| [Created by: generate-key-rollover.py] |
| |
| A certificate tree with two self-signed root certificates(oldroot, newroot), |
| and a third root certificate (newrootrollover) which has the same key as newroot |
| but is signed by oldroot, all with the same subject and issuer. |
| There are two intermediates with the same key, subject and issuer |
| (oldintermediate signed by oldroot, and newintermediate signed by newroot). |
| The target certificate is signed by the intermediate key. |
| |
| |
| In graphical form: |
| |
| oldroot-------->newrootrollover newroot |
| | | | |
| v v v |
| oldintermediate newintermediate |
| | | |
| +------------+-------------+ |
| | |
| v |
| target |
| |
| |
| Several chains are output: |
| key-rollover-oldchain.pem: |
| target<-oldintermediate<-oldroot |
| key-rollover-rolloverchain.pem: |
| target<-newintermediate<-newrootrollover<-oldroot |
| key-rollover-longrolloverchain.pem: |
| target<-newintermediate<-newroot<-newrootrollover<-oldroot |
| key-rollover-newchain.pem: |
| target<-newintermediate<-newroot |
| |
| All of these chains should verify successfully. |
| |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:d0:14:31:90:c4:c6:d0:b9:10:9e:e4:7a:e2:bc: |
| 16:ab:d2:5e:d7:3d:00:11:bf:25:0b:32:17:57:c4: |
| fb:f6:60:0d:5a:7c:43:08:88:e6:35:f7:39:0f:dc: |
| d7:ef:22:18:52:5b:de:27:35:10:93:ab:c0:ae:98: |
| 1b:e1:c7:40:a8:be:84:2a:e6:69:7c:c4:68:1e:c4: |
| 0d:29:97:55:12:fb:30:86:a3:8f:03:0c:d4:4b:22: |
| 76:ac:a8:db:fd:20:4c:46:ea:21:9b:59:4f:ea:9c: |
| 20:6f:ff:e1:7c:7d:64:5c:4b:91:4d:ac:56:1d:19: |
| 12:6c:af:f2:99:40:21:9d:06:b9:a2:90:2c:7b:bc: |
| af:fe:c0:40:a1:06:89:62:f3:f3:fd:a0:07:61:aa: |
| c2:f9:e1:0e:13:96:92:ac:53:ba:ed:a5:36:c9:b9: |
| 04:e7:13:67:bc:0e:63:dc:22:29:53:e2:e3:59:ab: |
| 5c:25:cd:d9:fb:46:4e:91:70:dd:41:4b:35:87:a4: |
| fd:2c:66:be:75:7e:03:e9:12:61:66:cb:19:88:a1: |
| 61:b7:13:b4:ab:51:a6:d5:58:9c:db:8c:a2:1a:da: |
| c3:6f:cb:b6:b1:65:d8:a3:a3:d1:87:d8:b9:bb:b8: |
| c1:83:f1:83:38:2a:fd:a3:f6:a6:59:f2:27:f1:e3: |
| 50:29 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 01:D0:19:F4:6B:86:BC:17:3B:FB:74:95:0F:53:BD:BD:4E:CA:10:D6 |
| X509v3 Authority Key Identifier: |
| keyid:D3:97:C6:F7:B9:E5:17:69:6D:78:39:77:3A:0A:AD:32:2D:40:AC:07 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 0e:b6:ad:85:34:3d:cf:9c:2f:8c:e7:90:80:33:f6:12:99:40: |
