blob: 4c5e49c2f4ea9f13eca6d9dddf5b665a035c520b [file] [log] [blame]
[Created by: generate-intermediate-signed-with-md5.py]
Certificate chain with 1 intermediate and a trusted root. The intermediate
however is signed using the MD5 hash. Verification is expected to fail because
MD5 is too weak.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:20:16:45:28:21:d2:a5:63:de:24:67:38:92:
4c:f1:a4:c8:45:30:94:b8:aa:5f:7c:1a:3f:6c:28:
2f:31:7e:a6:bb:af:45:46:68:a2:f2:5d:a4:94:4b:
9b:c9:4c:e0:5d:be:ce:34:5e:08:df:a7:50:c0:30:
94:98:0f:52:ec:ec:91:23:91:bc:24:60:65:9d:b7:
74:38:7f:9d:d4:20:94:5c:1b:6f:71:82:e1:b5:98:
95:3c:33:48:7e:6a:c6:e0:59:e6:a2:c5:0b:95:78:
0e:7e:e3:a8:16:93:0a:43:df:ec:d7:03:c0:f1:60:
13:45:9d:52:b5:37:66:03:79:78:8f:d6:53:87:7c:
dd:50:8a:16:54:33:bb:62:f2:42:a0:fa:49:c3:c1:
e2:c4:c8:d7:db:49:16:43:c8:69:0e:88:e2:f1:2d:
c6:59:c6:5a:e3:d8:57:e9:a7:10:48:73:c8:c8:f7:
a1:6d:57:25:b3:04:43:05:6a:90:1d:87:36:67:7f:
3e:97:eb:5b:66:03:3a:10:56:32:1d:04:cc:43:90:
82:9c:ed:d2:b4:4d:ba:d0:ac:23:26:f9:25:5e:63:
6c:e1:83:07:2b:ec:38:9a:d1:82:bc:38:a0:64:58:
19:c2:77:3c:e9:bd:20:d5:45:43:8d:ee:51:ba:98:
95:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:D1:A4:40:CE:81:CA:14:BD:C9:25:39:E5:F7:21:B6:24:90:61:1D
X509v3 Authority Key Identifier:
keyid:60:72:15:4D:8C:1A:E1:CD:8F:EF:00:AA:9B:37:4C:00:57:29:66:15
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
6f:98:46:c6:44:e8:ba:f3:06:49:81:74:87:9e:d5:a1:0c:54:
66:56:88:7d:89:5e:cd:2f:1a:06:af:d8:c7:ed:9e:ad:8c:7a:
b0:3d:eb:93:3a:59:49:89:ba:ec:27:15:0e:08:d0:cd:ff:40:
57:3f:c2:77:c1:08:cb:5d:4f:40:ec:20:b3:96:9b:43:fa:96:
00:42:cd:dc:db:27:3e:98:fd:8a:45:80:ef:5c:86:20:12:a5:
83:b3:74:66:09:57:1c:4d:7e:0e:00:c4:57:dc:86:c0:2b:db:
fb:3a:77:1c:5f:7d:8f:ae:47:16:96:85:48:a7:95:4c:bc:b1:
18:09:34:c4:78:76:57:46:db:1e:b7:12:16:78:54:ec:2d:eb:
44:00:54:48:1d:6b:b0:d1:98:a8:58:ab:3d:f2:f2:5b:06:44:
d1:d5:d6:f5:d1:f2:c4:46:93:9a:9b:29:a8:9f:91:3d:e5:16:
d6:d6:ba:55:76:1c:2d:90:76:2f:92:a1:e4:52:a4:f3:f3:2a:
3c:b3:11:78:f6:9a:ce:17:c3:8f:da:57:fc:a2:02:06:59:9f:
18:10:ba:45:b4:0d:3d:64:aa:6c:ae:5b:a6:c8:f3:8b:d0:b0:
b6:1b:4a:cc:6c:fe:f9:d6:e4:15:da:28:1b:22:b3:ce:b4:6f:
bf:39:9b:34
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/IBZF
