blob: 052c39ba2e55b22bd9e8dfaa6a4cc4e062a6d276 [file] [log] [blame]
[Created by: generate-intermediate-lacks-signing-key-usage.py]
Certificate chain with 1 intermediate and a trusted root. The intermediate
contains a keyUsage extension, HOWEVER it does not contain the keyCertSign bit.
Hence validation is expected to fail.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a3:21:17:35:c0:77:f1:a3:51:77:11:45:3e:92:
5f:97:65:eb:99:cc:26:e2:8c:f8:4a:d8:3d:71:17:
a2:eb:6a:cf:2f:07:a8:fa:27:c1:f8:c5:50:22:42:
a2:6f:92:4b:67:c3:0c:a7:ec:35:87:05:ac:eb:e3:
27:cd:62:3d:c4:2e:80:f6:2a:af:31:05:c7:1b:0f:
3b:71:6d:90:77:0d:b4:48:e7:26:2e:4a:44:af:bb:
76:e0:62:ec:e6:61:cc:5b:61:ea:03:ce:4d:46:d0:
96:e2:d5:d9:67:6f:0c:f2:06:e3:9a:14:04:68:82:
88:d6:8b:c1:7f:fb:81:8c:e6:dc:88:20:f7:53:ef:
d5:56:5b:5e:00:b3:5b:e8:ce:d0:d2:6a:ed:b8:4a:
f2:4b:56:fb:63:75:d4:6b:a3:8a:d4:3f:e6:9e:29:
1b:a7:23:61:ba:f0:d6:19:fb:8c:ad:40:2f:7c:14:
36:0f:4b:f1:6e:f0:b8:6e:7d:cc:82:11:63:48:15:
2f:34:00:99:cd:be:b4:1a:be:d8:73:38:00:ac:c1:
09:41:a2:c4:ec:74:69:15:52:c4:45:2d:20:ff:b5:
ce:d0:41:be:a2:b2:4d:ef:a7:3b:f1:df:9d:78:1a:
9d:2c:6c:61:26:2e:f7:82:ab:50:76:6d:a3:d3:33:
46:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:3C:F4:24:9F:9C:4A:CB:16:AA:A4:8A:AB:DF:D7:9D:6D:BA:AC:FA
X509v3 Authority Key Identifier:
keyid:29:73:E8:7F:69:DE:63:14:43:C6:6D:55:6C:C2:AE:84:FA:D5:FC:8C
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
a7:dc:31:88:64:26:72:62:34:8d:3a:75:7a:71:d4:ae:7a:2c:
f4:2d:44:e9:e9:e8:c5:4d:79:b2:dc:12:ea:75:60:44:cb:6e:
df:22:47:d5:ae:f6:03:dc:c4:6b:cf:90:75:29:49:50:04:e0:
94:2a:b3:bf:d4:ae:e2:08:ad:52:22:65:91:33:09:79:cf:c9:
27:9b:52:dd:a8:0d:f5:21:b6:58:c4:5f:1b:79:72:69:7a:7b:
49:7d:64:67:d0:d6:1c:21:fe:e9:ae:39:1c:b4:3f:f2:f6:6d:
7e:30:15:76:a3:af:eb:43:c0:ed:f3:8a:bc:48:5c:47:fc:44:
09:da:7d:9a:20:f1:e2:1d:4d:40:34:0c:e1:68:16:9e:47:57:
1a:6a:19:e4:b2:6e:dd:7c:69:5f:b8:2b:bd:e7:cb:e4:9c:9c:
79:e1:a5:b3:82:a1:c9:5b:fd:73:d6:a8:1d:1d:d8:31:d6:37:
00:e9:7a:d2:a2:ee:c0:42:21:22:da:70:6e:a8:8c:fa:0c:24:
c9:70:4b:49:0a:c1:db:35:f2:71:d7:30:41:a7:6b:05:92:c6:
cd:8c:d4:de:c2:6b:aa:b8:70:d2:fa:cf:9a:01:af:34:80:95:
ad:ab:59:86:f2:56:6d:d8:43:95:24:e3:f7:7b:b9:83:89:ed:
e7:7a:2f:35
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjIRc1