| 6d:89:7b:5c:08:c9:a9:fc:40:24:1e:14:ac:6c:6a:11:aa:3e: |
| ea:c1:19:32:75:67:26:fe:c0:f9:55:e9:b6:04:74:c9:e3:22: |
| 59:3a:06:5a:5f:25:6d:1d:df:48:62:a4:ee:d0:87:df:20:9d: |
| 9c:95:aa:4e:77:05:28:e6:66:ac:ae:23:e4:74:df:5a:b4:21: |
| e7:3d:0f:95:61:84:11:7e:d8:72:66:dd:85:c7:41:fe:44:12: |
| da:4c:c7:1b:ab:7d:4b:3d:c4:38:2d:b9:54:8a:26:1e:76:1b: |
| f6:0b:8a:e9:fa:9f:0a:e6:cc:6d:c5:55:f1:a5:29:20:42:05: |
| d4:5a:4f:27:ab:b6:e4:c4:ea:4d:8b:97:53:67:03:75:32:1f: |
| 9d:1e:b8:72:e1:c4:5a:09:15:d7:ce:a3:59:ed:cc:4d:0f:ea: |
| c0:1d:57:1a:43:d7:7a:63:86:b0:b8:5c:4f:34:29:a4:be:90: |
| c4:6b:39:20:c9:25:96:7d:a1:cc:ee:f7:57:04:69:d7:21:66: |
| 1d:cc:4e:6c:10:1a:6e:87:11:f3:e3:ae:9e:5b:64:04:ee:ac: |
| c6:0a:24:80:e4:0a:0e:89:49:9d:0f:1d:74:b2:f6:db:7e:25: |
| a1:d0:6e:7e |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQFDGQ |
| xMbQuRCe5HrivBar0l7XPQARvyULMhdXxPv2YA1afEMIiOY19zkP3NfvIhhSW94n |
| NRCTq8CumBvhx0CovoQq5ml8xGgexA0pl1US+zCGo48DDNRLInasqNv9IExG6iGb |
| WU/qnCBv/+F8fWRcS5FNrFYdGRJsr/KZQCGdBrmikCx7vK/+wEChBoli8/P9oAdh |
| qsL54Q4TlpKsU7rtpTbJuQTnE2e8DmPcIilT4uNZq1wlzdn7Rk6RcN1BSzWHpP0s |
| Zr51fgPpEmFmyxmIoWG3E7SrUabVWJzbjKIa2sNvy7axZdijo9GH2Lm7uMGD8YM4 |
| Kv2j9qZZ8ifx41ApAgMBAAGjgekwgeYwHQYDVR0OBBYEFAHQGfRrhrwXO/t0lQ9T |
| vb1OyhDWMB8GA1UdIwQYMBaAFNOXxve55RdpbXg5dzoKrTItQKwHMD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEADrathTQ9z5wvjOeQgDP2 |
| EplAbYl7XAjJqfxAJB4UrGxqEao+6sEZMnVnJv7A+VXptgR0yeMiWToGWl8lbR3f |
| SGKk7tCH3yCdnJWqTncFKOZmrK4j5HTfWrQh5z0PlWGEEX7YcmbdhcdB/kQS2kzH |
| G6t9Sz3EOC25VIomHnYb9guK6fqfCubMbcVV8aUpIEIF1FpPJ6u25MTqTYuXU2cD |
| dTIfnR64cuHEWgkV186jWe3MTQ/qwB1XGkPXemOGsLhcTzQppL6QxGs5IMklln2h |
| zO73VwRp1yFmHcxObBAabocR8+OunltkBO6sxgokgOQKDolJnQ8ddLL2234lodBu |
| fg== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 4 (0x4) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 2 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:bf:ca:00:55:10:61:e4:0e:a3:f8:57:b8:7b:19: |
| 34:5a:77:b8:06:39:88:07:0c:ec:d0:3b:4a:53:02: |
| 3c:d1:d3:da:48:ae:8a:1a:1c:3d:30:bb:b3:36:80: |
| a1:6f:cd:32:fd:54:26:b9:77:d7:1e:11:30:6c:eb: |
| d7:11:9a:d9:af:54:7e:0e:37:c3:8d:f3:0a:5d:ec: |
| 82:d6:6e:f3:46:f4:2a:82:24:e4:28:38:c2:fa:6a: |
| a6:f7:38:cd:94:50:20:bd:ee:50:9e:3a:a3:40:1a: |
| 49:77:eb:b2:05:8c:01:46:e6:ef:8f:55:91:0a:7a: |
