| [Created by: generate-unconstrained-root-lacks-basic-constraints.py] |
| |
| Certificate chain with 1 intermediate and a trust anchor. The trust anchor |
| lacks the basic constraints extension. This is not a problem and verification |
| should succeed. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:bc:1b:31:ef:84:8e:64:39:4e:02:f3:81:fc:75: |
| 0b:07:af:5b:57:53:6b:df:27:87:03:1c:3d:ea:b3: |
| 6a:b5:14:e9:98:1d:13:16:fc:51:5b:04:c5:72:81: |
| 3e:26:05:54:9b:19:f8:7e:c0:ee:c8:49:eb:e2:9d: |
| 78:82:c8:e9:c5:af:eb:fc:10:85:e2:5f:e6:6a:8e: |
| 51:19:69:69:10:5e:aa:99:31:64:c4:3d:0f:3e:f0: |
| 5a:2a:cd:dd:b7:27:ff:5a:ee:91:c3:ad:92:9e:da: |
| 91:df:7d:7f:77:f1:79:d8:6e:60:48:ad:57:f1:2d: |
| 6e:67:5b:fe:20:5c:b9:56:a7:70:8d:63:80:5a:99: |
| cf:3d:6e:14:f5:d8:29:b9:25:81:61:c7:bb:be:3b: |
| 08:38:c5:5d:40:aa:e7:15:51:8a:84:d3:78:64:f5: |
| 3b:09:7b:a9:f2:ed:a5:05:ed:3a:67:21:45:f1:78: |
| 78:e2:92:74:20:e0:41:10:f7:ab:9e:0e:fd:22:af: |
| ad:8f:b4:81:cb:d9:28:b1:49:90:05:fa:f7:96:a8: |
| b7:96:3d:5b:87:d9:6b:cc:82:7a:85:26:ba:e6:86: |
| 40:53:44:09:38:27:4d:8a:98:5d:ce:56:a1:93:38: |
| 08:fd:02:92:ef:9b:0c:d5:c0:9d:12:e8:21:08:9d: |
| ba:e1 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| A4:68:89:3F:A2:F7:48:BC:C6:C4:9C:7E:78:B9:E6:06:A7:37:2E:A2 |
| X509v3 Authority Key Identifier: |
| keyid:A0:FF:6A:B0:DB:6D:76:3D:1F:D2:A3:83:33:02:BE:32:A2:71:34:85 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 2b:b6:4e:ac:b6:8d:bb:7c:cc:0b:6f:77:9c:54:ed:88:25:34: |
| c7:42:88:7c:35:23:74:c7:e7:7d:86:7d:fd:f0:0b:40:e2:64: |
| 5b:a3:1b:a2:34:77:09:b4:7d:5e:7b:a4:85:7f:23:b5:2f:43: |
| f8:0f:33:6c:86:9c:7a:ee:0d:54:45:fb:1c:57:c8:01:91:60: |
| 27:0b:bb:ac:8c:23:c4:5f:18:42:2e:df:24:cb:12:77:2c:0c: |
| 6c:d1:8f:34:ee:a8:06:e3:8a:fe:34:e6:ca:bc:25:e5:33:a4: |
| 23:df:00:4f:f4:e4:af:d9:7f:08:1a:78:a5:ba:80:81:49:bf: |
| 8f:7c:ee:ee:27:ac:fc:d8:91:69:36:2b:dc:33:ae:d6:ad:47: |
| 8d:5d:4c:c0:a5:a2:61:b8:db:b0:7b:92:79:b5:61:64:78:92: |
| 02:05:68:16:2b:9f:81:66:5a:8e:e6:82:55:5b:83:87:26:e2: |
| da:d0:95:91:06:6d:f9:dc:b6:04:fe:ed:ae:f7:3e:db:a7:38: |
| 31:af:a4:c5:79:f7:d0:3b:b9:2c:79:60:0a:1d:ec:68:8d:3f: |
| 7b:d7:e9:1a:79:de:da:97:42:04:c7:b1:f2:fe:72:68:00:fa: |
| 30:41:0e:1c:26:65:f5:eb:2e:7d:fe:19:05:99:5b:6f:3d:51: |
| 4c:57:c3:cb |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8GzHv |
| hI5kOU4C84H8dQsHr1tXU2vfJ4cDHD3qs2q1FOmYHRMW/FFbBMVygT4mBVSbGfh+ |
