| [Created by: generate-constrained-non-self-signed-root.py] |
| |
| Certificate chain with 1 intermediate and a non-self-signed trust anchor. |
| Verification should succeed, it doesn't matter that the root was not |
| self-signed if it is designated as the trust anchor. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:ef:a6:fc:7a:0a:92:7b:00:d2:de:17:b1:d3:77: |
| c9:bb:1e:1b:fe:db:d7:5d:5e:0d:4e:be:08:c1:c9: |
| ed:4f:d7:40:0c:dc:ca:78:34:15:fa:ab:eb:1b:b8: |
| fe:c2:f9:c4:27:23:82:ec:f9:e5:69:7e:40:9d:14: |
| 24:d4:b0:19:cf:2d:3f:88:dc:fb:59:f1:a8:91:19: |
| e7:b4:e9:99:0d:bf:62:f8:73:8d:8b:80:d4:84:14: |
| 9a:3b:06:5b:81:2a:36:a0:10:b8:94:7f:c7:aa:a1: |
| 1a:69:4e:e1:0a:00:73:f9:7e:30:e0:ca:ac:2a:09: |
| e3:08:ce:27:cc:08:27:8b:68:7d:fe:d8:c7:1c:38: |
| 8f:f5:39:49:fc:6a:fa:95:45:5c:ab:c2:60:a9:e6: |
| 25:4f:c6:66:af:61:25:3b:72:17:17:4c:43:b6:74: |
| 13:83:7c:91:0c:f4:4a:82:fb:e2:84:6f:2a:00:e1: |
| 7e:94:71:3d:2f:2a:16:47:22:67:a9:b5:16:4f:e1: |
| 1f:5a:a0:2b:87:26:d0:b4:0c:6d:f9:e4:dd:32:a0: |
| 07:c2:25:ec:89:74:0c:b0:b8:fd:1a:3d:9a:c1:ef: |
| 7d:16:3d:c9:ef:c3:ef:71:b4:f7:a6:db:64:4c:5b: |
| 7b:6c:1c:75:ae:94:26:28:6c:1e:b2:da:51:da:54: |
| 32:f9 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| C2:9D:FF:9F:33:B6:74:1F:15:7D:7F:15:6A:7B:3C:8F:E6:C8:E3:7E |
| X509v3 Authority Key Identifier: |
| keyid:22:F5:B2:95:50:F0:FB:08:B5:6F:A0:B1:26:B1:43:CA:6A:CA:AB:AA |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| ca:c3:44:a2:1e:39:c0:77:09:a6:77:50:8a:d9:ab:5b:43:d1: |
| ee:12:c2:02:61:0e:2d:28:6a:af:92:2a:02:27:c6:f9:80:f5: |
| c1:4d:d8:35:f2:ed:16:31:3a:a1:54:65:44:e5:80:c2:9f:6d: |
| 89:49:63:7c:93:78:55:d0:32:00:77:a1:9f:09:dc:1f:07:6e: |
| 30:f0:9b:14:ba:60:9c:5c:62:bb:69:f2:59:c3:92:23:47:7a: |
| b5:5f:06:4d:61:9c:f5:5a:c1:7a:70:2b:fb:79:51:98:e4:e1: |
| 43:8e:f0:e3:e9:8f:0a:52:59:e0:ab:26:5b:e1:a3:7c:dd:d6: |
| 49:4d:a7:7c:8d:58:67:c2:3d:2d:b3:b9:55:02:73:cf:d8:16: |
| 82:36:bc:7b:be:70:07:09:81:46:9a:a6:e0:51:df:3b:25:1c: |
| ba:40:54:5d:ad:74:26:33:f6:c2:89:6b:aa:42:f7:ba:12:0c: |
| 16:5f:87:26:89:a2:c5:70:ee:7e:52:d3:c0:a0:0d:36:a8:5d: |
| 26:8b:85:68:3c:8e:04:b9:05:ef:2c:9f:91:3c:17:36:95:6f: |
| d4:8e:51:66:9b:7d:bd:7e:24:f3:6d:d2:f0:66:1e:1a:76:50: |
| db:e1:26:24:ae:41:31:ea:ad:cf:68:e2:7e:d2:8c:8a:c9:11: |
| 2f:ba:45:43 |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvpvx6 |
| CpJ7ANLeF7HTd8m7Hhv+29ddXg1OvgjBye1P10AM3Mp4NBX6q+sbuP7C+cQnI4Ls |
| +eVpfkCdFCTUsBnPLT+I3PtZ8aiRGee06ZkNv2L4c42LgNSEFJo7BluBKjagELiU |
| f8eqoRppTuEKAHP5fjDgyqwqCeMIzifMCCeLaH3+2MccOI/1OUn8avqVRVyrwmCp |