| 44:10:62:b8:9f:3e:81:31:ae:08:95:29:37:47:53: |
| ec:f3:c7:9c:f0:be:64:70:b3:81:f0:04:f4:a4:aa: |
| 41:ad:16:8f:13:31:af:9b:eb:55:dc:93:6d:56:cf: |
| d6:f0:0a:fb:11:9e:32:59:d4:07:28:e1:fe:60:73: |
| bf:43:bf:ff:c9:dc:f2:ca:3a:e1:0c:bd:90:0b:c2: |
| ab:91:d5:2e:72:5d:5e:f0:f8:45:7b:3d:37:89:d1: |
| 16:bd:9b:4f:c9:c4:34:c7:c4:23:a4:04:4b:13:db: |
| 1a:b5:82:d0:f6:cd:99:fe:f3:0d:98:81:65:5e:2f: |
| 9e:a4:c1:5b:2b:67:b5:07:2a:24:a6:e7:06:5f:49: |
| d6:d5 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| D3:97:C6:F7:B9:E5:17:69:6D:78:39:77:3A:0A:AD:32:2D:40:AC:07 |
| X509v3 Authority Key Identifier: |
| keyid:64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| d2:35:f4:84:23:56:e3:2f:d1:54:fa:eb:85:02:e1:b7:aa:94: |
| a9:73:95:1d:29:9a:35:64:ac:4a:28:a3:87:24:e1:cd:3e:9f: |
| 53:14:92:ce:86:d6:ae:d5:3f:1d:97:59:ae:c4:1c:ae:78:29: |
| d7:45:a5:14:58:b6:ac:28:3e:20:e6:27:56:22:b2:bf:80:24: |
| 8d:bd:ef:17:67:8f:59:74:8b:7e:41:f1:fc:4d:a8:7b:d4:cf: |
| 0c:ec:41:c6:7a:2b:fc:c3:c2:92:dc:49:f6:7a:3d:bd:b0:41: |
| 0c:d3:0c:dd:58:1a:42:62:80:10:ad:95:ec:a0:8a:cb:b4:b8: |
| 8e:5d:45:c7:d2:82:4b:eb:cb:1a:0e:f5:40:46:0d:dd:35:a3: |
| 9b:d1:3e:55:95:b1:ab:96:63:31:ac:01:b4:ef:20:bc:0d:86: |
| 88:b2:e5:94:64:6b:f1:1a:73:3e:09:b0:4c:57:87:3a:65:5a: |
| 84:17:af:1c:cd:a5:4e:72:8e:19:8b:50:0a:97:4b:df:69:2c: |
| 4c:21:d4:d1:7e:81:74:94:60:5b:b0:5e:56:53:14:b4:52:3d: |
| c9:45:a5:47:10:74:15:86:a0:52:ba:ff:b5:32:01:ef:dd:0e: |
| 17:d6:73:35:aa:1e:ca:9a:8b:2e:28:cf:fa:1b:79:be:a7:87: |
| 4b:b4:0a:26 |
| -----BEGIN CERTIFICATE----- |
| MIIDbTCCAlWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8oAVRBh |
| 5A6j+Fe4exk0Wne4BjmIBwzs0DtKUwI80dPaSK6KGhw9MLuzNoChb80y/VQmuXfX |
| HhEwbOvXEZrZr1R+DjfDjfMKXeyC1m7zRvQqgiTkKDjC+mqm9zjNlFAgve5Qnjqj |
| QBpJd+uyBYwBRubvj1WRCnpEEGK4nz6BMa4IlSk3R1Ps88ec8L5kcLOB8AT0pKpB |
| rRaPEzGvm+tV3JNtVs/W8Ar7EZ4yWdQHKOH+YHO/Q7//ydzyyjrhDL2QC8KrkdUu |
| cl1e8PhFez03idEWvZtPycQ0x8QjpARLE9satYLQ9s2Z/vMNmIFlXi+epMFbK2e1 |
| ByokpucGX0nW1QIDAQABo4HLMIHIMB0GA1UdDgQWBBTTl8b3ueUXaW14OXc6Cq0y |
| LUCsBzAfBgNVHSMEGDAWgBRkkJPNrMc3Nk1rFNZn0FQ6WUU6/DA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| ANI19IQjVuMv0VT664UC4beqlKlzlR0pmjVkrEooo4ck4c0+n1MUks6G1q7VPx2X |
| Wa7EHK54KddFpRRYtqwoPiDmJ1Yisr+AJI297xdnj1l0i35B8fxNqHvUzwzsQcZ6 |
| K/zDwpLcSfZ6Pb2wQQzTDN1YGkJigBCtleygisu0uI5dRcfSgkvryxoO9UBGDd01 |
