| [Created by: generate-chains.py] |
| |
| Certificate chain where the supposed root certificate is wrong: |
| |
| * The intermediate's "issuer" does not match the root's "subject" |
| * The intermediate's signature was not generated using the root's key |
| |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 6f:d4:ce:21:aa:ed:06:7b:56:9b:0b:40:d4:28:fb:ff:a9:d9:2b:9b |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Mar 10 12:00:00 2018 GMT |
| Not After : Jan 1 12:00:00 2021 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:b3:d8:e1:c8:d6:ce:ed:3b:b7:8a:5b:17:c2:9e: |
| 0c:04:f4:4e:ba:ad:1b:cf:c0:63:b7:c9:01:e9:7a: |
| 28:d4:d8:0b:71:36:af:02:f6:44:fc:ce:5e:84:50: |
| fb:5f:ef:a0:b8:b5:77:62:c0:6c:9f:8f:4f:64:52: |
| 67:04:0b:d3:92:31:a5:79:f3:8d:11:03:03:a2:c0: |
| da:ef:8f:b5:68:f8:55:f0:ac:9b:05:3a:df:ea:7b: |
| 3b:06:f2:de:e3:b2:c5:27:3e:b9:39:90:c0:27:0d: |
| de:6c:a2:8e:e4:2e:f9:95:13:37:df:20:12:28:ae: |
| 82:5e:91:3a:cb:75:ae:55:fb:07:d6:40:48:cd:6f: |
| 9c:3e:07:0f:48:d1:8f:ba:db:fa:b2:7c:ce:29:10: |
| e0:6b:48:36:80:db:4c:10:19:a1:28:fb:e0:b5:4f: |
| b2:89:40:b7:6b:9a:af:a1:9b:b0:52:03:23:16:fb: |
| 0f:5d:c6:c9:f2:98:08:c5:07:85:76:30:57:46:be: |
| 85:46:ed:14:74:60:00:61:ce:f7:88:62:6c:0b:a2: |
| 41:9c:5a:27:3f:e5:29:9c:36:73:a3:04:8b:ab:74: |
| 2d:1e:f5:96:f7:b4:c2:51:77:a9:9c:ef:ac:fd:bc: |
| aa:cf:ba:98:cf:6c:1b:fc:e9:20:8c:dc:17:45:49: |
| 12:45 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 14:7E:08:D5:73:67:A9:9C:5B:C1:26:14:D1:96:8E:09:88:11:32:67 |
| X509v3 Authority Key Identifier: |
| keyid:3F:EE:51:69:3A:24:09:D6:26:3C:A4:08:22:1F:0D:77:7D:D5:E7:3B |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 6f:45:77:15:36:c4:de:ad:a1:91:fd:91:06:3c:ae:9b:c1:9d: |
| 5a:0b:94:52:be:cf:a2:2b:3b:92:04:e1:dd:9b:a5:cd:ae:cb: |
| 60:13:d0:f5:52:f8:83:e1:ae:6b:65:9d:e2:23:23:c6:2f:71: |
| 40:b6:c8:95:45:8e:e6:11:aa:0e:b0:47:64:5d:3a:53:dc:4b: |
| 72:19:69:87:e8:65:a3:a1:b5:da:5b:79:70:83:57:df:69:5e: |
| 4a:fa:6e:6f:ec:83:d8:65:25:90:5d:d3:d2:99:9d:3b:78:56: |
| 44:6c:b5:02:95:2e:b0:4a:4a:c4:13:48:f0:cb:6a:2b:8d:f1: |
| cf:93:21:c2:fe:b5:67:e9:a0:6b:d3:c0:f6:1d:7f:96:75:88: |
| cc:72:e8:a0:39:fd:b0:48:fa:be:a0:7c:e2:93:1c:58:16:78: |
| 9e:60:9c:a3:ca:9d:76:43:f2:3b:c3:44:a0:e3:7a:0b:54:07: |