| wO7ISevinXiCyOnFr+v8EIXiX+ZqjlEZaWkQXqqZMWTEPQ8+8Foqzd23J/9a7pHD |
| rZKe2pHffX938XnYbmBIrVfxLW5nW/4gXLlWp3CNY4Bamc89bhT12Cm5JYFhx7u+ |
| Owg4xV1AqucVUYqE03hk9TsJe6ny7aUF7TpnIUXxeHjiknQg4EEQ96ueDv0ir62P |
| tIHL2SixSZAF+veWqLeWPVuH2WvMgnqFJrrmhkBTRAk4J02KmF3OVqGTOAj9ApLv |
| mwzVwJ0S6CEInbrhAgMBAAGjgekwgeYwHQYDVR0OBBYEFKRoiT+i90i8xsScfni5 |
| 5ganNy6iMB8GA1UdIwQYMBaAFKD/arDbbXY9H9KjgzMCvjKicTSFMD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAK7ZOrLaNu3zMC293nFTt |
| iCU0x0KIfDUjdMfnfYZ9/fALQOJkW6MbojR3CbR9XnukhX8jtS9D+A8zbIaceu4N |
| VEX7HFfIAZFgJwu7rIwjxF8YQi7fJMsSdywMbNGPNO6oBuOK/jTmyrwl5TOkI98A |
| T/Tkr9l/CBp4pbqAgUm/j3zu7ies/NiRaTYr3DOu1q1HjV1MwKWiYbjbsHuSebVh |
| ZHiSAgVoFiufgWZajuaCVVuDhybi2tCVkQZt+dy2BP7trvc+26c4Ma+kxXn30Du5 |
| LHlgCh3saI0/e9fpGnne2pdCBMex8v5yaAD6MEEOHCZl9esuff4ZBZlbbz1RTFfD |
| yw== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:bd:4b:25:64:f8:46:3e:e8:fc:85:3a:e2:4a:dc: |
| 9a:58:70:6f:65:27:93:14:2f:5d:08:b3:ba:dc:2d: |
| b0:8c:0e:98:f6:21:26:8d:ff:bb:59:2d:db:72:bc: |
| 07:38:8f:11:34:cc:e8:07:0f:07:ed:82:1e:60:be: |
| d8:67:17:98:cb:81:55:40:5e:d9:a0:bd:a5:98:88: |
| 71:17:8e:65:70:3e:8a:9f:b3:23:56:9f:98:a8:db: |
| 64:6a:1b:e1:1a:2c:b1:94:6d:d3:4b:28:fd:e4:1c: |
| d3:7d:93:91:53:5c:3d:89:67:13:04:58:21:64:c9: |
| 89:c7:12:58:91:dc:2f:0f:56:ec:a7:00:4f:60:89: |
| 0a:b9:af:52:8e:20:bc:b3:16:e8:a6:06:ca:3b:07: |
| a5:76:59:7e:4b:17:33:b2:db:8e:d8:31:29:d8:ba: |
| 08:06:51:e1:a1:43:6d:cd:2d:61:e1:03:54:62:1d: |
| 43:28:b9:48:b6:3b:bb:24:47:d0:56:df:ce:ac:d3: |
| ac:a9:0c:13:a5:c8:76:a3:ee:67:0c:79:35:92:5d: |
| 49:8f:a5:4f:8f:ae:79:09:6c:11:15:3f:3a:01:a3: |
| 4d:54:df:93:50:b5:fe:ed:be:53:87:be:b7:65:55: |
| 96:4c:7c:5b:a0:e3:1e:18:e8:9e:8c:95:d1:4a:ea: |
| 5a:4f |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| A0:FF:6A:B0:DB:6D:76:3D:1F:D2:A3:83:33:02:BE:32:A2:71:34:85 |
| X509v3 Authority Key Identifier: |
| keyid:0A:E1:71:15:DF:ED:0D:98:EB:75:A8:37:BC:F1:EE:E3:65:79:AB:C2 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 13:0e:3c:0e:69:c2:bf:7d:aa:a4:8f:47:a6:90:69:0e:d8:b7: |
| 50:2a:c7:95:78:1d:7f:71:41:51:8d:a4:a9:cf:f2:d2:c6:c0: |
| 8f:dd:56:c4:53:94:34:3f:07:e3:b0:4c:71:55:5b:14:a2:de: |
| 8f:1e:3b:15:73:e2:9a:49:df:c8:0e:04:dc:76:76:61:0d:c5: |
| 29:35:12:c4:71:d3:2d:6d:ac:b6:62:53:75:57:44:cf:0b:d2: |
| 1d:66:0a:be:01:b5:a6:58:a0:42:f5:ce:62:3c:d8:21:fd:c6: |