| o5vRPlWVsauWYzGsAbTvILwNhoiy5ZRka/Eacz4JsExXhzplWoQXrxzNpU5yjhmL |
| UAqXS99pLEwh1NF+gXSUYFuwXlZTFLRSPclFpUcQdBWGoFK6/7UyAe/dDhfWczWq |
| Hsqaiy4oz/obeb6nh0u0CiY= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 3 (0x3) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 2 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:ea:cc:2d:c4:88:54:07:90:da:62:ef:77:23:b2: |
| 83:c9:54:06:25:70:65:43:f2:29:a3:f3:22:f2:09: |
| 92:31:25:77:79:63:4a:7f:d8:e5:1f:16:1a:25:bc: |
| d4:4b:9a:b3:a0:61:7e:c3:a5:90:32:97:5a:5b:59: |
| cf:97:d6:ac:2c:86:a7:70:ed:2d:e0:bf:e8:44:6f: |
| 41:29:55:b0:40:a8:10:d6:4d:67:2b:01:1f:7a:33: |
| 2b:ce:8f:c8:fb:54:99:e2:11:2d:75:7d:ff:f5:fb: |
| 53:e5:6b:7e:ca:b8:fc:1f:bc:8f:32:29:6d:d2:6b: |
| a1:9b:d9:7f:b2:f6:e9:18:72:fe:45:a2:23:dc:bf: |
| 5d:1e:43:5d:2b:80:2a:71:b4:cb:67:30:cc:aa:54: |
| 76:fc:4b:a3:2b:ab:99:31:66:bf:5c:09:44:e6:c9: |
| 27:42:3a:58:b5:fd:db:06:0f:11:04:0d:2d:36:4a: |
| 02:d5:50:4d:4d:7c:ed:a4:51:49:e3:fe:44:54:30: |
| 84:b6:1f:54:28:1f:9e:41:b2:20:23:75:e5:d4:e4: |
| bf:79:a6:ab:84:aa:dc:56:38:cf:2c:d3:8e:13:48: |
| 43:5a:eb:eb:3b:a0:36:d5:89:0c:68:e2:fb:8f:3a: |
| 82:ad:01:4b:f8:bb:b0:2e:3d:b7:6e:91:a3:70:9a: |
| d0:41 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC |
| X509v3 Authority Key Identifier: |
| keyid:64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 77:d8:b1:3b:e5:c4:ce:c7:37:c6:fa:d7:a7:a1:cf:66:0e:19: |
| 49:ea:06:f2:ec:8d:92:7d:e2:de:43:32:22:55:b4:84:f5:30: |
| bb:44:91:c1:81:2a:aa:ae:e1:3c:86:17:20:28:15:a1:d0:dc: |
| ce:7c:62:67:4e:d5:a8:e0:e3:44:91:af:96:24:58:0d:eb:26: |
| 1f:42:37:82:de:d6:84:40:36:c7:78:7d:6c:f7:fa:54:a0:70: |
| d0:b9:41:a8:f2:3b:19:f1:cc:36:97:69:78:66:3c:ad:03:1e: |
| 70:e7:81:23:11:d6:98:d7:ba:e5:98:d8:12:c7:4b:1d:5b:b1: |
| cd:91:5c:49:f0:d3:99:dd:9e:ab:db:7b:32:f6:8c:be:fe:0b: |
| 2b:1e:96:8d:6e:7e:4a:69:71:f3:b6:f7:44:5f:a1:2f:62:67: |
| f0:55:b0:a2:d1:db:7f:58:3b:10:05:4f:e1:00:9d:45:4f:5d: |
| 1e:b8:a8:83:bd:33:bd:14:07:34:23:5e:99:bb:16:3e:ee:de: |
| 84:96:53:bf:29:e7:a5:52:a9:b6:6a:76:db:a6:ee:45:34:3f: |
| f7:48:d8:8a:12:46:c6:6c:ba:31:85:e8:45:07:85:23:37:85: |
| ff:15:de:0b:a8:97:40:60:11:9d:20:a8:fc:53:38:66:ea:9e: |
| d4:1b:9f:34 |
| -----BEGIN CERTIFICATE----- |
| MIIDZTCCAk2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOrMLcSIVAeQ2mLvdyOy |
| g8lUBiVwZUPyKaPzIvIJkjEld3ljSn/Y5R8WGiW81Euas6BhfsOlkDKXWltZz5fW |