| 5iVPxmavYSU7chcXTEO2dBODfJEM9EqC++KEbyoA4X6UcT0vKhZHImeptRZP4R9a |
| oCuHJtC0DG355N0yoAfCJeyJdAywuP0aPZrB730WPcnvw+9xtPem22RMW3tsHHWu |
| lCYobB6y2lHaVDL5AgMBAAGjgekwgeYwHQYDVR0OBBYEFMKd/58ztnQfFX1/FWp7 |
| PI/myON+MB8GA1UdIwQYMBaAFCL1spVQ8PsItW+gsSaxQ8pqyquqMD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAysNEoh45wHcJpndQitmr |
| W0PR7hLCAmEOLShqr5IqAifG+YD1wU3YNfLtFjE6oVRlROWAwp9tiUljfJN4VdAy |
| AHehnwncHwduMPCbFLpgnFxiu2nyWcOSI0d6tV8GTWGc9VrBenAr+3lRmOThQ47w |
| 4+mPClJZ4KsmW+GjfN3WSU2nfI1YZ8I9LbO5VQJzz9gWgja8e75wBwmBRpqm4FHf |
| OyUcukBUXa10JjP2wolrqkL3uhIMFl+HJomixXDuflLTwKANNqhdJouFaDyOBLkF |
| 7yyfkTwXNpVv1I5RZpt9vX4k823S8GYeGnZQ2+EmJK5BMeqtz2jiftKMiskRL7pF |
| Qw== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:df:7c:3d:65:45:14:01:09:48:a1:8b:0c:cb:91: |
| 7e:9c:65:f1:1b:40:dd:b7:4c:b1:ac:1b:9e:af:b5: |
| 8a:03:59:f1:77:d4:ab:15:14:53:b5:94:fa:34:20: |
| f8:35:65:18:da:c5:37:f0:39:bf:f3:bc:7e:73:8a: |
| 77:1c:db:4d:aa:f1:82:37:7c:ca:b5:f5:23:81:71: |
| 0f:21:63:7e:73:64:85:d6:7d:77:41:69:89:5e:c2: |
| 35:41:83:77:61:6c:03:31:aa:ad:83:dd:4b:42:b8: |
| 20:f8:0b:ec:eb:0a:97:b7:5b:b9:d2:16:3b:f4:c2: |
| 61:d3:93:0f:dd:be:19:13:3a:3c:e1:3d:67:47:02: |
| 53:9d:c1:80:5c:24:e3:ba:e5:16:85:10:99:3b:72: |
| 6a:6c:40:13:4b:d0:b4:84:2c:4d:1f:ea:50:44:00: |
| eb:8c:70:2d:ab:67:68:a4:15:09:9c:46:09:61:64: |
| 3f:ba:c3:1b:d9:bf:29:84:f4:14:8a:25:fe:e2:8a: |
| fa:1d:ae:da:56:f8:e8:da:02:31:5a:96:c0:21:79: |
| 3c:38:b7:0e:5d:74:c2:2d:14:16:f1:05:ca:f1:1b: |
| 1f:df:fa:d7:33:e2:cb:a1:cf:ef:31:b5:10:eb:f8: |
| e8:7a:2e:9b:2f:89:3b:73:be:a8:b8:f6:66:1c:b8: |
| 3b:f3 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 22:F5:B2:95:50:F0:FB:08:B5:6F:A0:B1:26:B1:43:CA:6A:CA:AB:AA |
| X509v3 Authority Key Identifier: |
| keyid:F0:A1:F4:41:56:B9:33:53:7B:7C:DB:DC:AF:9B:3C:66:11:E1:DE:B3 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 8d:16:59:e5:09:e5:3b:8a:bb:cc:4d:0c:d9:17:55:49:b0:47: |
| 3e:e2:89:82:5c:82:c2:8a:78:b5:09:3a:a0:9d:27:4e:60:40: |
| 16:f6:88:17:95:8d:88:ee:64:af:13:df:a9:6d:24:75:27:a2: |
| 15:bb:de:0c:fc:c6:16:f2:55:cc:61:e2:12:92:d9:8f:2d:7a: |
| f5:0d:c4:8d:6b:2b:1a:2f:82:52:b3:9c:ac:cb:40:b7:73:39: |
| 60:a0:a1:0b:23:40:fb:cb:d1:86:84:76:17:ad:cd:05:24:e2: |
| 81:ce:65:d7:56:34:a4:62:19:e1:a2:2d:ce:ac:36:41:d3:33: |
| a3:58:ea:6e:88:0d:43:38:fe:44:cd:36:b9:10:69:6c:21:2d: |
| 2e:ee:5d:96:db:86:7d:42:72:de:42:36:65:e1:f1:0b:e3:b3: |
| c2:42:d9:93:6d:b7:e8:41:b3:12:0a:91:f1:9b:40:01:ae:a7: |
| 24:3b:df:6b:35:5a:f2:86:92:c2:31:7f:f5:e8:31:cb:75:54: |
