blob: 65bdb9c8f26840b835ed0db6ffa69fcdc553681b [file] [log] [blame]
[Created by: generate-unconstrained-root-basic-constraints-ca-false.py]
Certificate chain with 1 intermediate and a trust anchor. The trust anchor
has a basic constraints extension that indicates it is NOT a CA. Verification
is expected to succeed as constraints on the root certificate are not applied
to the trust anchor.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c8:04:f4:49:c8:99:48:ae:4b:8a:66:a6:19:29:
b8:4f:52:af:29:88:34:6c:07:db:a9:a7:99:7e:09:
bb:07:7a:7b:35:11:39:a5:4d:f9:54:e3:b7:8e:9c:
66:37:62:bc:5f:2d:f4:1f:ba:b0:fd:4b:0b:a6:59:
0c:94:d6:53:aa:7b:97:fc:bd:7f:72:e6:99:a7:04:
a5:b2:02:67:3d:9f:cb:c1:2c:48:f7:a4:a3:d4:30:
b6:8b:96:a9:ad:78:9c:1d:19:2a:28:ac:89:46:81:
eb:32:f1:11:bc:44:32:f0:3b:70:8d:53:4b:5e:ed:
9b:e2:f8:2d:a5:e0:69:cf:11:6b:0b:3e:33:02:f9:
66:e8:2e:93:15:d9:42:81:04:71:17:10:c8:04:81:
cb:11:6b:20:7c:f8:ef:71:8c:04:3a:51:ae:e7:69:
7a:66:3b:fc:52:53:19:97:39:51:38:d3:5c:9b:93:
48:09:e8:5d:18:3a:45:66:70:b1:f2:05:3d:15:ef:
fd:8e:c7:b2:37:da:97:15:04:ec:02:f6:9d:40:b2:
22:02:bc:09:68:70:e8:4d:85:7a:c9:dd:d0:9b:85:
a8:06:2c:ce:15:e7:53:df:79:c6:ad:57:83:c4:8a:
a1:eb:ef:ac:d0:b8:54:93:54:f3:24:91:41:a9:b2:
92:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:5A:D4:08:69:E1:A6:80:04:B2:43:1E:B5:EA:25:03:CC:A6:5A:EF
X509v3 Authority Key Identifier:
keyid:24:F8:6B:40:18:23:4E:B7:94:1D:E3:CA:38:B3:BF:9D:67:F2:7E:16
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
8c:66:31:d0:85:64:e5:17:c7:fa:55:f9:9d:b9:1b:b2:07:b6:
c4:7a:ca:9b:94:12:46:af:4e:07:5a:60:26:07:e5:a8:c7:c2:
e1:8d:e3:cc:79:b4:f0:f5:c5:7f:6f:35:5b:be:94:6a:b0:51:
66:ce:b6:46:69:66:2b:f5:46:92:10:18:2d:28:8d:5b:eb:61:
ad:37:2e:03:b0:46:03:e0:b3:2e:28:3f:b6:c7:94:fc:a1:c4:
57:97:23:4c:51:39:d6:66:83:aa:1e:57:37:70:b5:89:c9:33:
ad:d4:be:97:95:57:89:3a:32:e3:dc:83:ef:5d:78:f8:fa:e0:
26:12:6e:b2:f4:00:f1:ac:af:e4:be:7c:e7:8e:60:53:b6:e2:
e1:99:bb:ba:35:ff:8d:08:52:a1:7d:2d:0b:46:56:4e:6b:9a:
9e:f4:0e:eb:95:a4:95:e7:7b:08:d3:55:3f:95:c8:76:34:12:
c3:27:9a:f0:bb:0d:8c:0f:c7:56:b1:2c:c9:34:94:22:b6:c6:
a9:df:72:57:88:9e:06:01:e6:52:45:16:e6:aa:1d:ac:93:6e:
c0:5c:eb:b4:91:d7:01:8e:27:8c:00:7f:17:0a:f5:84:42:12:
d3:54:01:b5:bd:7e:0d:29:24:ee:2a:03:07:76:86:42:10:e1:
5c:ac:32:9c
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIBPRJ
yJlIrkuKZqYZKbhPUq8piDRsB9upp5l+CbsHens1ETmlTflU47eOnGY3YrxfLfQf
urD9SwumWQyU1lOqe5f8vX9y5pmnBKWyAmc9n8vBLEj3pKPUMLaLlqmteJwdGSoo
rIlGgesy8RG8RDLwO3CNU0te7Zvi+C2l4GnPEWsLPjMC+WboLpMV2UKBBHEXEMgE
gcsRayB8+O9xjAQ6Ua7naXpmO/xSUxmXOVE401ybk0gJ6F0YOkVmcLHyBT0V7/2O
x7I32pcVBOwC9p1AsiICvAlocOhNhXrJ3dCbhagGLM4V51PfecatV4PEiqHr76zQ
uFSTVPMkkUGpspINAgMBAAGjgekwgeYwHQYDVR0OBBYEFFha1Ahp4aaABLJDHrXq
JQPMplrvMB8GA1UdIwQYMBaAFCT4a0AYI063lB3jyjizv51n8n4WMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAjGYx0IVk5RfH+lX5nbkb
sge2xHrKm5QSRq9OB1pgJgflqMfC4Y3jzHm08PXFf281W76UarBRZs62RmlmK/VG
khAYLSiNW+thrTcuA7BGA+CzLig/tseU/KHEV5cjTFE51maDqh5XN3C1ickzrdS+
l5VXiToy49yD7114+PrgJhJusvQA8ayv5L58545gU7bi4Zm7ujX/jQhSoX0tC0ZW
TmuanvQO65Wkled7CNNVP5XIdjQSwyea8LsNjA/HVrEsyTSUIrbGqd9yV4ieBgHm
UkUW5qodrJNuwFzrtJHXAY4njAB/Fwr1hEIS01QBtb1+DSkk7ioDB3aGQhDhXKwy
nA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b4:44:74:3c:31:93:a2:8c:74:39:b1:50:1d:1c:
86:f8:ac:e7:45:73:11:9a:9c:8e:31:4a:84:81:0b:
6a:4b:38:13:eb:63:47:85:e7:2f:81:98:d2:f9:73:
a7:3b:3f:33:6e:21:51:7e:d1:36:4a:84:6f:b5:ce:
26:c5:1c:b6:fd:75:77:e4:8f:73:1a:3f:f9:e5:88:
d2:74:a8:6c:6e:50:f0:56:a5:58:ad:5a:69:0f:4a:
d1:fd:58:53:0a:e3:86:17:ff:37:48:7a:3b:a7:6d:
f5:c2:eb:f5:c7:60:17:d1:36:69:99:34:b8:a3:f7:
4b:a2:02:b1:0e:b9:81:2a:80:e9:da:e4:d8:40:82:
a3:e8:da:00:53:8e:89:32:e8:71:61:a0:1b:ee:a2:
f2:c7:fc:bb:0c:6b:71:d6:90:dc:a7:dd:bd:6f:97:
5f:5c:d5:bb:1a:d3:6f:d2:6b:30:32:6d:b0:eb:9f:
92:17:6d:b9:7f:e3:20:a0:16:43:6b:a2:4c:7f:37:
4e:26:04:8e:5c:1a:cc:2b:e3:37:8e:90:75:1b:b9:
b7:45:e2:41:1f:b0:af:b3:d1:85:56:a2:b0:b1:ad:
73:07:de:64:60:56:c4:8c:9f:48:d8:50:63:f8:c1:
6b:c5:f1:f3:11:9e:5e:1d:56:55:60:12:82:9c:93:
61:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:F8:6B:40:18:23:4E:B7:94:1D:E3:CA:38:B3:BF:9D:67:F2:7E:16
X509v3 Authority Key Identifier:
keyid:3E:6C:67:DF:AB:EE:20:0E:C6:98:F6:9A:1E:AD:BE:AF:AD:72:D8:86
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
a2:28:e4:cb:e5:d2:31:bd:7a:6c:60:60:75:59:27:9a:3a:11:
52:17:37:53:82:12:4d:f6:0c:d5:bf:45:51:4d:eb:8e:8a:c7:
01:c3:55:3e:9f:16:48:69:84:f2:e7:ad:7a:a4:32:66:c4:19:
39:1e:7c:31:01:42:59:3c:92:b9:aa:59:a5:b9:40:56:e5:4d:
0f:49:de:79:a9:72:77:95:5b:c3:de:b0:36:84:08:60:ea:21:
b9:d5:b4:bc:bf:f7:f0:f7:ea:5f:5f:fe:c8:3e:dc:b0:54:0e:
16:dd:c0:c2:d4:9f:c4:a0:e1:b3:52:0c:ee:43:0e:e7:a0:2f:
5e:25:92:51:6c:e7:a1:70:f8:f1:7e:83:e3:ea:a4:5d:a9:fb:
3a:c0:64:43:06:b5:a5:7e:48:e8:d3:20:52:df:06:4c:15:2e:
bb:54:49:7e:26:e5:eb:5b:82:80:8f:27:d3:e0:d0:28:5f:e8:
c0:7d:40:e5:e3:81:bf:2d:83:8f:7f:c4:7c:9b:24:f1:e7:1c:
81:90:bf:15:5a:db:4c:e8:09:f8:9b:9a:ba:f4:ad:b0:d7:66:
d5:b8:af:15:02:a1:e0:84:12:8c:68:24:9e:47:3c:4d:b8:da:
60:44:a1:fb:1d:d1:4b:b6:3a:22:a4:b9:6c:27:65:24:a6:6e:
57:c6:62:b9
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtER0PDGT
oox0ObFQHRyG+KznRXMRmpyOMUqEgQtqSzgT62NHhecvgZjS+XOnOz8zbiFRftE2
SoRvtc4mxRy2/XV35I9zGj/55YjSdKhsblDwVqVYrVppD0rR/VhTCuOGF/83SHo7
p231wuv1x2AX0TZpmTS4o/dLogKxDrmBKoDp2uTYQIKj6NoAU46JMuhxYaAb7qLy
x/y7DGtx1pDcp929b5dfXNW7GtNv0mswMm2w65+SF225f+MgoBZDa6JMfzdOJgSO
XBrMK+M3jpB1G7m3ReJBH7Cvs9GFVqKwsa1zB95kYFbEjJ9I2FBj+MFrxfHzEZ5e
HVZVYBKCnJNhkQIDAQABo4HLMIHIMB0GA1UdDgQWBBQk+GtAGCNOt5Qd48o4s7+d
Z/J+FjAfBgNVHSMEGDAWgBQ+bGffq+4gDsaY9poerb6vrXLYhjA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AKIo5Mvl0jG9emxgYHVZJ5o6EVIXN1OCEk32DNW/RVFN646KxwHDVT6fFkhphPLn
rXqkMmbEGTkefDEBQlk8krmqWaW5QFblTQ9J3nmpcneVW8PesDaECGDqIbnVtLy/
9/D36l9f/sg+3LBUDhbdwMLUn8Sg4bNSDO5DDuegL14lklFs56Fw+PF+g+PqpF2p
+zrAZEMGtaV+SOjTIFLfBkwVLrtUSX4m5etbgoCPJ9Pg0Chf6MB9QOXjgb8tg49/
xHybJPHnHIGQvxVa20zoCfibmrr0rbDXZtW4rxUCoeCEEoxoJJ5HPE242mBEofsd
0Uu2OiKkuWwnZSSmblfGYrk=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d0:70:df:1f:ab:c3:a1:05:6d:4c:e7:9b:5b:c7:
c7:b4:36:f5:e7:c7:00:14:94:c6:8d:6c:a9:3d:0d:
bb:44:8b:d7:50:29:90:e5:58:b5:6f:71:47:54:52:
85:46:7a:c6:36:9c:57:39:dc:75:d3:1b:f8:69:db:
da:21:11:db:8b:c1:e7:ac:86:7b:20:10:e7:3f:6e:
0b:c8:33:71:00:bb:4c:a9:7b:41:a8:54:4a:c7:48:
cb:6a:aa:cd:d9:a3:dd:5d:f9:80:df:c3:6d:4b:55:
4d:7c:c5:d3:de:bc:c1:c9:4e:50:fa:98:70:e0:84:
4b:fc:fc:9b:eb:fa:e3:7c:4b:0a:94:e6:5f:41:0c:
35:e1:d7:2c:54:27:24:22:9e:f7:c6:6d:72:d2:43:
06:52:d4:fb:94:ac:79:51:0b:da:1d:83:bf:a1:bc:
04:a5:a7:4c:a8:03:d0:01:7f:42:43:31:d9:7e:46:
74:2b:46:5a:a4:0d:ff:7a:e0:69:d1:dd:d7:29:0d:
b8:12:3d:99:ac:f5:ce:97:d7:3f:2e:15:5c:51:47:
1d:d4:da:f5:ce:a3:12:46:43:74:da:70:bb:a2:83:
e3:b8:ac:e1:b0:8c:88:cd:d8:d9:42:fa:e8:57:a3:
5b:d8:4d:72:a8:7f:be:22:8a:d3:cf:1a:75:53:fc:
32:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:6C:67:DF:AB:EE:20:0E:C6:98:F6:9A:1E:AD:BE:AF:AD:72:D8:86
X509v3 Authority Key Identifier:
keyid:3E:6C:67:DF:AB:EE:20:0E:C6:98:F6:9A:1E:AD:BE:AF:AD:72:D8:86
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
27:dc:b7:a3:09:a6:ab:07:74:62:e6:57:46:5a:75:a7:8d:c7:
77:47:a4:5e:9b:9b:85:69:5c:a7:92:b6:30:de:b6:c5:e5:c2:
57:c2:05:ec:dd:7b:76:8f:20:dc:89:75:b9:6a:6e:d8:5f:4b:
b9:85:f1:b1:1e:33:33:18:ff:c6:bc:1d:0a:29:ac:46:c1:77:
36:ae:8f:ae:81:fa:c3:5d:b9:de:4a:4f:8e:fc:b6:ed:c4:93:
1f:87:34:39:ba:c3:76:fa:03:38:c6:57:c4:1d:41:cb:4b:8c:
26:9d:60:b3:e9:0f:5a:7d:22:0f:58:4d:60:72:a4:23:77:bf:
58:b4:f4:8e:dc:8c:42:2e:46:f9:67:0a:b5:b9:a6:60:06:16:
8b:28:e2:e7:95:ff:c8:e2:d9:50:17:88:45:1e:13:20:bd:20:
03:f8:46:17:21:5d:ba:1a:3c:fd:ec:25:cf:04:2e:90:db:b6:
0f:0f:db:d5:ff:5a:8b:fd:4f:85:ab:7e:fc:a7:a3:10:b1:84:
6e:e4:20:11:bf:d4:b1:3c:a3:58:2a:f5:56:45:e2:86:f0:ae:
67:05:d9:b6:57:79:3c:e2:03:26:70:27:fb:e6:0f:96:a7:40:
9c:a6:cb:fa:de:bd:8b:f9:e2:ad:7d:9d:b5:ac:27:bf:83:9b:
10:94:f2:71
-----BEGIN TRUST_ANCHOR_UNCONSTRAINED-----
MIIDYjCCAkqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBw3x+rw6EFbUznm1vH
x7Q29efHABSUxo1sqT0Nu0SL11ApkOVYtW9xR1RShUZ6xjacVzncddMb+Gnb2iER
24vB56yGeyAQ5z9uC8gzcQC7TKl7QahUSsdIy2qqzdmj3V35gN/DbUtVTXzF0968
wclOUPqYcOCES/z8m+v643xLCpTmX0EMNeHXLFQnJCKe98ZtctJDBlLU+5SseVEL
2h2Dv6G8BKWnTKgD0AF/QkMx2X5GdCtGWqQN/3rgadHd1ykNuBI9maz1zpfXPy4V
XFFHHdTa9c6jEkZDdNpwu6KD47is4bCMiM3Y2UL66FejW9hNcqh/viKK088adVP8
MskCAwEAAaOByDCBxTAdBgNVHQ4EFgQUPmxn36vuIA7GmPaaHq2+r61y2IYwHwYD
VR0jBBgwFoAUPmxn36vuIA7GmPaaHq2+r61y2IYwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAn3LejCaarB3Ri
5ldGWnWnjcd3R6Rem5uFaVynkrYw3rbF5cJXwgXs3Xt2jyDciXW5am7YX0u5hfGx
HjMzGP/GvB0KKaxGwXc2ro+ugfrDXbneSk+O/LbtxJMfhzQ5usN2+gM4xlfEHUHL
S4wmnWCz6Q9afSIPWE1gcqQjd79YtPSO3IxCLkb5Zwq1uaZgBhaLKOLnlf/I4tlQ
F4hFHhMgvSAD+EYXIV26Gjz97CXPBC6Q27YPD9vV/1qL/U+Fq378p6MQsYRu5CAR
v9SxPKNYKvVWReKG8K5nBdm2V3k84gMmcCf75g+Wp0Ccpsv63r2L+eKtfZ21rCe/
g5sQlPJx
-----END TRUST_ANCHOR_UNCONSTRAINED-----
150302120000Z
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
SUCCESS
-----BEGIN VERIFY_RESULT-----
U1VDQ0VTUw==
-----END VERIFY_RESULT-----