| rCyGp3DtLeC/6ERvQSlVsECoENZNZysBH3ozK86PyPtUmeIRLXV9//X7U+Vrfsq4 |
| /B+8jzIpbdJroZvZf7L26Rhy/kWiI9y/XR5DXSuAKnG0y2cwzKpUdvxLoyurmTFm |
| v1wJRObJJ0I6WLX92wYPEQQNLTZKAtVQTU187aRRSeP+RFQwhLYfVCgfnkGyICN1 |
| 5dTkv3mmq4Sq3FY4zyzTjhNIQ1rr6zugNtWJDGji+486gq0BS/i7sC49t26Ro3Ca |
| 0EECAwEAAaOByzCByDAdBgNVHQ4EFgQUZJCTzazHNzZNaxTWZ9BUOllFOvwwHwYD |
| VR0jBBgwFoAUZJCTzazHNzZNaxTWZ9BUOllFOvwwNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB32LE75cTO |
| xzfG+tenoc9mDhlJ6gby7I2SfeLeQzIiVbSE9TC7RJHBgSqqruE8hhcgKBWh0NzO |
| fGJnTtWo4ONEka+WJFgN6yYfQjeC3taEQDbHeH1s9/pUoHDQuUGo8jsZ8cw2l2l4 |
| ZjytAx5w54EjEdaY17rlmNgSx0sdW7HNkVxJ8NOZ3Z6r23sy9oy+/gsrHpaNbn5K |
| aXHztvdEX6EvYmfwVbCi0dt/WDsQBU/hAJ1FT10euKiDvTO9FAc0I16ZuxY+7t6E |
| llO/KeelUqm2anbbpu5FND/3SNiKEkbGbLoxhehFB4UjN4X/Fd4LqJdAYBGdIKj8 |
| Uzhm6p7UG580 |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 5 (0x5) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 2 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:ea:cc:2d:c4:88:54:07:90:da:62:ef:77:23:b2: |
| 83:c9:54:06:25:70:65:43:f2:29:a3:f3:22:f2:09: |
| 92:31:25:77:79:63:4a:7f:d8:e5:1f:16:1a:25:bc: |
| d4:4b:9a:b3:a0:61:7e:c3:a5:90:32:97:5a:5b:59: |
| cf:97:d6:ac:2c:86:a7:70:ed:2d:e0:bf:e8:44:6f: |
| 41:29:55:b0:40:a8:10:d6:4d:67:2b:01:1f:7a:33: |
| 2b:ce:8f:c8:fb:54:99:e2:11:2d:75:7d:ff:f5:fb: |
| 53:e5:6b:7e:ca:b8:fc:1f:bc:8f:32:29:6d:d2:6b: |
| a1:9b:d9:7f:b2:f6:e9:18:72:fe:45:a2:23:dc:bf: |
| 5d:1e:43:5d:2b:80:2a:71:b4:cb:67:30:cc:aa:54: |
| 76:fc:4b:a3:2b:ab:99:31:66:bf:5c:09:44:e6:c9: |
| 27:42:3a:58:b5:fd:db:06:0f:11:04:0d:2d:36:4a: |
| 02:d5:50:4d:4d:7c:ed:a4:51:49:e3:fe:44:54:30: |
| 84:b6:1f:54:28:1f:9e:41:b2:20:23:75:e5:d4:e4: |
| bf:79:a6:ab:84:aa:dc:56:38:cf:2c:d3:8e:13:48: |
| 43:5a:eb:eb:3b:a0:36:d5:89:0c:68:e2:fb:8f:3a: |
| 82:ad:01:4b:f8:bb:b0:2e:3d:b7:6e:91:a3:70:9a: |
| d0:41 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC |
| X509v3 Authority Key Identifier: |
| keyid:5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 08:18:04:78:4e:5e:99:54:0e:de:99:06:87:4d:3f:7b:98:bc: |
| ac:92:ec:e2:60:54:35:c8:65:68:09:3d:8d:d9:23:ed:c3:f3: |
| 7b:fd:8a:60:fb:8b:dc:66:96:3f:69:81:5b:7c:cd:1d:cd:44: |
| 8d:3a:93:e4:18:94:c4:a8:56:6a:fd:ea:07:ce:b1:a0:05:b2: |
| cd:fd:bf:05:e6:52:2b:26:36:9d:e2:f2:25:f2:c8:27:5b:52: |
