| [Created by: generate-chains.py] |
| |
| Certificate chain where the leaf certificate asserts the keyCertSign key |
| usage, however does not have CA=true in the basic constraints extension to |
| indicate it is a CA. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 0d:e0:65:d2:8a:72:7c:60:7d:f8:7e:88:6d:f0:a6:80:23:e1:38:a9 |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Mar 10 12:00:00 2018 GMT |
| Not After : Jan 1 12:00:00 2021 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:d5:97:4d:ce:b9:89:7b:00:4f:e4:1f:f6:b0:1d: |
| 26:7d:c5:42:70:21:40:3a:a6:f9:07:5b:11:c6:fb: |
| 0f:8e:79:46:78:ad:34:71:46:b4:fa:96:75:06:c8: |
| 3e:c7:e9:1a:ae:f0:47:7f:4b:53:4a:f2:46:83:89: |
| 92:b0:11:11:0c:04:7c:33:e1:4b:7e:b5:b5:b2:54: |
| a7:28:64:31:7b:e2:5c:4a:00:30:3f:8c:21:e0:61: |
| f6:15:e8:20:03:bf:ce:d3:b4:ec:6e:27:88:fb:a9: |
| b0:9a:73:79:26:46:55:a3:05:ac:25:ba:6f:24:3c: |
| 17:7d:17:6c:25:ad:14:68:0b:fd:a6:d6:5f:5a:9a: |
| 4a:9d:6d:86:e5:77:b9:50:9c:40:2b:40:af:1d:92: |
| 4e:22:7a:c1:eb:57:17:16:4d:fa:12:e3:8c:25:8e: |
| 8d:4b:74:4f:3e:67:cd:84:2a:63:46:43:3c:45:7f: |
| ad:bc:dd:5c:00:46:7e:25:36:43:d9:98:15:a1:f4: |
| f6:29:5d:54:9d:20:b8:b6:e1:4c:e3:f1:3c:91:47: |
| 9d:eb:d7:f8:a2:f1:c5:f8:bc:7b:bf:bd:40:38:39: |
| 01:3b:98:33:12:d9:de:c6:f9:eb:4b:e3:82:8e:98: |
| 4b:28:1b:cd:ba:22:d5:b3:02:12:fc:40:86:ec:3e: |
| e7:51 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 1B:6F:D1:A8:67:1C:5F:A0:86:1B:FF:7B:E0:F4:72:33:CF:7C:F0:26 |
| X509v3 Authority Key Identifier: |
| keyid:B2:C0:C2:33:FD:8F:F5:37:4B:52:85:82:DD:31:5D:CE:A2:99:71:D0 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment, Certificate Sign |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 5e:d5:2c:0f:bd:dc:c2:8e:c5:4c:00:0c:9e:a6:47:68:49:fb: |
| 14:46:7c:d2:6f:89:20:40:7b:1f:8b:30:e6:10:ce:5a:e7:7e: |
| f1:d8:85:f5:bb:53:37:1e:93:c5:d7:97:fd:ce:1a:e1:4a:f7: |
| fc:a8:fb:c0:5a:48:d9:cb:e1:3a:c5:71:d9:05:23:9e:01:9b: |
| 3d:a2:08:ca:e6:5f:0c:80:98:c9:b9:66:48:45:5f:b2:cb:8d: |
| b6:73:89:ca:53:3b:0b:29:dc:0b:a1:14:fe:32:53:b6:9e:62: |
| 8b:ee:86:df:86:37:86:8d:84:0f:d9:48:c3:1f:33:08:99:2a: |
| e1:da:2d:a0:b1:b9:47:70:68:1c:f3:15:a3:ac:b8:25:79:fe: |