KCHSpWPeJGc4kkzxpMhFMJS4ql98Gj9sKC8xfqa7r0VGaKLyXaSUS5vJTOBdvs40
Xgjfp1DAMJSYD1Ls7JEjkbwkYGWdt3Q4f53UIJRcG29xguG1mJU8M0h+asbgWeai
xQuVeA5+46gWkwpD3+zXA8DxYBNFnVK1N2YDeXiP1lOHfN1QihZUM7ti8kKg+knD
weLEyNfbSRZDyGkOiOLxLcZZxlrj2FfppxBIc8jI96FtVyWzBEMFapAdhzZnfz6X
61tmAzoQVjIdBMxDkIKc7dK0TbrQrCMm+SVeY2zhgwcr7Dia0YK8OKBkWBnCdzzp
vSDVRUON7lG6mJVlAgMBAAGjgekwgeYwHQYDVR0OBBYEFH7RpEDOgcoUvcklOeX3
IbYkkGEdMB8GA1UdIwQYMBaAFGByFU2MGuHNj+8Aqps3TABXKWYVMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAb5hGxkTouvMGSYF0h57V
oQxUZlaIfYlezS8aBq/Yx+2erYx6sD3rkzpZSYm67CcVDgjQzf9AVz/Cd8EIy11P
QOwgs5abQ/qWAELN3NsnPpj9ikWA71yGIBKlg7N0ZglXHE1+DgDEV9yGwCvb+zp3
HF99j65HFpaFSKeVTLyxGAk0xHh2V0bbHrcSFnhU7C3rRABUSB1rsNGYqFirPfLy
WwZE0dXW9dHyxEaTmpspqJ+RPeUW1ta6VXYcLZB2L5Kh5FKk8/MqPLMRePaazhfD
j9pX/KICBlmfGBC6RbQNPWSqbK5bpsjzi9CwthtKzGz++dbkFdooGyKzzrRvvzmb
NA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:04:ea:a3:74:51:66:9f:f2:6b:5d:9a:3d:96:
bd:5c:b3:9e:9c:df:64:42:c7:85:1e:56:7a:3e:d5:
3d:c9:f3:17:46:a3:a0:98:f6:80:df:f4:54:ca:e2:
d5:e9:15:b8:3a:19:4e:1e:26:67:00:80:96:d5:bc:
1e:af:a4:f3:23:de:15:72:89:1f:50:3f:8c:e1:62:
6d:e1:0d:42:9f:67:76:aa:f5:20:b4:4d:58:fd:3d:
63:57:bc:9c:23:fa:db:31:0c:09:37:0d:7c:f4:d1:
06:c4:7f:b1:22:d1:df:05:43:a4:12:94:e2:02:ee:
b7:ae:cd:48:04:00:39:4f:dc:40:f7:62:a7:d9:3e:
81:9c:5d:98:6f:8d:0f:da:b6:0e:ad:1d:5b:ff:b6:
50:90:ab:55:c7:2a:db:d8:67:6c:0f:87:68:8a:2a:
79:24:a7:64:d8:c1:72:15:ff:6e:ca:31:f1:92:42:
2e:78:a5:ce:2b:07:8a:4b:a0:80:88:14:76:d6:e1:
ad:b2:75:9d:79:9b:d6:c2:cc:ac:74:67:d2:5b:90:
6f:c4:8f:50:4c:ce:50:89:a4:69:ab:ca:d4:d1:a4:
47:ae:0d:46:f3:5f:28:91:66:27:02:f0:7a:da:aa:
80:be:c2:e7:83:89:06:49:de:9d:60:03:a3:fc:11:
e2:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:72:15:4D:8C:1A:E1:CD:8F:EF:00:AA:9B:37:4C:00:57:29:66:15
X509v3 Authority Key Identifier:
keyid:60:B4:95:7F:EA:F1:29:B2:E9:9D:64:83:A9:C8:A3:49:6F:3E:18:53
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
0b:ea:a8:1e:f0:70:66:9b:e0:48:9a:fa:62:3b:80:b0:9f:41:
e3:60:35:9c:b4:6e:0c:32:17:9d:38:72:b3:de:69:45:69:b1:
4b:87:2a:e1:68:59:d6:b9:03:c4:88:7e:e0:77:26:3d:c5:ad:
55:3f:13:bc:13:42:0f:9c:be:f7:70:3e:19:79:96:3b:b8:12:
d6:8a:a2:04:d2:17:ee:bd:78:db:cc:9f:54:87:26:89:61:c9:
f1:3e:8f:2f:19:55:49:05:c0:35:b2:ea:c4:ec:9a:11:d6:88:
