| Signed through an intermediate without the correct key usage |
| |
| $ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) |
| OCSP Response Data: |
| OCSP Response Status: successful (0x0) |
| Response Type: Basic OCSP Response |
| Version: 1 (0x0) |
| Responder Id: CN = Test False OCSP Signer |
| Produced At: Mar 2 00:00:00 2017 GMT |
| Responses: |
| Certificate ID: |
| Hash Algorithm: sha1 |
| Issuer Name Hash: 02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 |
| Issuer Key Hash: 84E1BA52A25C543CA972491224BC8B1ECA8B9FF4 |
| Serial Number: 03 |
| Cert Status: good |
| This Update: Mar 1 00:00:00 2017 GMT |
| |
| Signature Algorithm: sha1WithRSAEncryption |
| 1f:a6:2c:01:7f:5e:12:ae:0f:6c:96:5b:ce:0c:05:d1:a4:90: |
| fa:11:0f:75:2b:7b:6a:b3:e5:3c:c3:03:bc:b9:0e:34:b2:ae: |
| 76:04:73:f6:de:83:14:4e:1d:7e:3b:1b:b2:0c:d3:5c:be:fb: |
| 1e:b1:f6:78:17:a3:c6:b0:a6:44:20:ae:30:6a:0c:d9:d4:ee: |
| 8c:db:c6:aa:10:8f:f2:6a:6e:a4:11:0d:1e:3f:cb:4a:6e:bd: |
| fa:a8:07:42:b3:2f:e6:e1:38:15:a6:bb:fb:ec:dc:f9:79:07: |
| 77:bf:fa:82:f3:99:0c:4e:64:0c:cb:9f:d6:b8:b6:3d:af:df: |
| 17:82 |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha1WithRSAEncryption |
| Issuer: CN=Test CA |
| Validity |
| Not Before: Jan 1 00:00:00 2017 GMT |
| Not After : Jan 1 00:00:00 2018 GMT |
| Subject: CN=Test False OCSP Signer |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (1024 bit) |
| Modulus: |
| 00:cb:12:ed:16:13:02:3b:00:37:02:d6:31:a1:01: |
| 3e:3d:7b:f6:f1:39:49:17:28:04:40:c6:98:fc:73: |
| ae:c1:35:79:a2:d8:3a:f9:7a:2c:51:17:17:89:a2: |
| ee:77:7a:23:95:7e:53:a3:95:c2:7a:1b:fc:36:78: |
| 69:87:ab:fe:da:07:bb:4e:d1:4a:c3:e1:5f:74:0c: |
| 0d:6e:0e:4a:22:1c:31:65:c6:50:a1:39:d6:58:5e: |
| cc:d9:f2:cc:26:98:1e:f0:1a:f6:ee:8c:a5:e0:00: |
| 5a:c9:0a:f5:17:b2:eb:cb:2f:4e:13:38:1a:a4:94: |
| 26:9a:95:ec:e7:d7:eb:a2:43 |
| Exponent: 65537 (0x10001) |
| Signature Algorithm: sha1WithRSAEncryption |
| 9a:e4:4b:9d:2f:38:60:c6:c3:e1:dc:c3:8f:24:48:4b:4f:cc: |
| 18:f5:85:43:1d:f0:36:21:39:29:84:a1:5d:f9:df:69:5b:a7: |
| 62:35:56:5d:e0:2c:bb:74:2e:6f:19:7b:32:6a:aa:9a:5f:ab: |
| ee:ff:2e:8c:45:e6:3a:09:58:c5:05:0e:89:49:b6:e9:14:0d: |
| c8:e2:0d:bd:74:32:97:7c:e4:f2:0f:10:d4:88:0b:23:69:44: |