| e9:d0:ea:99:69:47:16:03:65:47:7f:ac:a1:a5:f3:2f:ea:d3: |
| 89:c6:ea:a9:8a:6e:c0:64:8d:81:5e:3d:f2:48:52:4f:ba:2f: |
| 78:29:3e:95:55:d4:78:6a:9a:96:a5:0f:05:71:b7:88:d4:15: |
| 13:0f:ef:d7:c3:9d:29:c7:40:09:7d:2b:93:ca:9f:2a:d0:6c: |
| 0d:5f:b8:8a:a4:bc:47:aa:c7:87:50:97:27:19:d0:58:0d:3a: |
| 81:38:63:60:f7:95:21:d5:b2:f9:97:d3:54:a7:53:47:13:bb: |
| d7:99:82:01 |
| -----BEGIN CERTIFICATE----- |
| MIIDoDCCAoigAwIBAgIUDeBl0opyfGB9+H6IbfCmgCPhOKkwDQYJKoZIhvcNAQEL |
| BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE4MDMxMDEyMDAwMFoXDTIx |
| MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF |
| AAOCAQ8AMIIBCgKCAQEA1ZdNzrmJewBP5B/2sB0mfcVCcCFAOqb5B1sRxvsPjnlG |
| eK00cUa0+pZ1Bsg+x+karvBHf0tTSvJGg4mSsBERDAR8M+FLfrW1slSnKGQxe+Jc |
| SgAwP4wh4GH2FeggA7/O07TsbieI+6mwmnN5JkZVowWsJbpvJDwXfRdsJa0UaAv9 |
| ptZfWppKnW2G5Xe5UJxAK0CvHZJOInrB61cXFk36EuOMJY6NS3RPPmfNhCpjRkM8 |
| RX+tvN1cAEZ+JTZD2ZgVofT2KV1UnSC4tuFM4/E8kUed69f4ovHF+Lx7v71AODkB |
| O5gzEtnexvnrS+OCjphLKBvNuiLVswIS/ECG7D7nUQIDAQABo4HpMIHmMB0GA1Ud |
| DgQWBBQbb9GoZxxfoIYb/3vg9HIzz3zwJjAfBgNVHSMEGDAWgBSywMIz/Y/1N0tS |
| hYLdMV3Ooplx0DA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 |
| cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 |
| dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIC |
| pDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD |
| ggEBAF7VLA+93MKOxUwADJ6mR2hJ+xRGfNJviSBAex+LMOYQzlrnfvHYhfW7Uzce |
| k8XXl/3OGuFK9/yo+8BaSNnL4TrFcdkFI54Bmz2iCMrmXwyAmMm5ZkhFX7LLjbZz |
| icpTOwsp3AuhFP4yU7aeYovuht+GN4aNhA/ZSMMfMwiZKuHaLaCxuUdwaBzzFaOs |
| uCV5/unQ6plpRxYDZUd/rKGl8y/q04nG6qmKbsBkjYFePfJIUk+6L3gpPpVV1Hhq |
| mpalDwVxt4jUFRMP79fDnSnHQAl9K5PKnyrQbA1fuIqkvEeqx4dQlycZ0FgNOoE4 |
| Y2D3lSHVsvmX01SnU0cTu9eZggE= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 03:1e:f6:e0:d5:64:b5:71:7d:eb:f5:6d:bf:03:da:71:a6:d9:eb:26 |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Mar 10 12:00:00 2018 GMT |
| Not After : Jan 1 12:00:00 2021 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:c6:14:bf:96:32:0d:cf:bb:58:2a:b4:3c:97:e5: |
| 6c:22:92:ff:d3:14:e2:b9:0b:c9:fe:0d:09:d0:c6: |
| b5:48:ed:e0:2a:25:04:2e:16:08:6b:55:da:d1:f3: |
| b1:c1:1a:49:85:33:f4:bb:7c:d6:38:45:c8:af:4d: |