f2:4b:ad:68:0a:32:75:42:42:a0:6a:51:cb:0f:63:32:20:4a:
59:89:e5:f9:61:ee:63:80:e0:71:03:d1:58:ea:d6:31:24:11:
ef:03:44:02:76:86:67:99:a5:71:18:a8:4e:be:fe:78:63:20:
67:b1:5a:1d:52:2a:48:fb:8a:ee:99:af:8f:57:37:43:67:1c:
54:00:d0:50:8c:ce:18:e0:ef:7b:cc:e1:13:d1:cc:3f:ea:3c:
ce:cf:07:fc:6e:4a:09:b1:1c:54:70:a4:21:47:5d:70:7d:b4:
04:3e:30:50:1d:86:2a:a6:67:3f:bd:b0:cb:57:e0:26:81:45:
c0:9a:86:8c:e6:ab:d0:87:9a:05:ee:2c:c5:eb:c6:c7:c0:94:
68:4a:48:20
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwTqo3RR
Zp/ya12aPZa9XLOenN9kQseFHlZ6PtU9yfMXRqOgmPaA3/RUyuLV6RW4OhlOHiZn
AICW1bwer6TzI94VcokfUD+M4WJt4Q1Cn2d2qvUgtE1Y/T1jV7ycI/rbMQwJNw18
9NEGxH+xItHfBUOkEpTiAu63rs1IBAA5T9xA92Kn2T6BnF2Yb40P2rYOrR1b/7ZQ
kKtVxyrb2GdsD4doiip5JKdk2MFyFf9uyjHxkkIueKXOKweKS6CAiBR21uGtsnWd
eZvWwsysdGfSW5BvxI9QTM5QiaRpq8rU0aRHrg1G818okWYnAvB62qqAvsLng4kG
Sd6dYAOj/BHiKwIDAQABo4HLMIHIMB0GA1UdDgQWBBRgchVNjBrhzY/vAKqbN0wA
VylmFTAfBgNVHSMEGDAWgBRgtJV/6vEpsumdZIOpyKNJbz4YUzA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEB
AAvqqB7wcGab4Eia+mI7gLCfQeNgNZy0bgwyF504crPeaUVpsUuHKuFoWda5A8SI
fuB3Jj3FrVU/E7wTQg+cvvdwPhl5lju4EtaKogTSF+69eNvMn1SHJolhyfE+jy8Z
VUkFwDWy6sTsmhHWiPJLrWgKMnVCQqBqUcsPYzIgSlmJ5flh7mOA4HED0Vjq1jEk
Ee8DRAJ2hmeZpXEYqE6+/nhjIGexWh1SKkj7iu6Zr49XN0NnHFQA0FCMzhjg73vM
4RPRzD/qPM7PB/xuSgmxHFRwpCFHXXB9tAQ+MFAdhiqmZz+9sMtX4CaBRcCahozm
q9CHmgXuLMXrxsfAlGhKSCA=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d3:ee:d0:8d:92:7d:ce:5f:4e:f2:0c:55:4d:bd:
2f:b3:ff:6a:ab:2c:28:5e:c6:bd:49:ae:80:f0:e6:
2c:30:e8:0a:e7:2b:3f:d7:1e:a8:6d:f1:c4:46:0e:
f5:1d:3c:e1:05:5d:a9:91:69:57:43:22:33:bc:c1:
18:6e:b1:48:1f:13:64:18:03:c1:63:14:97:21:5a:
65:49:52:6a:57:9d:ad:7b:f6:06:6e:f0:af:a0:6d:
2c:6d:53:9a:ad:82:56:2a:95:e1:a7:5a:a3:b4:77:
c7:d7:97:39:73:c8:de:a8:19:09:ba:69:69:01:25:
e6:68:e3:d0:5a:84:5d:3e:f0:8a:3b:c6:31:26:34:
38:ed:8d:40:80:0f:5f:84:d7:e5:4f:24:ca:ff:c1:
48:f5:74:3a:b3:1e:9f:b5:ef:bb:24:cb:91:f3:81:
47:bd:80:eb:ef:dd:45:39:fd:d2:c3:be:3e:ba:e6:
5b:09:e0:88:98:27:91:e5:9a:5b:88:d6:5e:17:7f:
08:e2:2d:f4:3c:3f:08:54:7b:10:53:f4:7d:ef:67:
04:6f:d6:74:08:d1:b9:03:2d:89:5d:ca:cf:de:3d:
d0:e5:e2:e5:2a:7f:21:29:23:7e:b2:75:d9:ea:5c:
73:45:7e:33:83:b6:62:5e:01:3b:dd:11:99:c7:c5:
7b:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:B4:95:7F:EA:F1:29:B2:E9:9D:64:83:A9:C8:A3:49:6F:3E:18:53