| a6:57:fd:f7:bb:6b:79:ba:ea:77:3a:b9:20:3b:16:89:1a:21: |
| 00:4f:ee:23:47:43:50:58:d5:cc:a7:70:01:a3:02:ce:a6:b0: |
| be:5f:ce:7f:12:7c:f2:09:0f:15:a5:5e:10:ed:0d:42:05:49: |
| 1a:25:df:22 |
| -----BEGIN CERTIFICATE----- |
| MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33w9ZUUU |
| AQlIoYsMy5F+nGXxG0Ddt0yxrBuer7WKA1nxd9SrFRRTtZT6NCD4NWUY2sU38Dm/ |
| 87x+c4p3HNtNqvGCN3zKtfUjgXEPIWN+c2SF1n13QWmJXsI1QYN3YWwDMaqtg91L |
| Qrgg+Avs6wqXt1u50hY79MJh05MP3b4ZEzo84T1nRwJTncGAXCTjuuUWhRCZO3Jq |
| bEATS9C0hCxNH+pQRADrjHAtq2dopBUJnEYJYWQ/usMb2b8phPQUiiX+4or6Ha7a |
| Vvjo2gIxWpbAIXk8OLcOXXTCLRQW8QXK8Rsf3/rXM+LLoc/vMbUQ6/joei6bL4k7 |
| c76ouPZmHLg78wIDAQABo4HLMIHIMB0GA1UdDgQWBBQi9bKVUPD7CLVvoLEmsUPK |
| asqrqjAfBgNVHSMEGDAWgBTwofRBVrkzU3t829yvmzxmEeHeszA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| AI0WWeUJ5TuKu8xNDNkXVUmwRz7iiYJcgsKKeLUJOqCdJ05gQBb2iBeVjYjuZK8T |
| 36ltJHUnohW73gz8xhbyVcxh4hKS2Y8tevUNxI1rKxovglKznKzLQLdzOWCgoQsj |
| QPvL0YaEdhetzQUk4oHOZddWNKRiGeGiLc6sNkHTM6NY6m6IDUM4/kTNNrkQaWwh |
| LS7uXZbbhn1Cct5CNmXh8Qvjs8JC2ZNtt+hBsxIKkfGbQAGupyQ732s1WvKGksIx |
| f/XoMct1VKZX/fe7a3m66nc6uSA7FokaIQBP7iNHQ1BY1cyncAGjAs6msL5fzn8S |
| fPIJDxWlXhDtDUIFSRol3yI= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=UberRoot |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:f3:dc:12:03:cd:db:fd:7e:72:7d:ec:23:30:07: |
| d3:f6:13:be:72:df:82:73:3f:bb:ea:c9:93:e6:74: |
| 99:81:e2:dd:a0:00:5a:c6:43:6e:fa:79:00:36:fe: |
| d7:d8:6a:5d:8f:0a:19:53:3c:aa:b5:9f:0d:6c:8a: |
| 23:ae:04:da:f3:f0:23:f2:b2:7b:ab:cc:d1:d7:b6: |
| d9:7a:3a:e3:2a:b9:ca:d5:42:3c:be:66:83:8a:2e: |
| 0c:53:6c:10:e9:ce:5e:f7:4f:83:f7:c4:32:7b:b7: |
| 33:ff:b1:89:09:39:fd:f4:7b:98:f5:02:8a:5b:9c: |
| 89:04:07:0f:8e:72:13:f1:33:a1:ae:6c:92:51:a8: |
| 07:87:df:32:c9:4b:86:f5:8a:cf:b1:ac:04:17:b1: |
| 6b:09:41:17:51:01:78:c9:4a:b8:3d:31:5c:f1:97: |
| 36:6d:3c:99:cf:66:b2:8b:22:b1:04:66:de:9b:cb: |
| 1c:d7:75:28:75:9f:97:f5:46:e0:53:6a:9c:4e:26: |
| 19:5a:2d:2d:6b:cb:dd:37:6b:08:cd:0d:de:df:6c: |
| cd:1d:81:8b:e8:35:de:2b:16:c1:e5:f8:58:41:5c: |
| 65:38:d8:c1:e4:b7:df:b1:ad:79:e0:c5:05:a5:9a: |
| 54:25:41:33:61:6e:5c:4b:1b:08:07:25:ce:c0:84: |
| 1a:57 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| F0:A1:F4:41:56:B9:33:53:7B:7C:DB:DC:AF:9B:3C:66:11:E1:DE:B3 |
| X509v3 Authority Key Identifier: |
| keyid:24:E4:04:3C:15:03:89:2D:99:71:16:0F:70:8E:32:24:76:BD:99:C6 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/UberRoot.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/UberRoot.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 94:82:81:b0:49:b8:87:5c:c1:eb:62:24:0b:3c:de:26:15:28: |