| c7:27:66:b1:2f:d4:04:c2:29:44:32:3a:3b:b2:3c:08:a5:66: |
| 3e:4c:27:c2:36:71:c5:31:05:e7:e9:f8:47:b4:81:33:57:7d: |
| c2:ce:ac:de:c4:15:11:1a:f2:c9:59:72:cd:a4:a8:54:41:ef: |
| d5:d5:67:cf:6e:e3:a0:07:62:ba:83:f7:46:fa:4b:10:7c:91: |
| 9f:ff:aa:1a:c9:46:f9:26:14:c4:01:58:9d:35:75:f0:78:0e: |
| 75:4e:7f:03:e8:83:1b:87:82:99:e0:52:b3:9f:34:a7:26:34: |
| 76:9c:e7:3e:69:d5:9b:e6:9a:45:06:34:19:03:05:b0:15:ca: |
| a2:59:7c:ac:fe:9c:c4:29:54:e2:c8:9c:e1:98:7e:16:7a:b9: |
| f3:9e:aa:d1 |
| -----BEGIN CERTIFICATE----- |
| MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUslZPhG |
| Puj8hTriStyaWHBvZSeTFC9dCLO63C2wjA6Y9iEmjf+7WS3bcrwHOI8RNMzoBw8H |
| 7YIeYL7YZxeYy4FVQF7ZoL2lmIhxF45lcD6Kn7MjVp+YqNtkahvhGiyxlG3TSyj9 |
| 5BzTfZORU1w9iWcTBFghZMmJxxJYkdwvD1bspwBPYIkKua9SjiC8sxbopgbKOwel |
| dll+SxczstuO2DEp2LoIBlHhoUNtzS1h4QNUYh1DKLlItju7JEfQVt/OrNOsqQwT |
| pch2o+5nDHk1kl1Jj6VPj655CWwRFT86AaNNVN+TULX+7b5Th763ZVWWTHxboOMe |
| GOiejJXRSupaTwIDAQABo4HLMIHIMB0GA1UdDgQWBBSg/2qw2212PR/So4MzAr4y |
| onE0hTAfBgNVHSMEGDAWgBQK4XEV3+0NmOt1qDe88e7jZXmrwjA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| ABMOPA5pwr99qqSPR6aQaQ7Yt1Aqx5V4HX9xQVGNpKnP8tLGwI/dVsRTlDQ/B+Ow |
| THFVWxSi3o8eOxVz4ppJ38gOBNx2dmENxSk1EsRx0y1trLZiU3VXRM8L0h1mCr4B |
| taZYoEL1zmI82CH9xscnZrEv1ATCKUQyOjuyPAilZj5MJ8I2ccUxBefp+Ee0gTNX |
| fcLOrN7EFREa8slZcs2kqFRB79XVZ89u46AHYrqD90b6SxB8kZ//qhrJRvkmFMQB |
| WJ01dfB4DnVOfwPogxuHgpngUrOfNKcmNHac5z5p1ZvmmkUGNBkDBbAVyqJZfKz+ |
| nMQpVOLInOGYfhZ6ufOeqtE= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:99:74:ca:c8:3e:26:66:b5:bc:e5:cc:0b:41:30: |
| 7b:cb:99:a5:31:5f:e6:3f:44:81:d3:c5:16:0e:ac: |
| db:2e:cf:5a:08:79:5a:44:c4:f1:bc:e5:74:06:42: |
| 57:35:4b:e7:90:88:ef:dd:59:b7:82:40:b5:ff:c2: |
| 03:32:1b:4d:1c:6d:ee:34:60:a8:c5:24:ab:b0:0f: |
| a6:19:22:86:ae:e3:12:dd:3e:99:3a:36:65:6a:ea: |
| 5d:aa:b0:2d:e9:db:9a:22:83:cb:50:8b:1a:04:cb: |
| 4b:83:83:46:95:e1:45:a7:17:d3:16:ab:70:e6:62: |
| 85:79:ff:73:35:3e:7e:4d:1d:3b:6d:e1:60:0e:15: |
| 3c:12:cf:7a:d7:eb:af:04:0a:43:3b:5f:78:de:df: |
| ba:51:60:4d:20:61:32:2c:f4:61:d3:e2:48:02:8d: |
| a1:d5:05:ec:f4:d0:7d:3d:2e:f8:5f:3b:57:76:21: |
| d8:55:1a:61:34:53:af:2f:de:32:ff:27:7e:12:41: |
| 96:56:0a:9d:d2:e5:3f:38:14:9e:20:50:58:4c:00: |
| 7d:16:4d:2d:b8:f3:75:c5:c4:b3:80:a7:d9:e4:60: |
| e1:8f:b5:b8:a4:82:db:72:b2:7c:0b:a2:ef:5e:98: |
| 22:48:b2:f9:7c:4a:82:e5:59:fa:0d:93:34:34:88: |
