blob: 8a1ec44a84f21cb98973b5ae0aef9b4ae839c576 [file] [log] [blame]
[Created by: generate-intermediate-basic-constraints-not-critical.py]
Certificate chain with 1 intermediate and a trusted root. The intermediate
has a basic constraints extension but does not mark it as critical.
Verification is expected to succeed, since although not critical, the
basicConstraints indicates CA=true as expected.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9f:2f:38:1d:84:e6:1c:ed:c4:47:2b:63:0b:41:
73:dd:fe:74:c7:1a:d2:c8:7f:c1:90:ae:bf:6b:82:
a1:17:93:80:a1:92:39:52:66:81:93:90:e6:15:d7:
d6:bc:a4:03:eb:fc:50:b2:dc:f6:29:f7:a9:32:b6:
23:6c:d4:d0:3e:d9:56:6e:9d:a0:91:10:2c:8a:1e:
93:8d:38:37:ef:3e:7d:7a:de:15:07:c2:6c:62:1c:
76:81:ce:a7:9e:be:44:57:1b:77:77:ed:fa:2f:e1:
c5:53:83:65:74:c6:11:3c:f2:4d:84:89:1d:3b:54:
93:5e:38:44:f1:d4:03:ad:03:69:fd:eb:da:02:aa:
cf:6f:04:ea:22:0a:3f:a1:68:bc:56:a4:51:aa:93:
8a:f2:22:47:42:04:98:48:68:40:2e:f6:a6:8d:38:
84:ba:1a:56:0c:bc:53:85:77:b4:ba:e2:03:ac:10:
0f:1d:52:64:ad:f5:92:20:38:dc:fa:dd:8b:c6:8d:
96:30:ea:72:e2:aa:ff:5d:c3:fc:dc:1a:43:c6:da:
48:56:f6:4c:d4:8d:00:da:28:5f:01:23:9b:b1:eb:
b7:92:b7:35:43:5e:c0:21:96:22:b6:bd:c6:5f:1b:
0b:58:88:44:a5:ee:90:f4:e6:d0:94:41:2c:44:8c:
af:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:31:5F:95:5B:3C:43:02:74:27:C6:2E:06:50:92:FF:5C:54:AE:73
X509v3 Authority Key Identifier:
keyid:77:27:6B:15:A8:06:86:AD:0D:67:E0:D6:5B:82:3A:F8:6B:00:A3:A7
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
00:ba:cd:3c:7b:0f:eb:b3:b1:5f:5b:0a:83:12:4d:d6:28:7e:
ff:d9:65:2c:23:f8:d2:68:cc:25:14:0c:6e:9b:37:bb:72:66:
13:54:ff:b9:2f:f4:c8:9e:77:5b:31:2b:93:e6:94:cf:e9:bd:
43:1a:e8:f6:c3:c5:61:fa:ff:a7:72:09:ba:2b:08:02:e4:a5:
62:24:b1:b1:3b:0a:c0:bb:72:19:af:73:2d:9a:66:8e:f7:0f:
30:9f:49:0f:aa:83:87:ed:45:9e:75:3a:50:32:d6:c4:cf:20:
a0:31:73:16:98:69:e9:d7:16:5b:6f:6f:0a:d8:96:82:a3:d6:
a8:a4:84:d7:1a:50:22:bd:14:d7:61:d9:43:a9:58:cf:46:e8:
64:e9:1c:a9:d6:d3:49:45:1e:53:16:71:05:a7:0b:ae:d7:c0:
43:8c:24:02:07:6f:99:ed:4b:f6:89:a8:31:f5:ba:56:e3:db:
00:10:7e:0d:e0:46:96:b2:27:be:60:29:e8:91:e9:55:43:b1:
e6:74:e9:17:4e:bd:db:32:ec:61:7e:b0:d1:17:27:90:29:d9:
2e:53:6a:8f:de:77:ae:f4:ff:f4:96:84:e6:8d:37:43:63:17:
87:6a:8c:55:bd:ea:fd:2c:b2:83:10:3c:d7:f0:bd:21:45:ad:
ba:36:6d:43
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfLzgd
hOYc7cRHK2MLQXPd/nTHGtLIf8GQrr9rgqEXk4ChkjlSZoGTkOYV19a8pAPr/FCy
3PYp96kytiNs1NA+2VZunaCRECyKHpONODfvPn163hUHwmxiHHaBzqeevkRXG3d3
7fov4cVTg2V0xhE88k2EiR07VJNeOETx1AOtA2n969oCqs9vBOoiCj+haLxWpFGq
k4ryIkdCBJhIaEAu9qaNOIS6GlYMvFOFd7S64gOsEA8dUmSt9ZIgONz63YvGjZYw
6nLiqv9dw/zcGkPG2khW9kzUjQDaKF8BI5ux67eStzVDXsAhliK2vcZfGwtYiESl
7pD05tCUQSxEjK/pAgMBAAGjgekwgeYwHQYDVR0OBBYEFAUxX5VbPEMCdCfGLgZQ
kv9cVK5zMB8GA1UdIwQYMBaAFHcnaxWoBoatDWfg1luCOvhrAKOnMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAALrNPHsP67OxX1sKgxJN
1ih+/9llLCP40mjMJRQMbps3u3JmE1T/uS/0yJ53WzErk+aUz+m9Qxro9sPFYfr/
p3IJuisIAuSlYiSxsTsKwLtyGa9zLZpmjvcPMJ9JD6qDh+1FnnU6UDLWxM8goDFz
Fphp6dcWW29vCtiWgqPWqKSE1xpQIr0U12HZQ6lYz0boZOkcqdbTSUUeUxZxBacL
rtfAQ4wkAgdvme1L9omoMfW6VuPbABB+DeBGlrInvmAp6JHpVUOx5nTpF0692zLs
YX6w0RcnkCnZLlNqj953rvT/9JaE5o03Q2MXh2qMVb3q/SyygxA81/C9IUWtujZt
Qw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:94:4c:ba:e4:24:50:f0:02:98:a7:42:66:d3:d6:
53:4d:ad:3f:76:fa:4f:72:61:fd:79:cc:43:e2:d6:
2f:d9:99:84:0b:da:34:6f:65:ca:78:2b:a9:22:98:
04:ba:93:89:e9:8c:d0:71:62:cd:a4:3a:35:e2:8c:
2d:8a:48:36:2b:d1:99:52:27:c7:44:34:30:2c:87:
a7:47:e3:df:74:a3:6c:c6:3c:d2:ba:5c:3c:04:79:
1f:11:36:58:7a:86:65:60:cc:a1:4c:ba:f9:72:7e:
80:d3:1b:12:18:8a:44:b3:f3:fa:20:f8:8c:3d:63:
e3:96:0a:6b:0a:32:a1:f1:75:7c:6b:76:5f:1b:ef:
bd:64:c3:34:fd:2e:27:89:dd:ef:e5:74:08:08:a4:
96:92:7b:f3:4b:f5:ee:eb:91:0b:bb:ca:53:e8:ed:
48:a8:bb:7c:f8:9f:30:f7:15:05:32:7d:73:62:37:
4f:f7:a1:d4:de:45:e2:f7:49:86:b9:c9:f8:84:cc:
67:b2:f0:34:48:e6:54:e4:5d:1f:fb:03:fc:d8:15:
a1:17:0e:53:0d:c8:c9:a6:99:bf:f8:93:df:af:35:
e3:10:91:91:24:f3:eb:88:0b:d8:4f:16:36:a3:28:
ad:21:bd:22:bf:46:59:0a:ea:f0:fb:fc:01:c3:ba:
42:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:27:6B:15:A8:06:86:AD:0D:67:E0:D6:5B:82:3A:F8:6B:00:A3:A7
X509v3 Authority Key Identifier:
keyid:6C:17:23:18:CA:A6:A4:28:C6:08:4C:AA:9A:3F:18:FB:7B:67:B2:36
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
af:80:f1:f7:93:98:cd:84:13:e3:eb:ab:2d:ff:91:4c:72:5d:
d9:a9:b7:96:e8:bc:e9:f3:31:a0:46:7c:0d:49:a3:1f:5a:6a:
aa:82:9a:c2:1f:37:7a:9a:37:1a:96:fb:8e:fa:28:e1:eb:b8:
a3:d0:66:2d:9e:6e:ff:8e:c3:0a:17:23:ae:60:d5:9b:d2:fb:
23:2b:a9:b0:22:cb:e6:85:29:11:d3:b5:71:3e:30:9a:9c:60:
24:c5:a8:42:66:4f:5c:10:8b:fa:61:ad:d7:14:2b:51:0e:53:
24:1a:c7:5f:d9:12:97:6a:8c:da:d5:f9:35:41:4c:d4:0e:a8:
98:c6:e8:61:db:7b:95:d5:ca:26:ff:60:01:e2:c6:4e:f7:67:
ee:36:1f:2b:71:82:46:f5:11:44:ce:7b:ac:85:06:f1:09:35:
07:62:08:36:ad:b6:5b:c6:70:a0:bb:f0:5b:2e:47:09:a2:69:
79:a6:f1:77:fd:3c:b9:57:f4:c7:e6:f8:80:18:ba:d0:a0:c1:
b1:6f:b9:c8:3b:a2:c1:83:5c:e7:3a:05:19:36:c5:ae:54:dc:
df:1d:ad:18:e0:52:dd:71:ba:53:3e:2c:7d:eb:09:3a:cb:25:
10:b3:52:50:7f:42:2b:a8:2c:a7:cc:02:8e:17:99:af:7e:d2:
75:f4:15:f1
-----BEGIN CERTIFICATE-----
MIIDajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEy65CRQ
8AKYp0Jm09ZTTa0/dvpPcmH9ecxD4tYv2ZmEC9o0b2XKeCupIpgEupOJ6YzQcWLN
pDo14owtikg2K9GZUifHRDQwLIenR+PfdKNsxjzSulw8BHkfETZYeoZlYMyhTLr5
cn6A0xsSGIpEs/P6IPiMPWPjlgprCjKh8XV8a3ZfG++9ZMM0/S4nid3v5XQICKSW
knvzS/Xu65ELu8pT6O1IqLt8+J8w9xUFMn1zYjdP96HU3kXi90mGucn4hMxnsvA0
SOZU5F0f+wP82BWhFw5TDcjJppm/+JPfrzXjEJGRJPPriAvYTxY2oyitIb0iv0ZZ
Curw+/wBw7pC6QIDAQABo4HIMIHFMB0GA1UdDgQWBBR3J2sVqAaGrQ1n4NZbgjr4
awCjpzAfBgNVHSMEGDAWgBRsFyMYyqakKMYITKqaPxj7e2eyNjA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAK+A
8feTmM2EE+Prqy3/kUxyXdmpt5bovOnzMaBGfA1Jox9aaqqCmsIfN3qaNxqW+476
KOHruKPQZi2ebv+OwwoXI65g1ZvS+yMrqbAiy+aFKRHTtXE+MJqcYCTFqEJmT1wQ
i/phrdcUK1EOUyQax1/ZEpdqjNrV+TVBTNQOqJjG6GHbe5XVyib/YAHixk73Z+42
Hytxgkb1EUTOe6yFBvEJNQdiCDattlvGcKC78FsuRwmiaXmm8Xf9PLlX9Mfm+IAY
utCgwbFvucg7osGDXOc6BRk2xa5U3N8drRjgUt1xulM+LH3rCTrLJRCzUlB/Qiuo
LKfMAo4Xma9+0nX0FfE=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e2:4c:a9:08:30:3f:0e:6a:ec:ec:80:8e:07:cb:
fa:9b:01:b9:8a:37:f0:b1:f2:c2:43:79:90:7e:70:
76:ac:5c:41:60:55:66:fb:4f:e6:79:c8:18:01:7f:
d5:bd:9a:d5:58:5a:00:bf:81:86:37:1e:68:1a:92:
da:dd:e8:20:1a:47:43:78:bb:7e:5c:82:c6:59:1b:
37:c9:99:b2:ac:bb:d2:c0:cf:58:5a:25:13:a6:6b:
9a:79:be:dc:f6:6f:6c:80:5d:58:c2:b5:67:ae:09:
1b:ba:2a:f3:2a:00:d2:43:b6:59:df:38:7c:ef:c1:
be:1b:a1:e0:7d:9b:20:27:04:67:94:45:b3:2d:f6:
77:91:3c:c4:94:5f:78:7a:79:2c:4b:21:23:8b:f4:
d3:60:73:10:59:c7:a1:84:3f:5a:4e:82:43:90:68:
77:2a:f6:b1:d2:d4:cc:cd:76:36:13:95:c5:a7:f4:
46:d8:b7:ee:ef:59:07:2c:69:4d:9c:22:e4:2d:f1:
a9:2c:50:35:50:c2:91:ea:37:d9:6c:b6:f2:ff:cd:
7e:00:ae:51:e3:b4:10:5f:87:e3:92:fe:9e:62:a5:
34:fe:15:c4:19:20:3a:68:fd:3c:be:ae:aa:a3:52:
48:d3:05:95:99:f8:38:18:c5:44:d6:71:c4:bf:34:
e5:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:17:23:18:CA:A6:A4:28:C6:08:4C:AA:9A:3F:18:FB:7B:67:B2:36
X509v3 Authority Key Identifier:
keyid:6C:17:23:18:CA:A6:A4:28:C6:08:4C:AA:9A:3F:18:FB:7B:67:B2:36
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
d2:00:6a:7a:21:40:79:ad:84:23:e8:62:29:b5:47:0a:7a:91:
08:3d:f3:af:0a:14:e9:93:08:7a:81:bf:44:6f:e9:59:5b:d6:
8f:e1:bd:cd:9f:46:94:2e:7e:79:df:53:9e:85:e3:86:e0:15:
65:e4:fd:b9:10:f7:19:6c:f1:ba:39:3b:2e:49:97:18:7d:95:
a9:e5:14:49:65:44:31:39:5b:75:c7:09:75:1f:b3:5a:5b:fe:
09:1a:4a:af:ec:6b:58:5a:7b:ef:44:58:37:ab:23:72:bd:97:
7b:02:63:65:cf:3d:f6:13:62:44:49:04:dc:85:fc:6f:31:80:
c7:e0:1e:5b:77:90:29:cb:06:67:4e:99:41:b1:66:d7:4b:a3:
fa:85:5c:bc:2e:c5:fa:a0:a1:8d:07:ba:52:31:cf:5e:2a:98:
f1:ba:dc:56:4b:b3:cc:11:b2:d1:2d:0a:eb:75:a8:fe:f6:02:
d8:9b:0f:5b:7e:11:50:b1:51:b9:31:11:c5:4b:fa:bf:34:4d:
46:e9:27:39:61:ca:09:41:b2:67:fc:54:8a:38:0b:50:7d:f0:
e4:7a:a4:30:08:12:86:b3:fc:d2:43:0c:b5:50:4b:45:ee:cf:
90:5b:3e:39:47:11:b6:6b:a6:24:fe:02:17:07:7c:06:15:23:
0f:d8:0e:7b
-----BEGIN TRUST_ANCHOR_UNCONSTRAINED-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJMqQgwPw5q7OyAjgfL
+psBuYo38LHywkN5kH5wdqxcQWBVZvtP5nnIGAF/1b2a1VhaAL+BhjceaBqS2t3o
IBpHQ3i7flyCxlkbN8mZsqy70sDPWFolE6Zrmnm+3PZvbIBdWMK1Z64JG7oq8yoA
0kO2Wd84fO/Bvhuh4H2bICcEZ5RFsy32d5E8xJRfeHp5LEshI4v002BzEFnHoYQ/
Wk6CQ5Bodyr2sdLUzM12NhOVxaf0Rti37u9ZByxpTZwi5C3xqSxQNVDCkeo32Wy2
8v/NfgCuUeO0EF+H45L+nmKlNP4VxBkgOmj9PL6uqqNSSNMFlZn4OBjFRNZxxL80
5ccCAwEAAaOByzCByDAdBgNVHQ4EFgQUbBcjGMqmpCjGCEyqmj8Y+3tnsjYwHwYD
VR0jBBgwFoAUbBcjGMqmpCjGCEyqmj8Y+3tnsjYwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDSAGp6IUB5
rYQj6GIptUcKepEIPfOvChTpkwh6gb9Eb+lZW9aP4b3Nn0aULn5531OeheOG4BVl
5P25EPcZbPG6OTsuSZcYfZWp5RRJZUQxOVt1xwl1H7NaW/4JGkqv7GtYWnvvRFg3
qyNyvZd7AmNlzz32E2JESQTchfxvMYDH4B5bd5ApywZnTplBsWbXS6P6hVy8LsX6
oKGNB7pSMc9eKpjxutxWS7PMEbLRLQrrdaj+9gLYmw9bfhFQsVG5MRHFS/q/NE1G
6Sc5YcoJQbJn/FSKOAtQffDkeqQwCBKGs/zSQwy1UEtF7s+QWz45RxG2a6Yk/gIX
B3wGFSMP2A57
-----END TRUST_ANCHOR_UNCONSTRAINED-----
150302120000Z
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
SUCCESS
-----BEGIN VERIFY_RESULT-----
U1VDQ0VTUw==
-----END VERIFY_RESULT-----