| d4:a9:43:a7:56:cf:9c:40:a5:2b:b8:13:7f:ee:6b: |
| fe:98:3b:ed:74:2a:5e:c7:9f:7c:e0:73:6c:a7:c4: |
| d8:f1:e3:55:79:6c:02:7c:b4:e8:3f:1a:93:57:62: |
| 3a:86:5b:24:db:70:f2:fd:94:91:95:6b:68:72:73: |
| 31:44:a5:36:32:e6:77:37:bb:e1:cb:6d:b5:aa:20: |
| 3a:02:7e:ff:44:6d:79:e4:7d:e6:d3:72:92:e9:59: |
| 92:57:ff:be:e8:e2:d9:84:47:f8:a9:f6:11:ee:cf: |
| 5b:7f:92:d8:19:44:7f:96:40:52:19:09:80:af:2f: |
| 36:65:14:9a:fe:ef:aa:aa:c9:00:fb:ac:d3:87:59: |
| 14:ab:69:52:4c:4f:87:0f:74:49:ab:c5:f2:fb:73: |
| 23:c0:91:c9:93:82:6f:28:8d:23:f9:2d:f3:92:cc: |
| f5:68:20:86:0d:37:35:d7:46:da:dd:4a:fc:92:3b: |
| 32:a2:67:ba:f5:b3:49:13:76:e9:5e:78:a0:86:3e: |
| de:2d |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| B2:C0:C2:33:FD:8F:F5:37:4B:52:85:82:DD:31:5D:CE:A2:99:71:D0 |
| X509v3 Authority Key Identifier: |
| keyid:24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 9f:c6:60:37:6a:32:41:1a:c2:23:f0:c7:9a:4f:c7:76:e7:0e: |
| 5c:3f:c0:3a:f9:89:43:f6:79:46:a4:32:aa:02:04:b1:8c:5c: |
| eb:7a:af:84:ae:a5:f9:65:8a:dc:cf:97:f1:d6:d7:d7:a4:bd: |
| e7:67:a9:bb:e9:18:16:a2:c1:6e:08:e3:3a:ac:2a:65:cf:e6: |
| cb:9f:a8:7d:1c:3e:1f:c4:e8:0a:96:09:89:f6:72:8c:da:6a: |
| 88:3d:9d:d2:ba:80:ef:03:ac:ec:33:01:5b:d1:28:50:7d:a4: |
| d7:67:75:69:10:dd:dc:09:c6:7c:b1:07:96:c1:4f:5c:d9:cb: |
| 18:1b:0d:ab:96:16:cf:b3:79:ae:39:86:5d:e2:94:11:7a:49: |
| 67:e8:62:cd:53:b8:a3:5d:2a:b5:17:93:4b:19:39:75:47:f4: |
| ea:f5:51:72:65:a2:43:17:29:57:8c:5a:06:c8:d2:a6:16:9a: |
| ce:c6:f9:89:5c:84:b7:b1:91:92:bd:a9:df:c2:2e:5d:70:ce: |
| 6d:b7:84:67:e5:ce:df:3f:5f:61:93:0e:f5:ad:9b:08:b1:f6: |
| b6:d8:15:a8:b6:1e:c1:88:ec:7c:80:68:31:4d:79:13:0c:1d: |
| 30:46:cd:db:ab:4c:dd:ec:6a:b3:33:58:0b:0e:1d:b8:fb:7d: |
| 97:e3:5b:54 |
| -----BEGIN CERTIFICATE----- |
| MIIDgDCCAmigAwIBAgIUAx724NVktXF96/VtvwPacabZ6yYwDQYJKoZIhvcNAQEL |
| BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xODAzMTAxMjAwMDBaFw0yMTAxMDExMjAw |
| MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD |
| ggEPADCCAQoCggEBAMYUv5YyDc+7WCq0PJflbCKS/9MU4rkLyf4NCdDGtUjt4Col |
| BC4WCGtV2tHzscEaSYUz9Lt81jhFyK9N1KlDp1bPnEClK7gTf+5r/pg77XQqXsef |
| fOBzbKfE2PHjVXlsAny06D8ak1diOoZbJNtw8v2UkZVraHJzMUSlNjLmdze74ctt |