| 13:c6:3e:55:5b:72:58:34:a1:1c:5b:17:15:69:b1:82:78:a8: |
| 6b:80:81:cc:73:40:5b:c0:ad:de:a8:ec:53:4f:72:f0:1b:a6: |
| d4:ea:e6:c0:35:96:df:ef:38:15:c5:0e:e9:92:22:c4:97:0d: |
| d5:37:6f:7e:af:1f:6e:53:45:1e:3e:21:8c:25:d3:4c:aa:0d: |
| 5b:08:e1:5f:aa:dc:49:1c:84:b3:30:21:ea:b6:9c:95:d4:16: |
| 1c:9a:0b:17:47:a1:8c:7d:04:a0:e5:df:7d:e7:69:b7:81:2d: |
| 31:09:9b:ae:da:b2:1d:13:36:ad:f1:19:7e:92:6a:1b:70:01: |
| 8b:ee:88:5e:54:56:d6:dd:6e:78:b1:53:06:89:3b:e3:7e:45: |
| 2c:b5:9c:c9:92:5a:0d:c2:85:d0:e1:89:20:94:c7:ef:3c:01: |
| ab:25:5c:4b |
| -----BEGIN CERTIFICATE----- |
| MIIDZTCCAk2gAwIBAgIBBTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOrMLcSIVAeQ2mLvdyOy |
| g8lUBiVwZUPyKaPzIvIJkjEld3ljSn/Y5R8WGiW81Euas6BhfsOlkDKXWltZz5fW |
| rCyGp3DtLeC/6ERvQSlVsECoENZNZysBH3ozK86PyPtUmeIRLXV9//X7U+Vrfsq4 |
| /B+8jzIpbdJroZvZf7L26Rhy/kWiI9y/XR5DXSuAKnG0y2cwzKpUdvxLoyurmTFm |
| v1wJRObJJ0I6WLX92wYPEQQNLTZKAtVQTU187aRRSeP+RFQwhLYfVCgfnkGyICN1 |
| 5dTkv3mmq4Sq3FY4zyzTjhNIQ1rr6zugNtWJDGji+486gq0BS/i7sC49t26Ro3Ca |
| 0EECAwEAAaOByzCByDAdBgNVHQ4EFgQUZJCTzazHNzZNaxTWZ9BUOllFOvwwHwYD |
| VR0jBBgwFoAUXaEDPY8T+QivHoNsvN5vo7XCGuowNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAIGAR4Tl6Z |
| VA7emQaHTT97mLyskuziYFQ1yGVoCT2N2SPtw/N7/Ypg+4vcZpY/aYFbfM0dzUSN |
| OpPkGJTEqFZq/eoHzrGgBbLN/b8F5lIrJjad4vIl8sgnW1ITxj5VW3JYNKEcWxcV |
| abGCeKhrgIHMc0BbwK3eqOxTT3LwG6bU6ubANZbf7zgVxQ7pkiLElw3VN29+rx9u |
| U0UePiGMJdNMqg1bCOFfqtxJHISzMCHqtpyV1BYcmgsXR6GMfQSg5d9952m3gS0x |
| CZuu2rIdEzat8Rl+kmobcAGL7oheVFbW3W54sVMGiTvjfkUstZzJkloNwoXQ4Ykg |
| lMfvPAGrJVxL |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:a7:67:cf:1d:f5:54:e9:96:54:bc:65:8c:b7:9e: |
| 72:39:05:68:3d:44:e5:93:d8:4b:61:b1:a4:b4:b4: |
| 4c:c6:a0:92:b6:4d:06:3a:5b:b2:0a:8a:27:cb:b1: |
| e7:c3:35:47:ef:ac:2d:a7:d0:9c:b2:50:6a:58:3d: |
| 12:a4:85:dc:77:a9:08:e5:f4:1f:c0:ef:00:51:cd: |
| 68:62:d5:e5:cc:01:be:be:42:8b:35:fb:00:9c:30: |
| 84:0c:d7:35:7d:88:d1:1b:43:78:19:79:aa:06:b3: |
| ac:5c:69:a0:23:f0:69:dc:89:59:97:05:df:01:ae: |
| 5b:8f:01:a0:78:4f:05:4e:36:ac:00:b4:8d:e8:79: |
| 05:07:f2:76:a4:63:3f:95:21:06:57:61:a9:f0:43: |
| 04:d1:92:d3:9d:bb:b3:8f:5b:ef:ab:81:a0:23:11: |
| 38:b5:02:b2:95:1d:ac:da:b8:36:60:d7:d7:01:6d: |
| e8:ed:32:21:b4:84:97:33:7c:67:88:0e:44:c7:12: |
| 87:85:6a:49:80:82:cb:1e:16:2b:2f:6d:98:82:a0: |
| a0:30:cc:55:df:93:65:e0:9a:08:24:8a:47:cc:69: |
