| [Created by: generate-expired-unconstrained-root.py] |
| |
| Certificate chain with 1 intermediate, where the root certificate is expired |
| (violates validity.notAfter). Verification is expected to succeed as |
| the trust anchor has no constraints (so expiration of the certificate is not |
| enforced). |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:c8:7c:97:b3:0d:f9:56:4b:f9:6c:a3:4b:05:f3: |
| d6:34:aa:f9:3b:b9:59:7f:02:7b:89:b5:d0:9b:be: |
| 38:c9:e6:62:0e:79:38:c7:aa:bc:2c:0b:6b:3e:b5: |
| 22:ba:8a:23:2f:ee:c4:8b:5a:59:a7:9e:4d:a0:bb: |
| a2:13:61:9e:d6:b0:1f:34:74:b6:bc:ff:fd:ee:95: |
| 00:5b:3a:71:e1:c1:5c:89:5f:f4:70:60:f1:ca:1c: |
| 2d:33:49:03:a2:78:a1:b4:96:f1:ef:6a:ba:03:77: |
| 89:bc:64:34:99:b1:20:54:18:78:5b:d7:98:c9:c2: |
| d2:f1:c6:64:2f:18:2f:b8:e7:e7:25:78:91:7a:59: |
| 34:ca:2f:e2:c9:47:62:b6:ff:0d:39:11:03:f5:97: |
| e5:fd:33:14:52:4f:cc:46:6e:b1:8c:52:00:fb:dd: |
| be:e7:dd:fe:93:49:15:ae:98:86:bf:ea:13:ca:2b: |
| 29:4a:16:ab:83:4f:26:e5:bd:e8:23:40:55:a9:a3: |
| aa:f4:0c:56:54:13:a0:f1:dd:3b:6b:d1:7b:2b:a8: |
| 46:37:3a:fa:6b:2c:94:0e:17:0a:1b:f0:fa:37:1f: |
| e1:14:74:d8:50:43:f6:86:9c:99:bb:03:6e:46:1e: |
| e4:64:f5:4f:4f:67:b8:f6:8c:c2:5e:9d:ef:c1:0f: |
| ac:c3 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| CA:78:A4:F1:F5:90:DF:91:0F:99:E9:68:EC:EA:37:23:7B:83:C1:6D |
| X509v3 Authority Key Identifier: |
| keyid:56:44:1D:0C:BA:47:5A:7D:24:AB:AC:13:96:25:FF:86:D0:08:85:8C |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 18:42:14:de:e2:54:ee:72:4c:e2:22:ae:bf:58:10:f3:51:e3: |
| 00:a3:93:48:aa:a5:88:54:64:df:d0:d8:46:a7:68:ac:e4:ce: |
| 18:59:c1:40:1b:19:7a:5c:61:1e:98:38:3a:6a:a4:19:85:3c: |
| da:f7:31:2e:cb:b1:a1:fe:5c:a7:54:02:ca:e5:dd:78:ae:24: |
| 9a:79:ce:72:c0:60:e4:e2:ef:5e:d8:b1:96:a2:41:28:01:e6: |
| d1:16:f9:65:b4:68:82:78:00:e5:72:5b:56:62:6e:3d:f6:0a: |
| 4e:76:56:39:c7:92:35:7e:cc:22:98:be:17:1e:f0:ae:4d:1b: |
| 5d:e2:e6:f9:8d:ce:8a:24:0e:12:31:e0:0d:ca:c7:18:70:f5: |
| 3e:a5:79:e1:d5:96:60:87:36:98:b6:5c:f4:91:3b:76:c4:d5: |
| 1f:95:a0:4f:e5:60:94:15:23:0f:4c:51:4a:b2:5e:24:6e:16: |
| a7:1a:86:43:58:e9:8b:2d:2e:3a:b2:8a:82:fd:af:40:7d:97: |
| 53:a9:12:ae:3c:aa:3f:5c:1b:6e:14:ef:22:32:c5:4f:f1:02: |
| 67:56:68:e7:ee:ee:f9:a3:ba:71:90:cb:6b:85:d3:15:78:11: |
| ce:50:ca:36:32:8e:e8:09:a1:6f:23:ff:26:5a:fd:75:8e:0d: |
| 5d:db:7f:de |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIfJez |
| DflWS/lso0sF89Y0qvk7uVl/AnuJtdCbvjjJ5mIOeTjHqrwsC2s+tSK6iiMv7sSL |
| Wlmnnk2gu6ITYZ7WsB80dLa8//3ulQBbOnHhwVyJX/RwYPHKHC0zSQOieKG0lvHv |
| aroDd4m8ZDSZsSBUGHhb15jJwtLxxmQvGC+45+cleJF6WTTKL+LJR2K2/w05EQP1 |
| l+X9MxRST8xGbrGMUgD73b7n3f6TSRWumIa/6hPKKylKFquDTyblvegjQFWpo6r0 |
| DFZUE6Dx3Ttr0XsrqEY3OvprLJQOFwob8Po3H+EUdNhQQ/aGnJm7A25GHuRk9U9P |
| Z7j2jMJene/BD6zDAgMBAAGjgekwgeYwHQYDVR0OBBYEFMp4pPH1kN+RD5npaOzq |
| NyN7g8FtMB8GA1UdIwQYMBaAFFZEHQy6R1p9JKusE5Yl/4bQCIWMMD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAGEIU3uJU7nJM4iKuv1gQ |
| 81HjAKOTSKqliFRk39DYRqdorOTOGFnBQBsZelxhHpg4OmqkGYU82vcxLsuxof5c |
| p1QCyuXdeK4kmnnOcsBg5OLvXtixlqJBKAHm0Rb5ZbRogngA5XJbVmJuPfYKTnZW |
| OceSNX7MIpi+Fx7wrk0bXeLm+Y3OiiQOEjHgDcrHGHD1PqV54dWWYIc2mLZc9JE7 |
| dsTVH5WgT+VglBUjD0xRSrJeJG4WpxqGQ1jpiy0uOrKKgv2vQH2XU6kSrjyqP1wb |
| bhTvIjLFT/ECZ1Zo5+7u+aO6cZDLa4XTFXgRzlDKNjKO6AmhbyP/Jlr9dY4NXdt/ |
| 3g== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:b8:ea:dc:cf:e7:81:3c:c1:99:70:bd:71:4c:93: |
| 94:33:49:be:87:bf:28:2b:d0:6c:38:90:66:7d:37: |
| d5:a3:f1:5c:a1:a5:41:35:0b:5c:a7:bc:8f:ac:b3: |
| 09:ef:62:68:9f:60:3e:9e:4c:cb:7f:a4:bf:4a:0f: |
| a7:b2:5a:93:ec:b8:14:30:3f:d9:86:b8:ad:31:8a: |
| bf:20:ab:c7:40:dc:28:5b:3e:dc:39:b2:00:44:34: |
| 01:d6:81:13:a7:e6:d1:d8:d3:68:22:95:ee:bf:bd: |
| e4:d1:9f:08:dd:a9:ff:65:ff:81:6a:68:1d:ee:d3: |
| d5:c4:76:85:54:43:73:bf:f0:3c:c1:66:bb:a4:eb: |
| 22:1e:81:29:dd:4f:41:c2:a4:73:63:43:24:60:ef: |
| e2:f0:ae:e6:a6:25:c8:a9:ee:1b:7f:ab:be:71:cb: |
| f7:15:cb:2d:b4:a7:56:4b:2b:35:08:9b:12:70:15: |
| 33:53:ca:a7:b4:97:37:34:d3:f7:d5:f8:19:54:03: |
| 50:b4:f5:47:1a:f1:10:03:b5:54:64:c1:9c:b5:6d: |
| 14:0a:5a:28:24:4b:11:b6:fe:70:c2:0f:80:82:cd: |
| 94:59:16:ff:75:8b:da:91:3d:5f:16:95:4d:61:77: |
| 67:28:37:3b:6e:a6:a4:88:33:01:12:a0:10:fc:59: |
| 49:d3 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 56:44:1D:0C:BA:47:5A:7D:24:AB:AC:13:96:25:FF:86:D0:08:85:8C |
| X509v3 Authority Key Identifier: |
| keyid:07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 38:e4:78:d9:89:e4:56:3c:54:06:4a:fa:95:79:32:8c:0c:94: |
| e8:85:29:b4:d7:c8:d3:9b:6a:69:30:b6:f5:1f:8a:4c:09:6d: |
| b5:a3:43:ae:9f:75:35:5b:80:7e:82:eb:fb:1c:17:9c:9f:ff: |
| 71:e8:e5:83:2e:a4:f1:8a:40:23:5a:62:ab:40:2a:b0:7f:9a: |
| b3:ec:c4:75:a8:af:29:9e:e6:59:6e:85:a2:36:1a:51:e8:e8: |
| 22:3f:ff:49:22:4e:7f:64:03:2e:94:d0:8c:6d:85:e2:84:65: |
| fb:02:e2:27:9b:cf:1e:54:a9:69:94:68:29:4b:87:46:5c:50: |