| taogOgJ+/0RteeR95tNykulZklf/vuji2YRH+Kn2Ee7PW3+S2BlEf5ZAUhkJgK8v |
| NmUUmv7vqqrJAPus04dZFKtpUkxPhw90SavF8vtzI8CRyZOCbyiNI/kt85LM9Wgg |
| hg03NddG2t1K/JI7MqJnuvWzSRN26V54oIY+3i0CAwEAAaOByzCByDAdBgNVHQ4E |
| FgQUssDCM/2P9TdLUoWC3TFdzqKZcdAwHwYDVR0jBBgwFoAUJNu03j4/qh2wV3od |
| fM2G6WvQFW8wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs |
| LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m |
| b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ |
| MA0GCSqGSIb3DQEBCwUAA4IBAQCfxmA3ajJBGsIj8MeaT8d25w5cP8A6+YlD9nlG |
| pDKqAgSxjFzreq+ErqX5ZYrcz5fx1tfXpL3nZ6m76RgWosFuCOM6rCplz+bLn6h9 |
| HD4fxOgKlgmJ9nKM2mqIPZ3SuoDvA6zsMwFb0ShQfaTXZ3VpEN3cCcZ8sQeWwU9c |
| 2csYGw2rlhbPs3muOYZd4pQRekln6GLNU7ijXSq1F5NLGTl1R/Tq9VFyZaJDFylX |
| jFoGyNKmFprOxvmJXIS3sZGSvanfwi5dcM5tt4Rn5c7fP19hkw71rZsIsfa22BWo |
| th7BiOx8gGgxTXkTDB0wRs3bq0zd7GqzM1gLDh24+32X41tU |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 03:1e:f6:e0:d5:64:b5:71:7d:eb:f5:6d:bf:03:da:71:a6:d9:eb:25 |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Mar 10 12:00:00 2018 GMT |
| Not After : Jan 1 12:00:00 2021 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:e4:4e:96:f6:de:02:05:e7:16:80:fa:ed:b1:3c: |
| f3:19:ea:7b:d2:fe:ed:93:b7:09:37:7d:c1:98:9b: |
| 65:a9:84:09:72:cd:e5:d8:da:21:44:c2:2e:92:95: |
| 12:fe:35:0c:66:34:ad:f3:4f:c5:2f:d0:2e:57:41: |
| 1c:3b:ce:c9:51:17:05:eb:06:f7:4f:fb:6e:27:9d: |
| 06:d8:10:87:f4:97:5f:0f:9d:5d:d7:2b:d3:3b:21: |
| 5b:5a:8f:20:e0:97:16:7b:15:39:d6:3f:ff:1d:06: |
| 53:74:62:78:68:5b:ed:c2:05:e7:86:8b:1a:63:3a: |
| d3:e4:a9:25:8f:0e:92:13:df:39:d6:31:82:bf:bd: |
| ef:d4:21:9d:0e:7f:c9:90:ef:1d:c5:f3:c4:00:1e: |
| 4a:03:61:f4:5e:cf:e9:58:e5:12:49:37:31:49:89: |
| 54:d8:59:40:78:eb:e2:3f:75:9c:a5:ff:1c:33:b8: |
| 6c:26:26:5a:8f:28:12:1f:4e:81:e5:a6:aa:dd:c6: |
| d9:c9:94:6a:15:3c:9e:7a:59:29:92:cb:7a:f5:67: |
| c4:d4:dd:4c:c5:6e:fb:b3:c2:5a:9d:f1:0b:35:17: |
| 92:b6:85:dc:fd:45:c5:3f:13:f3:cd:fc:bc:b6:59: |
| c0:17:0b:ce:b3:e1:47:d1:2f:34:74:a4:5c:ba:a9: |
| cf:0d |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F |
| X509v3 Authority Key Identifier: |
| keyid:24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 69:6d:e6:97:c4:6d:a6:f2:93:c4:45:cf:1c:e5:f8:3d:f5:55: |