| 07:20:86:94:6d:0f:61:08:6b:05:c5:b3:48:c7:90:42:2d:20: |
| 65:73:ee:34:46:49:8d:23:35:5c:34:52:51:89:9d:60:f7:0f: |
| d4:b6:a6:ee:37:55:93:b3:3e:91:ac:b4:7c:37:47:20:67:de: |
| 8a:7a:5f:f1:24:75:d1:4b:4c:a1:5b:62:c1:11:76:69:7e:28: |
| 2e:09:02:c4 |
| -----BEGIN CERTIFICATE----- |
| MIIDoDCCAoigAwIBAgIUb9TOIartBntWmwtA1Cj7/6nZK5swDQYJKoZIhvcNAQEL |
| BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE4MDMxMDEyMDAwMFoXDTIx |
| MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF |
| AAOCAQ8AMIIBCgKCAQEAs9jhyNbO7Tu3ilsXwp4MBPROuq0bz8Bjt8kB6Xoo1NgL |
| cTavAvZE/M5ehFD7X++guLV3YsBsn49PZFJnBAvTkjGlefONEQMDosDa74+1aPhV |
| 8KybBTrf6ns7BvLe47LFJz65OZDAJw3ebKKO5C75lRM33yASKK6CXpE6y3WuVfsH |
| 1kBIzW+cPgcPSNGPutv6snzOKRDga0g2gNtMEBmhKPvgtU+yiUC3a5qvoZuwUgMj |
| FvsPXcbJ8pgIxQeFdjBXRr6FRu0UdGAAYc73iGJsC6JBnFonP+UpnDZzowSLq3Qt |
| HvWW97TCUXepnO+s/byqz7qYz2wb/OkgjNwXRUkSRQIDAQABo4HpMIHmMB0GA1Ud |
| DgQWBBQUfgjVc2epnFvBJhTRlo4JiBEyZzAfBgNVHSMEGDAWgBQ/7lFpOiQJ1iY8 |
| pAgiHw13fdXnOzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 |
| cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 |
| dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF |
| oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD |
| ggEBAG9FdxU2xN6toZH9kQY8rpvBnVoLlFK+z6IrO5IE4d2bpc2uy2AT0PVS+IPh |
| rmtlneIjI8YvcUC2yJVFjuYRqg6wR2RdOlPcS3IZaYfoZaOhtdpbeXCDV99pXkr6 |
| bm/sg9hlJZBd09KZnTt4VkRstQKVLrBKSsQTSPDLaiuN8c+TIcL+tWfpoGvTwPYd |
| f5Z1iMxy6KA5/bBI+r6gfOKTHFgWeJ5gnKPKnXZD8jvDRKDjegtUBwcghpRtD2EI |
| awXFs0jHkEItIGVz7jRGSY0jNVw0UlGJnWD3D9S2pu43VZOzPpGstHw3RyBn3op6 |
| X/EkddFLTKFbYsERdml+KC4JAsQ= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 3e:47:c8:ca:0d:d0:ba:cc:83:24:aa:c4:09:b2:53:44:d2:da:f7:4b |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Mar 10 12:00:00 2018 GMT |
| Not After : Jan 1 12:00:00 2021 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:e4:40:ac:b5:f3:c7:b0:dc:ca:07:85:b4:fa:5f: |
| 0d:28:a4:0d:88:12:cb:05:a3:4f:bb:7d:01:88:de: |
| 0c:b3:b9:0c:cc:3f:b4:6e:9f:d6:b6:a7:2a:6b:03: |
| c5:bc:3b:10:17:69:fd:29:5c:d3:fd:38:fe:b6:5e: |
| b2:04:8f:10:93:92:aa:db:76:07:a2:60:0f:3e:07: |
| bb:8d:f1:ca:c8:f3:38:69:61:38:41:4e:69:2d:70: |
| c2:ed:af:85:81:99:dc:8e:65:03:45:32:9b:01:95: |
| 7c:d5:c0:90:bd:f4:08:a5:44:4b:e5:a2:e7:fe:17: |
