| [Created by: generate-intermediate-lacks-basic-constraints.py] |
| |
| Certificate chain with 1 intermediate and a trusted root. The intermediate |
| lacks the basic constraints extension, and hence is expected to fail validation |
| (RFC 5280 requires v3 signing certificates have a BasicConstaints). |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:ac:3c:48:cb:8e:9b:00:37:e3:06:36:23:5e:3c: |
| 24:0b:d2:57:0e:52:8f:53:d0:48:ca:38:67:91:a7: |
| 10:d3:35:2d:67:f4:ad:2c:9e:c1:ee:f5:6b:62:23: |
| 34:03:32:76:29:96:fd:db:cc:a4:9a:d8:b6:97:c4: |
| a9:73:c1:a1:57:2f:cd:80:d1:d9:db:39:82:11:bb: |
| 95:3e:1b:b3:1e:ac:e7:c0:67:f3:1e:cb:4f:d4:a6: |
| c7:01:32:c5:45:ca:53:ff:cf:46:e1:b3:4f:55:01: |
| ef:76:44:92:55:55:d8:a4:db:5c:80:8f:48:51:86: |
| 6c:d9:b6:b7:5c:74:56:06:00:38:3f:d9:ee:c3:ae: |
| 78:a0:57:ff:fa:41:02:14:63:00:bb:1f:98:9a:f5: |
| 39:50:51:50:78:03:5d:13:a2:fd:a3:08:b0:ff:69: |
| ee:60:c8:af:1c:1e:8a:13:4b:0e:b9:48:29:92:f2: |
| 95:0a:d9:85:2f:ff:17:ab:c7:6f:e0:32:d1:16:9e: |
| 66:ae:81:87:b8:7e:70:ac:73:8c:67:de:dd:1a:e0: |
| 0e:0e:bb:ab:bc:f5:ef:38:d9:37:49:71:d1:7c:e6: |
| 64:f7:00:10:e4:83:ed:1e:58:05:44:89:f2:a9:a2: |
| 1d:57:5c:b5:db:bc:55:39:35:d7:f3:a5:b8:28:d1: |
| 45:5d |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 9E:25:C3:B0:61:AE:69:26:DE:05:F4:15:3C:58:B0:7C:6D:91:5C:5B |
| X509v3 Authority Key Identifier: |
| keyid:E5:AE:8F:CC:87:F7:B5:85:86:1E:4B:A6:CF:FC:B9:CA:10:C8:79:90 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| c5:3c:97:21:6a:dc:f8:0c:23:76:c2:4e:33:63:f4:7e:d1:61: |
| bd:f8:cf:6d:b5:ef:d6:f1:96:a0:84:07:42:ab:e2:34:90:3a: |
| 95:2a:db:f6:19:28:bd:19:22:65:20:b0:25:b0:f0:ca:d0:d3: |
| 44:41:fe:03:f2:9f:0c:df:02:dc:64:c6:47:13:1e:26:dd:6a: |
| 5d:52:8a:fe:d3:0a:9a:d1:8c:a5:93:ec:1a:d4:d5:ad:ba:cd: |
| 6b:c2:99:6b:04:b7:06:98:a8:53:dc:d9:97:97:da:ac:29:bb: |
| 09:4a:25:ca:08:83:eb:ed:1f:a7:ae:28:fc:51:09:a9:e4:95: |
| f2:66:97:f2:97:48:9e:01:44:40:5b:4a:91:a5:ed:f9:86:6b: |
| fb:e2:47:c8:47:aa:ad:8d:aa:79:30:fb:4f:f1:a7:7c:c3:23: |
| b3:23:4d:15:a3:04:67:ff:26:b1:50:c0:5a:13:f4:8a:61:da: |
| 98:a2:35:0e:ec:4f:2b:e7:e0:dc:29:0a:07:20:e4:22:97:b1: |
| da:0d:73:6f:32:03:f1:cd:4b:a2:7b:9b:c3:62:a8:dd:55:02: |
| 57:6b:2f:a4:d6:46:20:bc:bd:f7:52:e7:44:8e:3d:2c:73:05: |
| 55:ac:35:8b:af:39:32:a1:07:da:fd:bb:8c:bb:35:e0:e6:bb: |
| 0c:49:1a:e4 |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsPEjL |
| jpsAN+MGNiNePCQL0lcOUo9T0EjKOGeRpxDTNS1n9K0snsHu9WtiIzQDMnYplv3b |
| zKSa2LaXxKlzwaFXL82A0dnbOYIRu5U+G7MerOfAZ/Mey0/UpscBMsVFylP/z0bh |
| s09VAe92RJJVVdik21yAj0hRhmzZtrdcdFYGADg/2e7DrnigV//6QQIUYwC7H5ia |