| 91:2d:e3:e6:28:3e:ee:05:14:59:6e:49:c9:ea:76:f7:c1:61: |
| dc:13:98:9c:65:6d:94:28:a2:98:24:b6:6d:8e:b4:d2:45:57: |
| bd:bf |
| ~~~~~BEGIN CERTIFICATE~~~~~ |
| MIIBqzCCARSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0 |
| IENBMCIYDzIwMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMCExHzAdBgNV |
| BAMTFlRlc3QgRmFsc2UgT0NTUCBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A |
| MIGJAoGBAMsS7RYTAjsANwLWMaEBPj179vE5SRcoBEDGmPxzrsE1eaLYOvl6LFEX |
| F4mi7nd6I5V+U6OVwnob/DZ4aYer/toHu07RSsPhX3QMDW4OSiIcMWXGUKE51lhe |
| zNnyzCaYHvAa9u6MpeAAWskK9Rey68svThM4GqSUJpqV7OfX66JDAgMBAAEwDQYJ |
| KoZIhvcNAQEFBQADgYEAmuRLnS84YMbD4dzDjyRIS0/MGPWFQx3wNiE5KYShXfnf |
| aVunYjVWXeAsu3Qubxl7Mmqqml+r7v8ujEXmOglYxQUOiUm26RQNyOINvXQyl3zk |
| 8g8Q1IgLI2lEkS3j5ig+7gUUWW5Jyep298Fh3BOYnGVtlCiimCS2bY600kVXvb8= |
| ~~~~~END CERTIFICATE~~~~~ |
| -----BEGIN OCSP RESPONSE----- |
| MIIC8goBAKCCAuswggLnBgkrBgEFBQcwAQEEggLYMIIC1DCBh6EjMCExHzAdBgNVBAMTFlRlc3Q |
| gRmFsc2UgT0NTUCBTaWduZXIYDzIwMTcwMzAyMDAwMDAwWjBPME0wODAHBgUrDgMCGgQUAv912i |
| Teit0VD6tonczm5mNtCQEEFIThulKiXFQ8qXJJEiS8ix7Ki5/0AgEDgAAYDzIwMTcwMzAxMDAwM |
| DAwWjANBgkqhkiG9w0BAQUFAAOBgQAfpiwBf14Srg9sllvODAXRpJD6EQ91K3tqs+U8wwO8uQ40 |
| sq52BHP23oMUTh1+OxuyDNNcvvsesfZ4F6PGsKZEIK4wagzZ1O6M28aqEI/yam6kEQ0eP8tKbr3 |
| 6qAdCsy/m4TgVprv77Nz5eQd3v/qC85kMTmQMy5/WuLY9r98XgqCCAbMwggGvMIIBqzCCARSgAw |
| IBAgIBAjANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMCIYDzIwMTcwMTAxMDAwM |
| DAwWhgPMjAxODAxMDEwMDAwMDBaMCExHzAdBgNVBAMTFlRlc3QgRmFsc2UgT0NTUCBTaWduZXIw |
| gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMsS7RYTAjsANwLWMaEBPj179vE5SRcoBEDGmPx |
| zrsE1eaLYOvl6LFEXF4mi7nd6I5V+U6OVwnob/DZ4aYer/toHu07RSsPhX3QMDW4OSiIcMWXGUK |
| E51lhezNnyzCaYHvAa9u6MpeAAWskK9Rey68svThM4GqSUJpqV7OfX66JDAgMBAAEwDQYJKoZIh |
| vcNAQEFBQADgYEAmuRLnS84YMbD4dzDjyRIS0/MGPWFQx3wNiE5KYShXfnfaVunYjVWXeAsu3Qu |
| bxl7Mmqqml+r7v8ujEXmOglYxQUOiUm26RQNyOINvXQyl3zk8g8Q1IgLI2lEkS3j5ig+7gUUWW5 |
| Jyep298Fh3BOYnGVtlCiimCS2bY600kVXvb8= |
| -----END OCSP RESPONSE----- |
| |
| $ openssl x509 -text < [CA CERTIFICATE] |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 0 (0x0) |
| Signature Algorithm: sha1WithRSAEncryption |
| Issuer: CN=Test CA |
| Validity |
| Not Before: Jan 1 00:00:00 2017 GMT |