| 2a:1a:5c:c7:e7:61:85:46:48:df:5c:2c:a2:d0:3e:ca:2e:8c: |
| 6a:fd:3b:4d:58:52:72:58:c1:d9:10:0c:1f:af:ac:40:38:c7: |
| 60:67:8e:14:6b:f9:7a:cb:1c:e0:b6:58:b2:32:f0:c3:2e:c7: |
| 26:af:08:7f:06:42:ec:99:3a:dc:71:2b:cf:35:5f:45:c2:39: |
| 4c:1a:ab:86:99:1f:68:08:94:45:20:eb:49:28:06:a7:b1:69: |
| 5d:0c:da:dc:79:99:b4:46:eb:6c:b5:a9:d2:15:ce:1a:2f:e7: |
| 53:0f:6c:7f:67:a2:f9:63:34:f6:a0:22:7c:fb:31:0b:aa:5c: |
| 02:39:17:9e:c1:60:b7:06:3f:a6:9c:2f:6c:ef:56:36:be:b9: |
| 45:a4:d2:e5:a5:8f:c1:28:0b:1f:e2:c1:8f:29:40:10:86:e5: |
| f5:12:e5:f7:33:7f:ae:a4:3c:11:2e:03:be:0f:5f:4a:25:83: |
| d4:28:6a:e5:a8:04:a3:dd:f5:3f:6b:12:ee:45:84:19:32:5e: |
| ea:32:0c:96:f3:cb:a8:b6:15:d5:0c:99:00:ed:68:84:ef:8b: |
| d3:86:74:b0:ee:70:60:0e:65:43:62:59:54:b3:26:6b:a7:d0: |
| 3f:71:57:2f |
| -----BEGIN TRUST_ANCHOR_CONSTRAINED----- |
| MIIDcTCCAlmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhVYmVy |
| Um9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAwMDBaMA8xDTALBgNVBAMM |
| BFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDz3BIDzdv9fnJ9 |
| 7CMwB9P2E75y34JzP7vqyZPmdJmB4t2gAFrGQ276eQA2/tfYal2PChlTPKq1nw1s |
| iiOuBNrz8CPysnurzNHXttl6OuMqucrVQjy+ZoOKLgxTbBDpzl73T4P3xDJ7tzP/ |
| sYkJOf30e5j1AopbnIkEBw+OchPxM6GubJJRqAeH3zLJS4b1is+xrAQXsWsJQRdR |
| AXjJSrg9MVzxlzZtPJnPZrKLIrEEZt6byxzXdSh1n5f1RuBTapxOJhlaLS1ry903 |
| awjNDd7fbM0dgYvoNd4rFsHl+FhBXGU42MHkt9+xrXngxQWlmlQlQTNhblxLGwgH |
| Jc7AhBpXAgMBAAGjgdMwgdAwHQYDVR0OBBYEFPCh9EFWuTNTe3zb3K+bPGYR4d6z |
| MB8GA1UdIwQYMBaAFCTkBDwVA4ktmXEWD3COMiR2vZnGMDsGCCsGAQUFBwEBBC8w |
| LTArBggrBgEFBQcwAoYfaHR0cDovL3VybC1mb3ItYWlhL1ViZXJSb290LmNlcjAw |
| BgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vdXJsLWZvci1jcmwvVWJlclJvb3QuY3Js |
| MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA |
| A4IBAQCUgoGwSbiHXMHrYiQLPN4mFSgqGlzH52GFRkjfXCyi0D7KLoxq/TtNWFJy |
| WMHZEAwfr6xAOMdgZ44Ua/l6yxzgtliyMvDDLscmrwh/BkLsmTrccSvPNV9FwjlM |
| GquGmR9oCJRFIOtJKAansWldDNrceZm0RutstanSFc4aL+dTD2x/Z6L5YzT2oCJ8 |
| +zELqlwCOReewWC3Bj+mnC9s71Y2vrlFpNLlpY/BKAsf4sGPKUAQhuX1EuX3M3+u |
| pDwRLgO+D19KJYPUKGrlqASj3fU/axLuRYQZMl7qMgyW88uothXVDJkA7WiE74vT |
| hnSw7nBgDmVDYllUsyZrp9A/cVcv |
| -----END TRUST_ANCHOR_CONSTRAINED----- |
| |
| 150302120000Z |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| SUCCESS |
| -----BEGIN VERIFY_RESULT----- |
| U1VDQ0VTUw== |
| -----END VERIFY_RESULT----- |
| |
| serverAuth |
| -----BEGIN KEY_PURPOSE----- |
| c2VydmVyQXV0aA== |
| -----END KEY_PURPOSE----- |