| ee:ef:29:30:f5:7f:87:1d:53:05:68:bf:c6:a8:9f:b1:6a:5a: |
| ca:4f:03:dd:f5:de:88:36:7d:04:57:a5:df:ff:f8:db:5d:cc: |
| 9f:92:28:23:1b:06:aa:7e:e0:2d:ad:9d:05:d4:58:40:7a:5c: |
| cb:69:fa:44:91:02:ac:12:fa:dd:b5:0e:7f:e7:2d:31:69:c6: |
| 4f:70:b2:8f:ae:73:70:ca:e3:3b:8e:0c:af:3f:19:47:ac:7b: |
| b1:36:c2:07:67:c4:47:46:fe:e0:cd:a4:7f:80:f5:8a:f5:af: |
| 91:da:a2:f9:28:87:09:fe:4c:2c:6d:1d:e9:05:d1:12:31:ae: |
| b3:fe:44:ca |
| -----BEGIN CERTIFICATE----- |
| MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOrcz+eB |
| PMGZcL1xTJOUM0m+h78oK9BsOJBmfTfVo/FcoaVBNQtcp7yPrLMJ72Jon2A+nkzL |
| f6S/Sg+nslqT7LgUMD/ZhritMYq/IKvHQNwoWz7cObIARDQB1oETp+bR2NNoIpXu |
| v73k0Z8I3an/Zf+Bamgd7tPVxHaFVENzv/A8wWa7pOsiHoEp3U9BwqRzY0MkYO/i |
| 8K7mpiXIqe4bf6u+ccv3FcsttKdWSys1CJsScBUzU8qntJc3NNP31fgZVANQtPVH |
| GvEQA7VUZMGctW0UClooJEsRtv5wwg+Ags2UWRb/dYvakT1fFpVNYXdnKDc7bqak |
| iDMBEqAQ/FlJ0wIDAQABo4HLMIHIMB0GA1UdDgQWBBRWRB0MukdafSSrrBOWJf+G |
| 0AiFjDAfBgNVHSMEGDAWgBQHdR7jZPnKBke0aLnYNDlGh40noTA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| ADjkeNmJ5FY8VAZK+pV5MowMlOiFKbTXyNObamkwtvUfikwJbbWjQ66fdTVbgH6C |
| 6/scF5yf/3Ho5YMupPGKQCNaYqtAKrB/mrPsxHWoryme5lluhaI2GlHo6CI//0ki |
| Tn9kAy6U0IxtheKEZfsC4iebzx5UqWmUaClLh0ZcUO7vKTD1f4cdUwVov8aon7Fq |
| WspPA9313og2fQRXpd//+NtdzJ+SKCMbBqp+4C2tnQXUWEB6XMtp+kSRAqwS+t21 |
| Dn/nLTFpxk9wso+uc3DK4zuODK8/GUese7E2wgdnxEdG/uDNpH+A9Yr1r5Haovko |
| hwn+TCxtHekF0RIxrrP+RMo= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Mar 1 12:00:00 2015 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:a9:91:e0:b0:cc:ae:f4:2a:c1:32:17:cf:cf:c8: |
| f1:19:d8:82:d0:ae:e4:22:4b:3b:94:af:4a:ee:7a: |
| 36:29:60:18:39:8f:f2:51:d7:1c:a0:18:29:f1:98: |
| cb:8d:fa:e0:09:d6:0d:7f:74:08:cb:58:2e:0f:8b: |
| 1c:9d:05:31:8a:e2:41:b6:18:0f:98:ee:70:78:d3: |
| 2b:50:d4:87:a7:f6:36:6b:71:40:37:97:a9:34:3f: |
| a1:40:37:f7:e3:5b:bc:4f:21:b6:80:ef:c9:cb:e8: |
| 94:da:fa:d0:23:33:e6:e1:7f:57:72:59:c6:ca:7f: |
| 93:2f:5c:5e:d9:a8:55:8e:f2:a0:45:77:03:29:6b: |
| 55:f6:38:c2:fa:42:bc:9a:73:4a:5b:2a:27:5a:dd: |
| ab:c0:68:d0:b3:51:5b:e7:b8:4e:02:8f:09:35:31: |
| 36:93:52:a3:bd:69:5f:58:f4:de:3f:44:4a:8d:ea: |
| 9a:08:8f:1e:f6:5c:b1:db:21:0b:07:0a:8f:9b:d1: |
| d4:7f:cb:05:96:d5:04:b1:d2:5e:d9:13:6a:33:5b: |
| d4:98:05:1c:c0:33:07:a7:84:7c:6a:ca:5d:65:5e: |
| ea:18:6c:ef:4c:d6:65:a6:c1:07:bb:11:78:c3:fb: |
| 91:be:36:09:08:98:42:9b:6f:eb:ad:80:e0:14:13: |