| e4:f3:3d:59:35:8e:6d:3b:70:4d:b8:49:ac:63:ff: |
| 3e:d4:71:36:e9:2b:50:c9:5c:bc:bb:b0:c6:1b:c4: |
| 0a:01:ec:ae:3f:b7:bd:10:57:08:5e:ec:8a:07:ce: |
| e5:da:46:25:e8:ca:0a:e0:c2:cc:0d:44:84:db:0c: |
| 88:d5:0f:65:bc:ea:69:10:ba:dc:93:ef:34:f9:2f: |
| c7:9b:c5:49:27:72:9c:a3:fd:40:9c:49:e3:59:7c: |
| 24:cc:99:9a:01:b6:0d:fb:41:cb:36:80:41:88:c7: |
| 75:9f:d5:01:6f:63:d5:f5:75:85:cd:26:3e:a6:fe: |
| 8d:a9:ef:a8:b0:04:8b:7e:89:f3:5f:75:3a:56:69: |
| c7:07 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 3F:EE:51:69:3A:24:09:D6:26:3C:A4:08:22:1F:0D:77:7D:D5:E7:3B |
| X509v3 Authority Key Identifier: |
| keyid:64:6F:C2:6E:64:18:20:24:F6:02:A9:AF:63:23:01:ED:CC:69:9B:E0 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 58:7e:16:d7:e5:72:b1:be:d4:7f:e8:59:cc:53:02:d8:5c:9e: |
| 11:75:b2:01:0b:3f:86:ed:0f:9a:29:2d:69:37:0b:40:19:19: |
| fe:d2:12:33:82:5e:8f:bc:22:d6:d1:6e:18:9e:f9:39:3d:a7: |
| d8:a0:18:96:13:a3:41:89:05:24:71:8f:d3:55:4c:2f:62:62: |
| a5:ef:04:ee:47:a8:ad:c2:d4:fd:d8:fc:18:e7:88:9e:bb:8f: |
| 11:c6:62:6e:2e:3b:2a:c6:17:6a:a6:4b:cb:13:8e:5f:5b:8b: |
| 01:f0:71:cc:01:0c:48:38:6e:aa:dd:b7:17:03:aa:40:a9:47: |
| 99:f2:c5:93:54:7e:33:5b:d1:e3:e1:0f:83:3e:c5:c8:63:e6: |
| 7c:8c:55:92:86:38:5e:cb:e0:96:4e:83:b1:98:6d:e8:e1:30: |
| 88:b0:49:d4:7c:ae:e3:71:df:5d:f6:b6:15:b3:40:a4:e3:15: |
| 61:31:89:d1:25:d5:1d:46:ce:87:88:af:fb:4c:6d:31:58:b4: |
| b9:c5:39:e9:78:b7:62:48:a1:b7:f1:f8:f2:72:e6:51:b3:6d: |
| 81:f0:97:09:64:ee:c9:7a:20:d7:f1:ce:9f:bf:30:fe:c6:e8: |
| 85:de:48:18:ac:de:0a:d9:e8:f0:d0:7d:74:e9:3c:67:90:b6: |
| 7c:c5:16:a1 |
| -----BEGIN CERTIFICATE----- |
| MIIDgDCCAmigAwIBAgIUPkfIyg3QusyDJKrECbJTRNLa90swDQYJKoZIhvcNAQEL |
| BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xODAzMTAxMjAwMDBaFw0yMTAxMDExMjAw |
| MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD |
| ggEPADCCAQoCggEBAORArLXzx7DcygeFtPpfDSikDYgSywWjT7t9AYjeDLO5DMw/ |
| tG6f1ranKmsDxbw7EBdp/Slc0/04/rZesgSPEJOSqtt2B6JgDz4Hu43xysjzOGlh |
| OEFOaS1wwu2vhYGZ3I5lA0UymwGVfNXAkL30CKVES+Wi5/4X5PM9WTWObTtwTbhJ |
| rGP/PtRxNukrUMlcvLuwxhvECgHsrj+3vRBXCF7sigfO5dpGJejKCuDCzA1EhNsM |
| iNUPZbzqaRC63JPvNPkvx5vFSSdynKP9QJxJ41l8JMyZmgG2DftByzaAQYjHdZ/V |
| AW9j1fV1hc0mPqb+janvqLAEi36J8191OlZpxwcCAwEAAaOByzCByDAdBgNVHQ4E |