| 93:a7 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 0A:E1:71:15:DF:ED:0D:98:EB:75:A8:37:BC:F1:EE:E3:65:79:AB:C2 |
| X509v3 Authority Key Identifier: |
| keyid:0A:E1:71:15:DF:ED:0D:98:EB:75:A8:37:BC:F1:EE:E3:65:79:AB:C2 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| Signature Algorithm: sha256WithRSAEncryption |
| 6d:66:a8:f5:13:4c:3a:8d:26:f2:30:1a:59:72:f3:dd:7a:17: |
| cf:8d:6e:76:cf:23:db:be:a3:85:e9:78:63:1d:4c:d8:78:93: |
| 9e:57:61:0d:78:2a:5a:67:c3:d8:73:d1:69:72:24:66:e6:9b: |
| b3:fb:b8:31:7e:c0:4b:8c:03:48:fb:36:b7:ac:42:39:66:94: |
| 26:22:d7:fb:d3:11:67:29:d6:32:9c:c3:9e:bd:b1:43:2e:6f: |
| a1:a5:4c:ec:5d:df:5e:b6:49:0c:81:9c:2f:09:81:03:97:16: |
| 80:5a:da:c1:25:d6:c8:3e:d9:11:ed:1a:1d:8d:ac:46:90:e9: |
| 1c:e1:23:70:95:2d:b3:19:a5:ba:97:7b:47:4f:af:cc:ed:80: |
| 4e:46:26:8e:39:86:5a:6d:f4:94:56:42:05:49:fc:ef:48:2e: |
| fa:04:78:34:0f:5a:c9:56:dc:eb:88:3a:fc:d6:8b:73:d7:81: |
| 27:57:e3:27:6f:6b:74:af:6e:42:16:c9:30:a8:3d:8f:24:43: |
| 55:40:9b:fc:39:43:3a:b5:50:6b:11:c3:b8:a1:06:f4:63:3e: |
| 45:01:db:7c:db:b7:35:df:38:c1:eb:83:e8:4e:78:3b:99:66: |
| e9:d1:14:68:b2:f6:7e:2d:80:eb:f7:e0:87:6a:43:c1:3a:23: |
| 8f:aa:05:5d |
| -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- |
| MIIDVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJl0ysg+Jma1vOXMC0Ew |
| e8uZpTFf5j9EgdPFFg6s2y7PWgh5WkTE8bzldAZCVzVL55CI791Zt4JAtf/CAzIb |
| TRxt7jRgqMUkq7APphkihq7jEt0+mTo2ZWrqXaqwLenbmiKDy1CLGgTLS4ODRpXh |
| RacX0xarcOZihXn/czU+fk0dO23hYA4VPBLPetfrrwQKQztfeN7fulFgTSBhMiz0 |
| YdPiSAKNodUF7PTQfT0u+F87V3Yh2FUaYTRTry/eMv8nfhJBllYKndLlPzgUniBQ |
| WEwAfRZNLbjzdcXEs4Cn2eRg4Y+1uKSC23KyfAui716YIkiy+XxKguVZ+g2TNDSI |
| k6cCAwEAAaOBujCBtzAdBgNVHQ4EFgQUCuFxFd/tDZjrdag3vPHu42V5q8IwHwYD |
| VR0jBBgwFoAUCuFxFd/tDZjrdag3vPHu42V5q8IwNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAbWao9RNMOo0m8jAaWXLz3XoXz41uds8j |
| 276jhel4Yx1M2HiTnldhDXgqWmfD2HPRaXIkZuabs/u4MX7AS4wDSPs2t6xCOWaU |
| JiLX+9MRZynWMpzDnr2xQy5voaVM7F3fXrZJDIGcLwmBA5cWgFrawSXWyD7ZEe0a |
| HY2sRpDpHOEjcJUtsxmlupd7R0+vzO2ATkYmjjmGWm30lFZCBUn870gu+gR4NA9a |
| yVbc64g6/NaLc9eBJ1fjJ29rdK9uQhbJMKg9jyRDVUCb/DlDOrVQaxHDuKEG9GM+ |
| RQHbfNu3Nd84weuD6E54O5lm6dEUaLL2fi2A6/fgh2pDwTojj6oFXQ== |
| -----END TRUST_ANCHOR_UNCONSTRAINED----- |
| |
| 150302120000Z |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| SUCCESS |
| -----BEGIN VERIFY_RESULT----- |
| U1VDQ0VTUw== |
| -----END VERIFY_RESULT----- |