blob: bf23deb112e8f5f6efade4baee94f92b5f2f25b3 [file] [log] [blame]
[Created by: generate-intermediate-lacks-basic-constraints.py]
Certificate chain with 1 intermediate and a trusted root. The intermediate
lacks the basic constraints extension, and hence is expected to fail validation
(RFC 5280 requires v3 signing certificates have a BasicConstaints).
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ac:3c:48:cb:8e:9b:00:37:e3:06:36:23:5e:3c:
24:0b:d2:57:0e:52:8f:53:d0:48:ca:38:67:91:a7:
10:d3:35:2d:67:f4:ad:2c:9e:c1:ee:f5:6b:62:23:
34:03:32:76:29:96:fd:db:cc:a4:9a:d8:b6:97:c4:
a9:73:c1:a1:57:2f:cd:80:d1:d9:db:39:82:11:bb:
95:3e:1b:b3:1e:ac:e7:c0:67:f3:1e:cb:4f:d4:a6:
c7:01:32:c5:45:ca:53:ff:cf:46:e1:b3:4f:55:01:
ef:76:44:92:55:55:d8:a4:db:5c:80:8f:48:51:86:
6c:d9:b6:b7:5c:74:56:06:00:38:3f:d9:ee:c3:ae:
78:a0:57:ff:fa:41:02:14:63:00:bb:1f:98:9a:f5:
39:50:51:50:78:03:5d:13:a2:fd:a3:08:b0:ff:69:
ee:60:c8:af:1c:1e:8a:13:4b:0e:b9:48:29:92:f2:
95:0a:d9:85:2f:ff:17:ab:c7:6f:e0:32:d1:16:9e:
66:ae:81:87:b8:7e:70:ac:73:8c:67:de:dd:1a:e0:
0e:0e:bb:ab:bc:f5:ef:38:d9:37:49:71:d1:7c:e6:
64:f7:00:10:e4:83:ed:1e:58:05:44:89:f2:a9:a2:
1d:57:5c:b5:db:bc:55:39:35:d7:f3:a5:b8:28:d1:
45:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:25:C3:B0:61:AE:69:26:DE:05:F4:15:3C:58:B0:7C:6D:91:5C:5B
X509v3 Authority Key Identifier:
keyid:E5:AE:8F:CC:87:F7:B5:85:86:1E:4B:A6:CF:FC:B9:CA:10:C8:79:90
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
c5:3c:97:21:6a:dc:f8:0c:23:76:c2:4e:33:63:f4:7e:d1:61:
bd:f8:cf:6d:b5:ef:d6:f1:96:a0:84:07:42:ab:e2:34:90:3a:
95:2a:db:f6:19:28:bd:19:22:65:20:b0:25:b0:f0:ca:d0:d3:
44:41:fe:03:f2:9f:0c:df:02:dc:64:c6:47:13:1e:26:dd:6a:
5d:52:8a:fe:d3:0a:9a:d1:8c:a5:93:ec:1a:d4:d5:ad:ba:cd:
6b:c2:99:6b:04:b7:06:98:a8:53:dc:d9:97:97:da:ac:29:bb:
09:4a:25:ca:08:83:eb:ed:1f:a7:ae:28:fc:51:09:a9:e4:95:
f2:66:97:f2:97:48:9e:01:44:40:5b:4a:91:a5:ed:f9:86:6b:
fb:e2:47:c8:47:aa:ad:8d:aa:79:30:fb:4f:f1:a7:7c:c3:23:
b3:23:4d:15:a3:04:67:ff:26:b1:50:c0:5a:13:f4:8a:61:da:
98:a2:35:0e:ec:4f:2b:e7:e0:dc:29:0a:07:20:e4:22:97:b1:
da:0d:73:6f:32:03:f1:cd:4b:a2:7b:9b:c3:62:a8:dd:55:02:
57:6b:2f:a4:d6:46:20:bc:bd:f7:52:e7:44:8e:3d:2c:73:05:
55:ac:35:8b:af:39:32:a1:07:da:fd:bb:8c:bb:35:e0:e6:bb:
0c:49:1a:e4
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsPEjL
jpsAN+MGNiNePCQL0lcOUo9T0EjKOGeRpxDTNS1n9K0snsHu9WtiIzQDMnYplv3b
zKSa2LaXxKlzwaFXL82A0dnbOYIRu5U+G7MerOfAZ/Mey0/UpscBMsVFylP/z0bh
s09VAe92RJJVVdik21yAj0hRhmzZtrdcdFYGADg/2e7DrnigV//6QQIUYwC7H5ia
9TlQUVB4A10Tov2jCLD/ae5gyK8cHooTSw65SCmS8pUK2YUv/xerx2/gMtEWnmau
gYe4fnCsc4xn3t0a4A4Ou6u89e842TdJcdF85mT3ABDkg+0eWAVEifKpoh1XXLXb
vFU5Ndfzpbgo0UVdAgMBAAGjgekwgeYwHQYDVR0OBBYEFJ4lw7Bhrmkm3gX0FTxY
sHxtkVxbMB8GA1UdIwQYMBaAFOWuj8yH97WFhh5Lps/8ucoQyHmQMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAxTyXIWrc+AwjdsJOM2P0
ftFhvfjPbbXv1vGWoIQHQqviNJA6lSrb9hkovRkiZSCwJbDwytDTREH+A/KfDN8C
3GTGRxMeJt1qXVKK/tMKmtGMpZPsGtTVrbrNa8KZawS3BpioU9zZl5farCm7CUol
ygiD6+0fp64o/FEJqeSV8maX8pdIngFEQFtKkaXt+YZr++JHyEeqrY2qeTD7T/Gn
fMMjsyNNFaMEZ/8msVDAWhP0imHamKI1DuxPK+fg3CkKByDkIpex2g1zbzID8c1L
onubw2Ko3VUCV2svpNZGILy991LnRI49LHMFVaw1i685MqEH2v27jLs14Oa7DEka
5A==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c5:bf:ce:e4:8e:d2:b9:92:d9:78:eb:36:78:b0:
d4:2b:a9:22:cd:83:57:58:a2:0f:5b:e5:c8:e4:f4:
d6:41:2c:1f:5a:08:6b:12:7b:f6:8f:39:44:0f:f4:
d2:3e:56:cd:63:87:13:b1:88:1a:da:f1:13:2f:4a:
d0:76:78:61:6f:71:08:e0:0c:a2:9a:6a:6b:c7:8c:
81:6f:e1:ea:22:09:83:fd:09:53:78:f0:1d:4e:f7:
b3:17:17:7e:fc:dc:a5:21:83:7f:46:8c:81:af:07:
68:91:14:54:43:bf:d2:85:fa:58:91:61:cc:87:bc:
8d:b3:97:c1:a5:42:de:73:49:29:c9:0c:48:92:15:
d9:0e:6b:3d:4a:4c:50:c6:8b:a5:69:6c:b2:2f:02:
9e:0a:4f:27:1a:d0:1c:0e:b8:d9:fc:a7:62:92:69:
0c:40:ec:49:3b:59:a5:38:fc:8e:cb:2f:91:9f:09:
76:2c:b8:d4:25:7e:83:71:56:89:29:2c:a3:d8:bf:
95:70:99:f5:cb:20:df:fa:fd:b8:89:e6:42:82:a9:
01:d8:e0:42:f2:d2:c3:78:26:cc:fb:05:30:90:a0:
83:bd:ce:b3:6d:bb:01:ae:84:aa:71:4f:d9:37:38:
7e:07:35:6f:ed:88:c7:52:17:38:ac:c6:44:b5:fe:
4a:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:AE:8F:CC:87:F7:B5:85:86:1E:4B:A6:CF:FC:B9:CA:10:C8:79:90
X509v3 Authority Key Identifier:
keyid:0F:59:3C:0D:B8:B1:5B:C5:96:9D:B4:E8:4F:CF:4B:A6:B3:AD:33:E7
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
12:11:99:0b:59:f6:cd:61:bf:99:bc:25:83:b2:e7:4b:42:ec:
ee:1d:03:3b:cf:5d:76:95:19:2c:d1:41:d0:f6:5c:08:9d:6f:
66:50:07:ea:07:fa:88:01:96:05:39:8d:6a:e0:34:27:1e:a2:
80:c2:9b:91:ba:17:35:49:ef:8c:42:9d:59:ac:42:3f:52:fa:
ef:5f:51:aa:3a:dc:b6:ee:d6:8c:20:89:de:36:7d:a2:e2:ff:
eb:13:9d:dc:99:d1:62:33:c5:82:19:12:18:d4:94:5b:5f:c4:
f7:74:55:f0:be:fa:0e:4d:7a:01:7e:53:b3:2d:4d:09:b6:7b:
8e:0a:7c:3e:b9:39:a1:ee:b6:3d:3f:e8:4a:b0:1d:e4:ee:7b:
96:75:19:b5:71:6a:ae:e0:af:14:59:9f:fc:2b:13:dd:70:c9:
da:dd:a9:3c:14:3e:f1:69:3b:ce:42:b4:c5:3f:12:f8:37:eb:
bf:0c:9d:48:a4:6e:4c:9f:e7:3c:4f:a5:91:32:8b:7f:2e:5f:
e7:bf:bc:f4:a0:5f:43:f7:3a:1f:78:a3:0e:8e:c0:46:16:9e:
58:6a:0f:7e:e0:69:af:94:ec:bc:3a:7f:8b:44:ef:19:f8:14:
16:a4:1d:bd:49:c6:96:da:ba:11:a8:bc:36:11:c7:ad:ab:e0:
a5:e2:05:77
-----BEGIN CERTIFICATE-----
MIIDXDCCAkSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb/O5I7S
uZLZeOs2eLDUK6kizYNXWKIPW+XI5PTWQSwfWghrEnv2jzlED/TSPlbNY4cTsYga
2vETL0rQdnhhb3EI4Ayimmprx4yBb+HqIgmD/QlTePAdTvezFxd+/NylIYN/RoyB
rwdokRRUQ7/ShfpYkWHMh7yNs5fBpULec0kpyQxIkhXZDms9SkxQxoulaWyyLwKe
Ck8nGtAcDrjZ/KdikmkMQOxJO1mlOPyOyy+Rnwl2LLjUJX6DcVaJKSyj2L+VcJn1
yyDf+v24ieZCgqkB2OBC8tLDeCbM+wUwkKCDvc6zbbsBroSqcU/ZNzh+BzVv7YjH
Uhc4rMZEtf5KswIDAQABo4G6MIG3MB0GA1UdDgQWBBTlro/Mh/e1hYYeS6bP/LnK
EMh5kDAfBgNVHSMEGDAWgBQPWTwNuLFbxZadtOhPz0ums60z5zA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQASEZkLWfbNYb+ZvCWDsudL
QuzuHQM7z112lRks0UHQ9lwInW9mUAfqB/qIAZYFOY1q4DQnHqKAwpuRuhc1Se+M
Qp1ZrEI/UvrvX1GqOty27taMIIneNn2i4v/rE53cmdFiM8WCGRIY1JRbX8T3dFXw
vvoOTXoBflOzLU0JtnuOCnw+uTmh7rY9P+hKsB3k7nuWdRm1cWqu4K8UWZ/8KxPd
cMna3ak8FD7xaTvOQrTFPxL4N+u/DJ1IpG5Mn+c8T6WRMot/Ll/nv7z0oF9D9zof
eKMOjsBGFp5Yag9+4GmvlOy8On+LRO8Z+BQWpB29ScaW2roRqLw2Ecetq+Cl4gV3
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:da:da:10:95:78:5c:73:c8:43:66:41:23:8e:
3e:3f:a1:00:57:de:60:d9:2a:84:57:85:08:c6:60:
79:65:2d:51:c9:93:c1:e7:fa:5b:1a:eb:6f:79:44:
d5:71:f6:bd:f4:8c:86:0b:d9:e3:49:dd:a6:f3:5d:
48:8a:25:4a:2a:20:80:c1:83:da:b8:c5:e0:20:de:
40:67:bc:22:38:51:72:df:e3:b7:82:aa:47:ed:c9:
74:a0:82:97:71:35:a8:2f:73:01:86:56:43:e8:88:
42:f9:cc:9b:69:71:09:45:8c:39:82:14:db:2e:08:
17:85:96:c5:69:46:73:55:9b:d8:12:4b:5f:32:70:
cc:52:4e:7e:77:94:78:0e:f4:dd:40:ff:d7:3b:cc:
f7:df:a9:a7:a1:a3:a3:4e:25:c8:e4:68:1c:e3:90:
c2:c5:bb:66:3a:c1:8b:e3:1b:df:b9:8c:0c:9a:3a:
6a:a9:8e:8d:b3:54:49:14:af:28:51:29:b2:5b:7b:
68:34:4c:f3:bb:a5:5d:51:0b:99:6b:b1:fe:b3:16:
d1:ef:2f:18:ee:8a:f8:05:9b:df:0d:92:3a:e0:62:
7b:1d:bc:fb:60:45:ce:f9:e0:46:f6:16:39:08:a7:
68:b5:da:e5:9f:7c:db:07:15:dc:47:e6:5d:a3:8c:
06:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:59:3C:0D:B8:B1:5B:C5:96:9D:B4:E8:4F:CF:4B:A6:B3:AD:33:E7
X509v3 Authority Key Identifier:
keyid:0F:59:3C:0D:B8:B1:5B:C5:96:9D:B4:E8:4F:CF:4B:A6:B3:AD:33:E7
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
3e:f9:8e:c2:1a:d7:ea:b1:71:03:6d:6d:a9:de:e9:45:1d:ab:
a3:26:4c:95:4b:15:ad:9d:be:94:aa:20:57:83:b2:32:96:06:
c1:37:9a:6a:18:41:ad:13:3b:52:23:a1:0a:1f:fc:8c:fa:3b:
88:43:d1:5e:1e:59:80:06:a5:0a:5e:95:66:3d:3d:cb:4a:b4:
38:77:a6:fa:04:29:e8:c1:b8:b5:f7:49:07:ae:53:dd:62:64:
3c:70:4c:64:b5:54:84:4d:04:3f:6d:86:80:9d:e2:2b:a4:88:
1c:38:74:fc:83:c3:60:c8:86:64:f5:d7:29:f7:e4:8e:02:a9:
47:a6:e1:46:0f:c4:b5:22:59:f1:a7:1b:ae:86:7c:70:32:d4:
8c:19:7f:a7:6d:82:0b:f3:42:37:02:b5:3d:f3:41:d5:7d:67:
97:80:78:9a:e2:06:54:18:bc:b0:7f:5d:77:15:bb:89:cb:4d:
29:0c:02:ab:b3:b7:40:44:3a:2c:4a:2e:54:43:7f:ff:b0:5f:
da:c5:5f:38:0e:ce:4e:18:ed:f3:f9:99:f0:7c:01:69:ca:0e:
15:85:1e:ff:b7:2d:04:6c:3b:5b:f9:7f:70:bc:0c:ac:16:b7:
d1:b4:f1:74:84:ad:73:e7:9f:c7:c9:ea:93:d9:f1:c6:a7:59:
bf:92:4e:ec
-----BEGIN TRUST_ANCHOR_UNCONSTRAINED-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPa2hCVeFxzyENmQSOO
Pj+hAFfeYNkqhFeFCMZgeWUtUcmTwef6Wxrrb3lE1XH2vfSMhgvZ40ndpvNdSIol
SioggMGD2rjF4CDeQGe8IjhRct/jt4KqR+3JdKCCl3E1qC9zAYZWQ+iIQvnMm2lx
CUWMOYIU2y4IF4WWxWlGc1Wb2BJLXzJwzFJOfneUeA703UD/1zvM99+pp6Gjo04l
yORoHOOQwsW7ZjrBi+Mb37mMDJo6aqmOjbNUSRSvKFEpslt7aDRM87ulXVELmWux
/rMW0e8vGO6K+AWb3w2SOuBiex28+2BFzvngRvYWOQinaLXa5Z982wcV3EfmXaOM
BnsCAwEAAaOByzCByDAdBgNVHQ4EFgQUD1k8DbixW8WWnbToT89LprOtM+cwHwYD
VR0jBBgwFoAUD1k8DbixW8WWnbToT89LprOtM+cwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA++Y7CGtfq
sXEDbW2p3ulFHaujJkyVSxWtnb6UqiBXg7IylgbBN5pqGEGtEztSI6EKH/yM+juI
Q9FeHlmABqUKXpVmPT3LSrQ4d6b6BCnowbi190kHrlPdYmQ8cExktVSETQQ/bYaA
neIrpIgcOHT8g8NgyIZk9dcp9+SOAqlHpuFGD8S1IlnxpxuuhnxwMtSMGX+nbYIL
80I3ArU980HVfWeXgHia4gZUGLywf113FbuJy00pDAKrs7dARDosSi5UQ3//sF/a
xV84Ds5OGO3z+ZnwfAFpyg4VhR7/ty0EbDtb+X9wvAysFrfRtPF0hK1z55/HyeqT
2fHGp1m/kk7s
-----END TRUST_ANCHOR_UNCONSTRAINED-----
150302120000Z
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
FAIL
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----
Does not have Basic Constraints
-----BEGIN ERRORS-----
RG9lcyBub3QgaGF2ZSBCYXNpYyBDb25zdHJhaW50cw==
-----END ERRORS-----