| 11:85 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 |
| X509v3 Authority Key Identifier: |
| keyid:07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 1c:0e:a2:5f:96:f2:00:13:ed:56:30:0d:62:cd:d3:01:d2:ed: |
| 9a:9a:4a:2e:e8:47:15:5e:54:65:c5:1a:85:8b:4d:ed:0b:4e: |
| 1d:37:7d:10:80:bf:5f:a8:3d:33:fd:39:6f:7c:5a:f0:eb:e9: |
| 0e:12:ff:fd:7d:96:07:1d:28:5a:b2:6c:2f:6c:23:b8:15:75: |
| c0:ed:5d:7e:04:f9:7b:31:9c:df:75:4e:93:4d:46:99:ea:0c: |
| 82:1c:17:6d:c0:82:c2:bf:f7:74:d1:57:e9:53:df:8e:47:c1: |
| 80:28:1b:1d:4f:79:91:5b:c3:78:bc:a5:e6:f3:79:02:a6:71: |
| 2e:26:50:8b:fe:d8:41:1f:a5:08:e6:2c:e9:bd:ee:07:16:7a: |
| b3:9f:8b:66:8e:10:41:0d:b1:5c:f4:2a:3c:23:36:a0:40:42: |
| f3:88:21:f6:74:c0:2c:53:f3:44:34:7f:81:cd:53:cb:d1:e6: |
| df:b3:0e:99:f2:ae:37:95:a8:ea:0d:f0:37:40:a6:68:07:f9: |
| 42:fd:0d:87:63:1a:b0:82:f7:1f:5a:46:49:4c:7b:24:d3:c5: |
| 05:36:0b:3b:4b:65:93:82:74:61:e9:ed:11:2e:5c:99:eb:73: |
| b0:e2:c7:ec:dd:a2:17:91:17:be:d1:45:df:9e:fc:a3:67:be: |
| 5f:c7:e1:2e |
| -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- |
| MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE1MDMwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKmR4LDMrvQqwTIXz8/I |
| 8RnYgtCu5CJLO5SvSu56NilgGDmP8lHXHKAYKfGYy4364AnWDX90CMtYLg+LHJ0F |
| MYriQbYYD5jucHjTK1DUh6f2NmtxQDeXqTQ/oUA39+NbvE8htoDvycvolNr60CMz |
| 5uF/V3JZxsp/ky9cXtmoVY7yoEV3AylrVfY4wvpCvJpzSlsqJ1rdq8Bo0LNRW+e4 |
| TgKPCTUxNpNSo71pX1j03j9ESo3qmgiPHvZcsdshCwcKj5vR1H/LBZbVBLHSXtkT |
| ajNb1JgFHMAzB6eEfGrKXWVe6hhs70zWZabBB7sReMP7kb42CQiYQptv662A4BQT |
| EYUCAwEAAaOByzCByDAdBgNVHQ4EFgQUB3Ue42T5ygZHtGi52DQ5RoeNJ6EwHwYD |
| VR0jBBgwFoAUB3Ue42T5ygZHtGi52DQ5RoeNJ6EwNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAcDqJflvIA |
| E+1WMA1izdMB0u2amkou6EcVXlRlxRqFi03tC04dN30QgL9fqD0z/TlvfFrw6+kO |
| Ev/9fZYHHShasmwvbCO4FXXA7V1+BPl7MZzfdU6TTUaZ6gyCHBdtwILCv/d00Vfp |
| U9+OR8GAKBsdT3mRW8N4vKXm83kCpnEuJlCL/thBH6UI5izpve4HFnqzn4tmjhBB |
| DbFc9Co8IzagQELziCH2dMAsU/NENH+BzVPL0ebfsw6Z8q43lajqDfA3QKZoB/lC |
| /Q2HYxqwgvcfWkZJTHsk08UFNgs7S2WTgnRh6e0RLlyZ63Ow4sfs3aIXkRe+0UXf |
| nvyjZ75fx+Eu |
| -----END TRUST_ANCHOR_UNCONSTRAINED----- |
| |
| 150302120000Z |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| SUCCESS |
| -----BEGIN VERIFY_RESULT----- |
| U1VDQ0VTUw== |
| -----END VERIFY_RESULT----- |
| |
| serverAuth |
| -----BEGIN KEY_PURPOSE----- |
| c2VydmVyQXV0aA== |
| -----END KEY_PURPOSE----- |