| 53:3c:b7:62:fa:df:11:64:d0:3f:52:43:80:f8:cf: |
| 7b:6f:d0:65:20:fb:22:d0:43:ca:fc:fc:0f:bd:1c: |
| 42:b9 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA |
| X509v3 Authority Key Identifier: |
| keyid:5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 7f:ec:13:f0:46:53:d5:75:08:a5:37:44:9c:47:19:9e:05:ef: |
| d6:30:68:1e:0b:c8:3c:84:93:51:36:25:48:60:56:d4:79:1f: |
| b6:2c:91:e3:6f:61:f9:e7:7d:c8:b6:7b:70:7f:27:6d:2c:38: |
| ec:73:e4:8c:86:f4:48:8e:1b:09:0d:9f:f8:5a:1f:95:ed:f1: |
| 03:ea:99:64:d6:2d:46:4e:b8:0b:67:10:98:8e:19:2e:31:e1: |
| e3:d6:fe:7c:97:e9:a3:7a:18:25:9c:d4:4f:ce:a9:11:1d:f0: |
| 53:32:8a:e8:8e:8d:80:fb:f1:c1:c1:6a:c1:cf:d2:36:a2:b1: |
| f9:32:9e:05:fd:73:1a:b9:37:e5:55:b2:1e:78:84:a5:04:45: |
| 4a:d5:24:ad:20:39:fe:ab:ce:38:dd:c0:1e:2f:dd:ce:b4:5c: |
| 49:1d:ab:7a:e1:bd:e9:a6:d2:02:64:8a:a9:97:36:89:42:c2: |
| 82:14:ec:aa:dd:77:be:b1:d6:d2:4f:8b:a4:fe:5b:06:28:1c: |
| 2f:4e:83:15:1f:10:a9:c6:ce:8e:a6:ca:bb:2c:01:6a:ae:99: |
| 59:44:05:fc:a5:7e:fe:73:5f:df:b5:0b:48:b5:43:b6:10:9f: |
| 42:2e:8b:65:f6:47:25:27:66:ef:a6:a0:ca:d3:cc:9c:ac:2d: |
| 22:5b:87:5c |
| -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- |
| MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdnzx31VOmWVLxljLee |
| cjkFaD1E5ZPYS2GxpLS0TMagkrZNBjpbsgqKJ8ux58M1R++sLafQnLJQalg9EqSF |
| 3HepCOX0H8DvAFHNaGLV5cwBvr5CizX7AJwwhAzXNX2I0RtDeBl5qgazrFxpoCPw |
| adyJWZcF3wGuW48BoHhPBU42rAC0jeh5BQfydqRjP5UhBldhqfBDBNGS0527s49b |
| 76uBoCMROLUCspUdrNq4NmDX1wFt6O0yIbSElzN8Z4gORMcSh4VqSYCCyx4WKy9t |
| mIKgoDDMVd+TZeCaCCSKR8xpUzy3YvrfEWTQP1JDgPjPe2/QZSD7ItBDyvz8D70c |
| QrkCAwEAAaOByzCByDAdBgNVHQ4EFgQUXaEDPY8T+QivHoNsvN5vo7XCGuowHwYD |
| VR0jBBgwFoAUXaEDPY8T+QivHoNsvN5vo7XCGuowNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB/7BPwRlPV |
| dQilN0ScRxmeBe/WMGgeC8g8hJNRNiVIYFbUeR+2LJHjb2H5533ItntwfydtLDjs |
| c+SMhvRIjhsJDZ/4Wh+V7fED6plk1i1GTrgLZxCYjhkuMeHj1v58l+mjehglnNRP |
| zqkRHfBTMorojo2A+/HBwWrBz9I2orH5Mp4F/XMauTflVbIeeISlBEVK1SStIDn+ |
| q8443cAeL93OtFxJHat64b3pptICZIqplzaJQsKCFOyq3Xe+sdbST4uk/lsGKBwv |
| ToMVHxCpxs6Opsq7LAFqrplZRAX8pX7+c1/ftQtItUO2EJ9CLotl9kclJ2bvpqDK |
| 08ycrC0iW4dc |
| -----END TRUST_ANCHOR_UNCONSTRAINED----- |
| |
| 150302120000Z |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| SUCCESS |
| -----BEGIN VERIFY_RESULT----- |
| U1VDQ0VTUw== |
| -----END VERIFY_RESULT----- |