| Not After : Jan 1 00:00:00 2018 GMT |
| Subject: CN=Test CA |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (1024 bit) |
| Modulus: |
| 00:b8:25:2b:ee:59:9a:9d:bc:b4:48:ae:09:ce:0d: |
| ba:c5:83:57:03:92:fd:52:32:55:f5:e4:2e:a6:cf: |
| 9e:4b:c4:10:af:24:da:d5:dd:44:a8:d6:28:38:9c: |
| a5:11:c9:0b:70:a1:b5:71:cf:a4:35:c2:6a:17:b1: |
| b5:c7:cf:74:83:ac:7a:d5:3b:12:66:74:f2:4b:15: |
| b0:c2:59:af:0c:78:2c:42:3c:3f:8b:83:b3:1d:9a: |
| c8:bc:ce:b0:c8:f2:1a:a8:0a:1c:bb:6e:6e:d4:c6: |
| 10:66:3c:a8:ec:e3:c4:63:40:f6:79:ec:8b:14:ff: |
| 85:9e:2d:1a:e7:e8:31:56:81 |
| Exponent: 65537 (0x10001) |
| Signature Algorithm: sha1WithRSAEncryption |
| 35:fe:ee:96:31:c7:3d:91:eb:22:53:1f:bf:cc:20:cc:aa:f4: |
| 04:92:3c:8b:50:06:ea:a1:cc:b7:c2:4a:d6:02:af:53:a7:a4: |
| 71:81:78:bc:95:f3:2d:46:c4:83:4c:d5:92:11:7c:c7:67:d3: |
| 47:f6:06:9f:1c:46:da:d6:20:72:47:c2:57:d7:fb:66:d3:35: |
| 82:07:61:13:4e:4d:e6:0c:93:e6:f3:be:98:ff:e8:de:60:a7: |
| 06:94:cd:bb:f5:6e:b3:4e:0b:d6:e9:2b:72:bd:6e:ae:86:23: |
| 2d:44:33:c4:3b:a7:52:12:46:d2:76:95:06:3e:69:0f:72:60: |
| 16:d6 |
| -----BEGIN CA CERTIFICATE----- |
| MIIBnDCCAQWgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMCIYDzI |
| wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMBIxEDAOBgNVBAMTB1Rlc3QgQ0EwgZ8wDQ |
| YJKoZIhvcNAQEBBQADgY0AMIGJAoGBALglK+5Zmp28tEiuCc4NusWDVwOS/VIyVfXkLqbPnkvEE |
| K8k2tXdRKjWKDicpRHJC3ChtXHPpDXCahextcfPdIOsetU7EmZ08ksVsMJZrwx4LEI8P4uDsx2a |
| yLzOsMjyGqgKHLtubtTGEGY8qOzjxGNA9nnsixT/hZ4tGufoMVaBAgMBAAEwDQYJKoZIhvcNAQE |
| FBQADgYEANf7uljHHPZHrIlMfv8wgzKr0BJI8i1AG6qHMt8JK1gKvU6ekcYF4vJXzLUbEg0zVkh |
| F8x2fTR/YGnxxG2tYgckfCV9f7ZtM1ggdhE05N5gyT5vO+mP/o3mCnBpTNu/Vus04L1ukrcr1ur |
| oYjLUQzxDunUhJG0naVBj5pD3JgFtY= |
| -----END CA CERTIFICATE----- |
| |
| $ openssl x509 -text < [CERTIFICATE] |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 3 (0x3) |
| Signature Algorithm: sha1WithRSAEncryption |
| Issuer: CN=Test CA |
| Validity |
| Not Before: Jan 1 00:00:00 2017 GMT |
| Not After : Jan 1 00:00:00 2018 GMT |
| Subject: CN=Test Cert |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (1024 bit) |
| Modulus: |
| 00:d5:12:3f:22:6f:b0:e1:43:c5:93:b3:c3:5b:70: |
| 52:b2:8b:10:ec:11:c4:c4:aa:aa:43:92:c8:d0:f3: |
| 35:23:e3:76:2d:b4:ea:93:26:6f:6a:79:1c:64:51: |
