0e:f2:68:f8:
e3:58:34:33:3b:af:8f:15:c8:fe:2e:73:17:60:a9:49:7e:7e:
1a:0e:9a:a2:60:bf:09:8d:85:8c:a3:dc:77:5f:45:b4:f9:f0:
6d:a0:29:2a
-----BEGIN TRUST_ANCHOR_CONSTRAINED-----
MIIDYjCCAkqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOnTH3XtZNkr2Rw7q9uG
iHplV4d8uVEvV380fXNdU4+gEwgm7EYNBcuRNkqbE2V2nWi5MGoTnrIblec+EfwW
UP9vjr2IeU2e+nQgLRzwFZjX3vmZRvP1whcIwsM7424bv8k/28P/pNLuxI6R5q8S
51wcc6/fDw8F2PD2IZVeQJfuXRvfqIkw9Ajm5MbKqlj65oy0Lz5W6psCT7xlxadB
v43iNNzz2vMjNgcyYpZbvkRpOUdEcJaWA/HYG+O9MryeO1pMOPp10a8sMNNZC4dD
hbEuQxWXE4mO5xXCizm+X/FZV0W4rOi9SkamUF4iQGhgWneBLz2+AxM7cCymretY
wQUCAwEAAaOByDCBxTAdBgNVHQ4EFgQUpErvjQMFWoXY1UNksu4G1tF1NoswHwYD
VR0jBBgwFoAUpErvjQMFWoXY1UNksu4G1tF1NoswNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAmnYp4HbZZzcwj
ECubLKG0/FMexVfY2AXy3KYTLksTrxS/+sCvPpYkSu04DxDwkKnEDZJZbccSvxfi
1xsgHHSrelA4Us9VWED3xO54pMF5q1AMp5CGCbAFvSrsMQClg0OVRScGwOdJo4Ge
kFaXKfyw8U11aASTohuO/VLhLbgwvk496SuWTjijJkv+NnJFVVfxyZinnRfitgXI
u6TtXr4ji2DgyELGKV83NyyGfQZnXmdEGX8TXdOKHlC3HANSDf9OPGn2L9FwN0dj
+mAfNKQf2C/t4A7yaPjjWDQzO6+PFcj+LnMXYKlJfn4aDpqiYL8JjYWMo9x3X0W0
+fBtoCkq
-----END TRUST_ANCHOR_CONSTRAINED-----
150302120000Z
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
SUCCESS
-----BEGIN VERIFY_RESULT-----
U1VDQ0VTUw==
-----END VERIFY_RESULT-----