| FgQUP+5RaTokCdYmPKQIIh8Nd33V5zswHwYDVR0jBBgwFoAUZG/CbmQYICT2Aqmv |
| YyMB7cxpm+AwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs |
| LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m |
| b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ |
| MA0GCSqGSIb3DQEBCwUAA4IBAQBYfhbX5XKxvtR/6FnMUwLYXJ4RdbIBCz+G7Q+a |
| KS1pNwtAGRn+0hIzgl6PvCLW0W4Ynvk5PafYoBiWE6NBiQUkcY/TVUwvYmKl7wTu |
| R6itwtT92PwY54ieu48RxmJuLjsqxhdqpkvLE45fW4sB8HHMAQxIOG6q3bcXA6pA |
| qUeZ8sWTVH4zW9Hj4Q+DPsXIY+Z8jFWShjhey+CWToOxmG3o4TCIsEnUfK7jcd9d |
| 9rYVs0Ck4xVhMYnRJdUdRs6HiK/7TG0xWLS5xTnpeLdiSKG38fjycuZRs22B8JcJ |
| ZO7JeiDX8c6fvzD+xuiF3kgYrN4K2ejw0H106TxnkLZ8xRah |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 66:63:f9:27:23:34:d5:b4:a6:e3:b2:e1:3f:8c:39:ed:fb:cd:58:fc |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=BogusRoot |
| Validity |
| Not Before: Mar 10 12:00:00 2018 GMT |
| Not After : Jan 1 12:00:00 2021 GMT |
| Subject: CN=BogusRoot |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:b8:c8:2f:dc:30:b5:3e:65:02:31:fe:76:d5:cf: |
| 18:49:18:9a:99:63:02:ea:1f:9c:fc:34:05:04:f5: |
| dc:94:15:48:0c:0b:c0:18:b9:0f:a5:a0:8f:66:27: |
| 02:0b:a9:33:0f:a8:27:d7:61:d7:77:7e:d5:ab:db: |
| d4:a0:32:d0:40:9b:66:91:5b:ec:07:df:67:13:14: |
| 71:1f:21:98:d8:89:ae:15:dd:68:07:3d:3b:62:5c: |
| 34:f8:e8:39:da:2a:23:01:6a:09:a7:91:a1:c1:94: |
| ab:ba:42:7f:24:20:57:c8:67:2a:d6:cf:24:7b:b6: |
| 14:ad:69:61:c5:50:6b:6b:d2:77:0c:0c:6e:30:df: |
| 2b:e8:c4:de:89:a9:94:bf:8d:70:4e:ee:e1:5d:0f: |
| 11:0f:80:71:3d:67:90:59:c5:c7:d6:8b:6a:29:7d: |
| 8a:43:7a:98:0d:75:83:db:3c:09:27:19:12:77:99: |
| 2c:2b:a2:94:dc:7d:78:41:e2:4a:9a:31:f4:fa:8b: |
| ef:d3:d3:42:dd:1d:a5:be:5d:2f:1c:9c:33:4f:7d: |
| c8:bd:12:eb:18:cd:e0:80:d5:7a:1a:2d:93:fc:1f: |
| 59:8e:72:f8:e5:21:e1:f2:fe:b7:6a:c1:e1:39:20: |
| 26:60:98:fd:02:f0:5b:a2:6d:13:c7:15:20:9b:ef: |
| d5:31 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 6F:BD:F8:37:8B:1D:B5:1A:91:4C:D6:08:E8:33:85:8C:08:E9:3E:63 |
| X509v3 Authority Key Identifier: |
| keyid:6F:BD:F8:37:8B:1D:B5:1A:91:4C:D6:08:E8:33:85:8C:08:E9:3E:63 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/BogusRoot.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/BogusRoot.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 1a:f5:48:c5:bc:2a:d4:78:ad:33:1b:59:d9:22:c2:a9:19:f0: |