| d3:4d:21:4a:73:83:35:dc:a0:16:74:db:f0:b9:a5: |
| 46:35:8d:53:e8:7d:37:5b:4d:ad:a3:df:d6:ae:01: |
| 38:ad:16:09:6e:fd:65:ad:1c:4b:48:12:1e:48:a7: |
| ff:5b:47:c4:c9:3b:74:85:63:1a:0a:06:b2:9f:b9: |
| cb:ad:dc:3f:24:8b:a4:a7:8a:13:15:45:89:24:c1: |
| a7:3b:c2:a2:c8:74:f1:3f:6f |
| Exponent: 65537 (0x10001) |
| Signature Algorithm: sha1WithRSAEncryption |
| 04:21:70:de:14:92:27:13:e8:d2:b0:51:f0:af:34:75:0b:a7: |
| ff:84:cb:c6:96:30:80:01:f5:c1:3a:c6:81:ee:ba:89:60:33: |
| c3:e5:0f:43:cc:ac:81:8d:09:fb:25:e1:67:40:64:a3:ca:fd: |
| bd:9c:c4:73:e4:bc:4d:8e:e2:70:f1:17:ce:b4:ab:a0:b2:63: |
| 72:25:27:ae:d5:8e:18:73:0d:dc:12:5a:32:1c:b7:da:cd:23: |
| 5b:c8:87:58:08:3e:95:0c:fd:c8:48:a2:75:6e:79:f2:00:82: |
| 6e:b5:cc:71:e3:79:ca:68:85:9b:1b:5c:52:bf:a2:5a:71:e3: |
| 05:b5 |
| -----BEGIN CERTIFICATE----- |
| MIIBnjCCAQegAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMCIYDzI |
| wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMBQxEjAQBgNVBAMTCVRlc3QgQ2VydDCBnz |
| ANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RI/Im+w4UPFk7PDW3BSsosQ7BHExKqqQ5LI0PM1I |
| +N2LbTqkyZvankcZFHTTSFKc4M13KAWdNvwuaVGNY1T6H03W02to9/WrgE4rRYJbv1lrRxLSBIe |
| SKf/W0fEyTt0hWMaCgayn7nLrdw/JIukp4oTFUWJJMGnO8KiyHTxP28CAwEAATANBgkqhkiG9w0 |
| BAQUFAAOBgQAEIXDeFJInE+jSsFHwrzR1C6f/hMvGljCAAfXBOsaB7rqJYDPD5Q9DzKyBjQn7Je |
| FnQGSjyv29nMRz5LxNjuJw8RfOtKugsmNyJSeu1Y4Ycw3cEloyHLfazSNbyIdYCD6VDP3ISKJ1b |
| nnyAIJutcxx43nKaIWbG1xSv6JaceMFtQ== |
| -----END CERTIFICATE----- |
| |
| $ openssl asn1parse -i < [OCSP REQUEST] |
| 0:d=0 hl=2 l= 66 cons: SEQUENCE |
| 2:d=1 hl=2 l= 64 cons: SEQUENCE |
| 4:d=2 hl=2 l= 62 cons: SEQUENCE |
| 6:d=3 hl=2 l= 60 cons: SEQUENCE |
| 8:d=4 hl=2 l= 58 cons: SEQUENCE |
| 10:d=5 hl=2 l= 9 cons: SEQUENCE |
| 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 |
| 19:d=6 hl=2 l= 0 prim: NULL |
| 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 |
| 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:84E1BA52A25C543CA972491224BC8B1ECA8B9FF4 |
| 65:d=5 hl=2 l= 1 prim: INTEGER :03 |
| -----BEGIN OCSP REQUEST----- |
| MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQC/3XaJN6K3RUPq2idzObmY20JAQQUhOG6UqJcVDypckk |
| SJLyLHsqLn/QCAQM= |
| -----END OCSP REQUEST----- |