| e4:a9:dc:fe:e4:a5:dc:47:24:9c:05:1e:69:d8:0a:cb:3e:c3: |
| 58:6c:c9:d0:c0:fc:62:8b:04:5c:8a:96:a0:fa:44:31:6c:c7: |
| 8e:91:de:54:70:18:06:a8:f4:cf:b8:f7:2c:33:d1:06:41:cc: |
| 28:4b:94:76:44:3e:48:e2:dd:52:f5:1c:cc:46:02:83:f4:09: |
| 56:16:51:d6:ce:8d:73:12:b2:ab:06:43:dc:0d:3c:12:c5:5a: |
| 7d:94:de:34:2e:f5:da:47:bb:db:6a:1c:cc:23:e4:61:23:57: |
| f6:cb:93:f2:0c:56:29:50:fb:dc:ce:97:8e:9d:c4:4d:6e:8a: |
| 86:c4:d4:5c:ca:52:21:26:12:17:fd:3b:87:31:9a:85:37:c2: |
| e5:b3:7f:a8:de:c6:4a:78:1a:e2:55:fe:f0:06:2d:45:59:9f: |
| 10:b6:3d:6e:2d:55:df:42:a7:85:83:b6:53:e9:62:02:d3:9b: |
| dd:e1:cc:ec:a4:76:14:02:59:1f:39:30:3c:2b:10:72:4c:cc: |
| f8:62:bb:be:2d:2c:d3:5b:6d:9a:d7:b5:45:77:1c:b5:2e:04: |
| c0:dc:52:2e:1f:6b:65:cc:3d:03:a1:f0:8d:7d:da:62:49:0a: |
| f6:74:18:dd |
| -----BEGIN CERTIFICATE----- |
| MIIDeDCCAmCgAwIBAgIUAx724NVktXF96/VtvwPacabZ6yUwDQYJKoZIhvcNAQEL |
| BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xODAzMTAxMjAwMDBaFw0yMTAxMDExMjAw |
| MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK |
| AoIBAQDkTpb23gIF5xaA+u2xPPMZ6nvS/u2Ttwk3fcGYm2WphAlyzeXY2iFEwi6S |
| lRL+NQxmNK3zT8Uv0C5XQRw7zslRFwXrBvdP+24nnQbYEIf0l18PnV3XK9M7IVta |
| jyDglxZ7FTnWP/8dBlN0YnhoW+3CBeeGixpjOtPkqSWPDpIT3znWMYK/ve/UIZ0O |
| f8mQ7x3F88QAHkoDYfRez+lY5RJJNzFJiVTYWUB46+I/dZyl/xwzuGwmJlqPKBIf |
| ToHlpqrdxtnJlGoVPJ56WSmSy3r1Z8TU3UzFbvuzwlqd8Qs1F5K2hdz9RcU/E/PN |
| /Ly2WcAXC86z4UfRLzR0pFy6qc8NAgMBAAGjgcswgcgwHQYDVR0OBBYEFCTbtN4+ |
| P6odsFd6HXzNhulr0BVvMB8GA1UdIwQYMBaAFCTbtN4+P6odsFd6HXzNhulr0BVv |
| MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh |
| L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S |
| b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG |
| 9w0BAQsFAAOCAQEAaW3ml8RtpvKTxEXPHOX4PfVV5Knc/uSl3EcknAUeadgKyz7D |
| WGzJ0MD8YosEXIqWoPpEMWzHjpHeVHAYBqj0z7j3LDPRBkHMKEuUdkQ+SOLdUvUc |
| zEYCg/QJVhZR1s6NcxKyqwZD3A08EsVafZTeNC712ke722oczCPkYSNX9suT8gxW |
| KVD73M6Xjp3ETW6KhsTUXMpSISYSF/07hzGahTfC5bN/qN7GSnga4lX+8AYtRVmf |
| ELY9bi1V30KnhYO2U+liAtOb3eHM7KR2FAJZHzkwPCsQckzM+GK7vi0s01ttmte1 |
| RXcctS4EwNxSLh9rZcw9A6HwjX3aYkkK9nQY3Q== |
| -----END CERTIFICATE----- |