| a5:9f:39:40:c5:eb:8f:f2:cd:d5:ac:90:2f:a5:a1:ec:7b:de: |
| a4:04:80:d7:86:99:64:66:25:5f:e3:1d:75:97:9a:6c:e3:66: |
| 42:aa:f1:75:2f:20:80:06:d5:ea:f1:17:81:83:eb:a7:2c:70: |
| 26:dc:ef:5f:d6:56:bf:83:55:c4:8a:53:68:de:02:92:4e:d3: |
| 35:86:a4:61:24:68:b5:c6:37:f4:e9:d1:dd:96:96:0c:1a:b9: |
| 23:cc:e8:5e:5e:d9:92:5e:85:72:ec:67:b7:38:07:1d:85:1f: |
| 31:93:f9:6e:65:dc:d1:df:3d:22:57:9e:6a:d8:d0:9f:d6:99: |
| 57:75:1c:17:88:1e:64:85:e9:91:a2:34:5a:15:ea:81:25:55: |
| d8:77:9b:6a:67:33:bf:89:a5:81:4a:20:71:87:b0:ec:fd:66: |
| 5c:f1:62:f3:07:2d:07:ff:a1:41:fb:3f:fa:97:a7:4e:48:60: |
| 55:65:cc:a2:54:88:27:9b:99:82:19:ac:ba:be:a2:5b:df:1e: |
| ad:fc:72:dd:ca:cb:d6:08:66:96:09:d2:29:a8:98:0d:68:d2: |
| 05:6b:e2:b1:49:37:8d:08:39:b4:4b:c5:f2:f5:35:ee:85:ad: |
| 56:b8:d6:53 |
| -----BEGIN CERTIFICATE----- |
| MIIDjDCCAnSgAwIBAgIUZmP5JyM01bSm47LhP4w57fvNWPwwDQYJKoZIhvcNAQEL |
| BQAwFDESMBAGA1UEAwwJQm9ndXNSb290MB4XDTE4MDMxMDEyMDAwMFoXDTIxMDEw |
| MTEyMDAwMFowFDESMBAGA1UEAwwJQm9ndXNSb290MIIBIjANBgkqhkiG9w0BAQEF |
| AAOCAQ8AMIIBCgKCAQEAuMgv3DC1PmUCMf521c8YSRiamWMC6h+c/DQFBPXclBVI |
| DAvAGLkPpaCPZicCC6kzD6gn12HXd37Vq9vUoDLQQJtmkVvsB99nExRxHyGY2Imu |
| Fd1oBz07Ylw0+Og52iojAWoJp5GhwZSrukJ/JCBXyGcq1s8ke7YUrWlhxVBra9J3 |
| DAxuMN8r6MTeiamUv41wTu7hXQ8RD4BxPWeQWcXH1otqKX2KQ3qYDXWD2zwJJxkS |
| d5ksK6KU3H14QeJKmjH0+ovv09NC3R2lvl0vHJwzT33IvRLrGM3ggNV6Gi2T/B9Z |
| jnL45SHh8v63asHhOSAmYJj9AvBbom0TxxUgm+/VMQIDAQABo4HVMIHSMB0GA1Ud |
| DgQWBBRvvfg3ix21GpFM1gjoM4WMCOk+YzAfBgNVHSMEGDAWgBRvvfg3ix21GpFM |
| 1gjoM4WMCOk+YzA8BggrBgEFBQcBAQQwMC4wLAYIKwYBBQUHMAKGIGh0dHA6Ly91 |
| cmwtZm9yLWFpYS9Cb2d1c1Jvb3QuY2VyMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6 |
| Ly91cmwtZm9yLWNybC9Cb2d1c1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNV |
| HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAa9UjFvCrUeK0zG1nZIsKp |
| GfClnzlAxeuP8s3VrJAvpaHse96kBIDXhplkZiVf4x11l5ps42ZCqvF1LyCABtXq |
| 8ReBg+unLHAm3O9f1la/g1XEilNo3gKSTtM1hqRhJGi1xjf06dHdlpYMGrkjzOhe |
| XtmSXoVy7Ge3OAcdhR8xk/luZdzR3z0iV55q2NCf1plXdRwXiB5khemRojRaFeqB |
| JVXYd5tqZzO/iaWBSiBxh7Ds/WZc8WLzBy0H/6FB+z/6l6dOSGBVZcyiVIgnm5mC |
| Gay6vqJb3x6t/HLdysvWCGaWCdIpqJgNaNIFa+KxSTeNCDm0S8Xy9TXuha1WuNZT |
| -----END CERTIFICATE----- |