X509v3 Authority Key Identifier:
keyid:60:B4:95:7F:EA:F1:29:B2:E9:9D:64:83:A9:C8:A3:49:6F:3E:18:53
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
49:67:dc:58:22:e3:ee:0a:e8:1a:3d:38:1a:13:dd:d7:e0:45:
67:69:b1:44:49:e2:96:15:86:94:8b:d4:fb:8a:94:d5:22:39:
20:48:97:d2:09:a7:16:4b:40:f3:3c:37:3e:e8:81:28:08:cf:
4a:2c:3e:79:d0:0d:90:4d:63:a5:63:ce:24:75:03:41:7f:79:
17:3f:4d:df:60:98:a5:a3:c1:39:14:4b:7e:b7:0d:8a:9f:d6:
a4:0b:0c:34:c9:fe:3b:c0:89:9e:5e:27:3d:d8:3d:d5:28:46:
e4:b9:f5:28:39:b4:cf:1a:ea:fd:d3:14:bd:8b:87:78:35:80:
a1:bb:4e:59:cc:2a:f7:f7:40:bc:b7:75:cc:35:f5:3d:95:bb:
32:7a:0c:9d:67:c7:ff:b0:da:e6:05:e6:12:d5:1e:19:3c:69:
5d:d8:08:5e:bc:fe:df:ab:36:a4:70:3f:2c:6c:1c:8e:e3:f1:
0b:b3:22:e4:5b:fd:86:23:7a:bd:9b:b9:56:08:e3:a2:6d:2b:
e3:cb:42:93:6f:c8:5f:57:bd:66:41:51:8a:5d:4b:7e:0f:36:
82:61:8e:e0:4e:2c:9a:7a:45:e3:21:1c:b8:86:cf:a0:35:1b:
bf:55:36:86:05:1c:df:b0:e2:85:3b:a4:c7:7c:69:f9:56:b3:
20:28:e4:c2
-----BEGIN TRUST_ANCHOR_UNCONSTRAINED-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANPu0I2Sfc5fTvIMVU29
L7P/aqssKF7GvUmugPDmLDDoCucrP9ceqG3xxEYO9R084QVdqZFpV0MiM7zBGG6x
SB8TZBgDwWMUlyFaZUlSaledrXv2Bm7wr6BtLG1Tmq2CViqV4adao7R3x9eXOXPI
3qgZCbppaQEl5mjj0FqEXT7wijvGMSY0OO2NQIAPX4TX5U8kyv/BSPV0OrMen7Xv
uyTLkfOBR72A6+/dRTn90sO+PrrmWwngiJgnkeWaW4jWXhd/COIt9Dw/CFR7EFP0
fe9nBG/WdAjRuQMtiV3Kz9490OXi5Sp/ISkjfrJ12epcc0V+M4O2Yl4BO90RmcfF
e2UCAwEAAaOByzCByDAdBgNVHQ4EFgQUYLSVf+rxKbLpnWSDqcijSW8+GFMwHwYD
VR0jBBgwFoAUYLSVf+rxKbLpnWSDqcijSW8+GFMwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBJZ9xYIuPu
CugaPTgaE93X4EVnabFESeKWFYaUi9T7ipTVIjkgSJfSCacWS0DzPDc+6IEoCM9K
LD550A2QTWOlY84kdQNBf3kXP03fYJilo8E5FEt+tw2Kn9akCww0yf47wImeXic9
2D3VKEbkufUoObTPGur90xS9i4d4NYChu05ZzCr390C8t3XMNfU9lbsyegydZ8f/
sNrmBeYS1R4ZPGld2AhevP7fqzakcD8sbByO4/ELsyLkW/2GI3q9m7lWCOOibSvj
y0KTb8hfV71mQVGKXUt+DzaCYY7gTiyaekXjIRy4hs+gNRu/VTaGBRzfsOKFO6TH
fGn5VrMgKOTC
-----END TRUST_ANCHOR_UNCONSTRAINED-----
150302120000Z
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
FAIL
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----
Invalid or unsupported signature algorithm
-----BEGIN ERRORS-----
SW52YWxpZCBvciB1bnN1cHBvcnRlZCBzaWduYXR1cmUgYWxnb3JpdGht
-----END ERRORS-----