wHfxo1F3EUU+kl+XZeuZzCbijPhK2D1xF6Lras8vB6j6J8H4xVAiQqJvkktnwwyn
7DWHBazr4yfNYj3ELoD2Kq8xBccbDztxbZB3DbRI5yYuSkSvu3bgYuzmYcxbYeoD
zk1G0Jbi1dlnbwzyBuOaFARogojWi8F/+4GM5tyIIPdT79VWW14As1voztDSau24
SvJLVvtjddRro4rUP+aeKRunI2G68NYZ+4ytQC98FDYPS/Fu8LhufcyCEWNIFS80
AJnNvrQavthzOACswQlBosTsdGkVUsRFLSD/tc7QQb6isk3vpzvx3514Gp0sbGEm
LveCq1B2baPTM0YHAgMBAAGjgekwgeYwHQYDVR0OBBYEFJU89CSfnErLFqqkiqvf
151tuqz6MB8GA1UdIwQYMBaAFClz6H9p3mMUQ8ZtVWzCroT61fyMMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAp9wxiGQmcmI0jTp1enHU
rnos9C1E6enoxU15stwS6nVgRMtu3yJH1a72A9zEa8+QdSlJUATglCqzv9Su4git
UiJlkTMJec/JJ5tS3agN9SG2WMRfG3lyaXp7SX1kZ9DWHCH+6a45HLQ/8vZtfjAV
dqOv60PA7fOKvEhcR/xECdp9miDx4h1NQDQM4WgWnkdXGmoZ5LJu3XxpX7grvefL
5JyceeGls4KhyVv9c9aoHR3YMdY3AOl60qLuwEIhItpwbqiM+gwkyXBLSQrB2zXy
cdcwQadrBZLGzYzU3sJrqrhw0vrPmgGvNICVratZhvJWbdhDlSTj93u5g4nt53ov
NQ==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cf:bd:56:f0:dc:36:bc:a8:05:9b:fd:e3:c1:86:
da:96:c5:0b:b0:7f:fd:e5:6d:f4:df:44:46:82:ed:
45:60:4b:5d:c6:27:5a:d8:f1:3c:28:a5:eb:3f:a9:
5f:bc:b2:a9:20:fe:09:fa:39:76:5f:2a:91:b2:ef:
c9:47:70:c9:d0:ce:66:57:25:d0:72:12:c5:2a:ab:
5c:bc:b3:9a:ba:c8:e9:cb:81:6a:16:f1:7d:a9:9f:
e8:9a:0a:47:29:53:34:f7:99:70:14:c6:63:4c:aa:
ba:96:7c:78:c4:11:d1:cc:3b:35:56:e8:7f:41:9c:
41:69:d2:b0:dd:36:00:ed:dd:a2:bd:e2:56:29:c5:
8d:4e:7b:71:fb:f5:a1:7b:37:df:d2:66:d4:fe:c8:
24:6d:a3:c4:43:e9:d3:3e:e3:08:78:95:e9:86:e3:
73:09:f9:04:fe:1a:25:19:5b:7c:a8:da:62:05:aa:
56:1b:2a:d4:33:ff:4f:a2:fe:34:90:ec:e9:94:f5:
0a:92:e9:b3:bf:c4:d3:78:80:0a:5e:4e:11:58:94:
66:a8:52:b8:6e:49:64:cb:45:ee:7c:46:80:d7:3d:
40:df:9e:69:54:ce:a5:7f:db:6b:73:42:c5:9c:6e:
7c:b6:9f:ac:b9:8c:cd:7f:da:00:7b:3b:c2:dd:4d:
44:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:73:E8:7F:69:DE:63:14:43:C6:6D:55:6C:C2:AE:84:FA:D5:FC:8C
X509v3 Authority Key Identifier:
keyid:77:B3:BD:49:4D:67:D0:7E:4F:67:C3:26:C7:1E:66:42:F9:6D:E4:08
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
ad:b2:08:36:77:a1:da:aa:e4:31:7d:a8:61:03:be:0a:86:a2:
15:3b:08:bb:c8:86:eb:f8:52:c0:63:27:db:5c:25:16:98:05:
b1:84:dc:12:74:ce:25:a6:2e:be:32:2c:1f:0a:04:4e:9e:bb:
a1:b6:34:ef:20:2d:a3:fe:cc:b3:40:2e:75:9c:2d:c3:c0:e7:
8e:aa:9f:18:60:a9:61:18:4f:a5:d8:3d:c7:d3:09:62:6c:b8:
5a:99:3b:34:70:7b:7d:61:cc:f8:c9:71:97:2c:59:96:d2:1a:
c5:4e:ce:df:65:cf:18:05:bd:9f:bc:86:ba:16:55:79:58:d8:
f7:32:44:b6:59:32:9f:5d:ef:04:25:2a:2d:54:36:9e:62:0f:
c4:df:1c:10:64:02:ba:64:f2:ea:3d:cc:5c:ea:2e:4d:72:fa:
e9:72:0f:77:af:5d:1e:32:b9:64:7c:c5:b2:77:36:64:e5:ba:
d0:a0:8c:97:7d:b3:76:6c:c1:15:70:f8:0c:50:b8:3c:d4:6c:
4f:33:32:f2:c8:b8:35:cd:80:a2:3a:49:55:ba:2e:5b:c9:9a:
b6:77:fb:0f:01:2e:72:21:bc:88:f6:e3:71:8c:68:59:f3:1b:
d8:e1:d3:e3:6c:15:5d:8d:82:a3:db:84:44:58:3e:2f:a9:88:
56:2a:a6:4b
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz71W8Nw2
vKgFm/3jwYbalsULsH/95W3030RGgu1FYEtdxida2PE8KKXrP6lfvLKpIP4J+jl2
XyqRsu/JR3DJ0M5mVyXQchLFKqtcvLOausjpy4FqFvF9qZ/omgpHKVM095lwFMZj
TKq6lnx4xBHRzDs1Vuh/QZxBadKw3TYA7d2iveJWKcWNTntx+/Whezff0mbU/sgk
baPEQ+nTPuMIeJXphuNzCfkE/holGVt8qNpiBapWGyrUM/9Pov40kOzplPUKkumz
v8TTeIAKXk4RWJRmqFK4bklky0XufEaA1z1A355pVM6lf9trc0LFnG58tp+suYzN
f9oAezvC3U1ExwIDAQABo4HLMIHIMB0GA1UdDgQWBBQpc+h/ad5jFEPGbVVswq6E
+tX8jDAfBgNVHSMEGDAWgBR3s71JTWfQfk9nwybHHmZC+W3kCDA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgWgMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AK2yCDZ3odqq5DF9qGEDvgqGohU7CLvIhuv4UsBjJ9tcJRaYBbGE3BJ0ziWmLr4y
LB8KBE6eu6G2NO8gLaP+zLNALnWcLcPA546qnxhgqWEYT6XYPcfTCWJsuFqZOzRw
e31hzPjJcZcsWZbSGsVOzt9lzxgFvZ+8hroWVXlY2PcyRLZZMp9d7wQlKi1UNp5i
D8TfHBBkArpk8uo9zFzqLk1y+ulyD3evXR4yuWR8xbJ3NmTlutCgjJd9s3ZswRVw
+AxQuDzUbE8zMvLIuDXNgKI6SVW6LlvJmrZ3+w8BLnIhvIj243GMaFnzG9jh0+Ns
FV2NgqPbhERYPi+piFYqpks=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b3:13:19:f8:ad:c0:ff:5e:86:19:9a:3c:7f:0c:
04:81:2c:bd:c4:ee:fe:6c:bb:b5:a2:ee:08:10:bd:
bb:b6:d1:6c:0d:e7:49:6a:45:0f:0f:46:2b:b6:49:
49:92:7d:c8:b8:81:c1:3f:70:80:39:8a:29:de:77:
f0:a3:3e:ef:8f:8d:9c:74:ca:05:c6:5f:12:fc:d4:
4f:47:64:5d:ea:4d:84:af:f0:d0:88:ff:58:98:ad:
7f:6f:c0:22:bc:8e:a4:44:7b:2c:d3:3e:08:45:2a:
13:20:90:1d:b6:0b:2c:4e:a4:40:c3:76:66:6f:eb:
5c:49:fc:1d:81:8e:a7:cc:a3:91:bd:6f:fa:22:73:
84:35:99:08:2c:3e:8e:0b:74:a6:16:79:b3:37:2f:
66:5c:b1:4c:55:76:af:65:9c:cc:e6:af:b0:8c:c3:
28:24:c9:a0:f2:b4:d0:74:d3:e0:72:af:0d:86:f0:
21:4a:9e:4a:9f:95:7b:7a:73:4c:a9:b5:0a:ac:23:
f7:63:64:88:fc:00:9b:69:23:33:1a:75:bd:6d:f6:
f2:62:c7:68:19:d0:d1:55:2c:6d:f4:41:d8:3b:79:
41:5f:44:97:b9:8f:5a:b4:0a:12:b9:94:0e:34:c7:
a7:93:cf:dd:f1:3d:bb:0f:11:33:fc:c8:c4:76:2d:
9e:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:B3:BD:49:4D:67:D0:7E:4F:67:C3:26:C7:1E:66:42:F9:6D:E4:08
X509v3 Authority Key Identifier:
keyid:77:B3:BD:49:4D:67:D0:7E:4F:67:C3:26:C7:1E:66:42:F9:6D:E4:08
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
5d:bb:5a:36:f5:74:9c:51:8c:7c:b3:e0:71:91:0d:51:59:45:
92:b8:3c:f1:0a:42:ac:c3:c7:9f:4e:2a:61:09:7d:46:27:c7:
a6:23:09:39:39:18:9e:78:3f:94:cf:d6:44:5e:8e:9f:c4:4e:
fd:b4:ab:4f:56:ea:90:6d:4d:51:88:55:e2:56:c0:03:14:a2:
99:d2:1d:67:03:75:6d:5c:a0:c5:5c:78:a6:c5:8e:96:6e:7a:
4f:a1:b0:4e:29:62:92:bc:44:88:a4:72:8d:64:16:da:ff:c4:
e8:4c:d3:eb:a6:03:85:eb:a8:42:ee:ae:c0:87:f2:43:41:05:
43:e2:d5:ad:b6:59:dd:59:51:6c:2b:77:f3:51:a9:e0:9b:3e:
ba:04:64:d3:f3:ce:59:5a:ad:b1:56:da:91:80:89:d9:62:81:
99:9c:a4:49:24:7a:bc:91:4e:ab:86:e6:0b:76:0d:34:2d:75:
fa:7b:13:f5:b3:52:22:c1:57:7c:cd:79:0c:2b:ba:8b:87:83:
52:59:5b:69:55:9d:c4:0a:98:b0:b0:dd:88:86:8c:28:c3:b2:
bd:35:85:b1:f0:78:6a:99:ac:63:52:08:5b:69:97:55:c0:87:
81:be:bd:09:7f:eb:56:a9:84:9f:f6:9c:df:f2:19:41:60:f1:
06:d1:77:38
-----BEGIN TRUST_ANCHOR_UNCONSTRAINED-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALMTGfitwP9ehhmaPH8M
BIEsvcTu/my7taLuCBC9u7bRbA3nSWpFDw9GK7ZJSZJ9yLiBwT9wgDmKKd538KM+
74+NnHTKBcZfEvzUT0dkXepNhK/w0Ij/WJitf2/AIryOpER7LNM+CEUqEyCQHbYL
LE6kQMN2Zm/rXEn8HYGOp8yjkb1v+iJzhDWZCCw+jgt0phZ5szcvZlyxTFV2r2Wc
zOavsIzDKCTJoPK00HTT4HKvDYbwIUqeSp+Ve3pzTKm1Cqwj92NkiPwAm2kjMxp1
vW328mLHaBnQ0VUsbfRB2Dt5QV9El7mPWrQKErmUDjTHp5PP3fE9uw8RM/zIxHYt
ns0CAwEAAaOByzCByDAdBgNVHQ4EFgQUd7O9SU1n0H5PZ8Mmxx5mQvlt5AgwHwYD
VR0jBBgwFoAUd7O9SU1n0H5PZ8Mmxx5mQvlt5AgwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBdu1o29XSc
UYx8s+BxkQ1RWUWSuDzxCkKsw8efTiphCX1GJ8emIwk5ORieeD+Uz9ZEXo6fxE79
tKtPVuqQbU1RiFXiVsADFKKZ0h1nA3VtXKDFXHimxY6WbnpPobBOKWKSvESIpHKN
ZBba/8ToTNPrpgOF66hC7q7Ah/JDQQVD4tWttlndWVFsK3fzUangmz66BGTT885Z
Wq2xVtqRgInZYoGZnKRJJHq8kU6rhuYLdg00LXX6exP1s1IiwVd8zXkMK7qLh4NS
WVtpVZ3ECpiwsN2Ihowow7K9NYWx8HhqmaxjUghbaZdVwIeBvr0Jf+tWqYSf9pzf
8hlBYPEG0Xc4
-----END TRUST_ANCHOR_UNCONSTRAINED-----
150302120000Z
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
FAIL
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----
keyCertSign bit is not set
-----BEGIN ERRORS-----
a2V5Q2VydFNpZ24gYml0IGlzIG5vdCBzZXQ=
-----END ERRORS-----