| 9TlQUVB4A10Tov2jCLD/ae5gyK8cHooTSw65SCmS8pUK2YUv/xerx2/gMtEWnmau |
| gYe4fnCsc4xn3t0a4A4Ou6u89e842TdJcdF85mT3ABDkg+0eWAVEifKpoh1XXLXb |
| vFU5Ndfzpbgo0UVdAgMBAAGjgekwgeYwHQYDVR0OBBYEFJ4lw7Bhrmkm3gX0FTxY |
| sHxtkVxbMB8GA1UdIwQYMBaAFOWuj8yH97WFhh5Lps/8ucoQyHmQMD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAxTyXIWrc+AwjdsJOM2P0 |
| ftFhvfjPbbXv1vGWoIQHQqviNJA6lSrb9hkovRkiZSCwJbDwytDTREH+A/KfDN8C |
| 3GTGRxMeJt1qXVKK/tMKmtGMpZPsGtTVrbrNa8KZawS3BpioU9zZl5farCm7CUol |
| ygiD6+0fp64o/FEJqeSV8maX8pdIngFEQFtKkaXt+YZr++JHyEeqrY2qeTD7T/Gn |
| fMMjsyNNFaMEZ/8msVDAWhP0imHamKI1DuxPK+fg3CkKByDkIpex2g1zbzID8c1L |
| onubw2Ko3VUCV2svpNZGILy991LnRI49LHMFVaw1i685MqEH2v27jLs14Oa7DEka |
| 5A== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:c5:bf:ce:e4:8e:d2:b9:92:d9:78:eb:36:78:b0: |
| d4:2b:a9:22:cd:83:57:58:a2:0f:5b:e5:c8:e4:f4: |
| d6:41:2c:1f:5a:08:6b:12:7b:f6:8f:39:44:0f:f4: |
| d2:3e:56:cd:63:87:13:b1:88:1a:da:f1:13:2f:4a: |
| d0:76:78:61:6f:71:08:e0:0c:a2:9a:6a:6b:c7:8c: |
| 81:6f:e1:ea:22:09:83:fd:09:53:78:f0:1d:4e:f7: |
| b3:17:17:7e:fc:dc:a5:21:83:7f:46:8c:81:af:07: |
| 68:91:14:54:43:bf:d2:85:fa:58:91:61:cc:87:bc: |
| 8d:b3:97:c1:a5:42:de:73:49:29:c9:0c:48:92:15: |
| d9:0e:6b:3d:4a:4c:50:c6:8b:a5:69:6c:b2:2f:02: |
| 9e:0a:4f:27:1a:d0:1c:0e:b8:d9:fc:a7:62:92:69: |
| 0c:40:ec:49:3b:59:a5:38:fc:8e:cb:2f:91:9f:09: |
| 76:2c:b8:d4:25:7e:83:71:56:89:29:2c:a3:d8:bf: |
| 95:70:99:f5:cb:20:df:fa:fd:b8:89:e6:42:82:a9: |
| 01:d8:e0:42:f2:d2:c3:78:26:cc:fb:05:30:90:a0: |
| 83:bd:ce:b3:6d:bb:01:ae:84:aa:71:4f:d9:37:38: |
| 7e:07:35:6f:ed:88:c7:52:17:38:ac:c6:44:b5:fe: |
| 4a:b3 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| E5:AE:8F:CC:87:F7:B5:85:86:1E:4B:A6:CF:FC:B9:CA:10:C8:79:90 |
| X509v3 Authority Key Identifier: |
| keyid:0F:59:3C:0D:B8:B1:5B:C5:96:9D:B4:E8:4F:CF:4B:A6:B3:AD:33:E7 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| Signature Algorithm: sha256WithRSAEncryption |
| 12:11:99:0b:59:f6:cd:61:bf:99:bc:25:83:b2:e7:4b:42:ec: |
| ee:1d:03:3b:cf:5d:76:95:19:2c:d1:41:d0:f6:5c:08:9d:6f: |
| 66:50:07:ea:07:fa:88:01:96:05:39:8d:6a:e0:34:27:1e:a2: |
| 80:c2:9b:91:ba:17:35:49:ef:8c:42:9d:59:ac:42:3f:52:fa: |
| ef:5f:51:aa:3a:dc:b6:ee:d6:8c:20:89:de:36:7d:a2:e2:ff: |
| eb:13:9d:dc:99:d1:62:33:c5:82:19:12:18:d4:94:5b:5f:c4: |
| f7:74:55:f0:be:fa:0e:4d:7a:01:7e:53:b3:2d:4d:09:b6:7b: |
| 8e:0a:7c:3e:b9:39:a1:ee:b6:3d:3f:e8:4a:b0:1d:e4:ee:7b: |
| 96:75:19:b5:71:6a:ae:e0:af:14:59:9f:fc:2b:13:dd:70:c9: |
| da:dd:a9:3c:14:3e:f1:69:3b:ce:42:b4:c5:3f:12:f8:37:eb: |
| bf:0c:9d:48:a4:6e:4c:9f:e7:3c:4f:a5:91:32:8b:7f:2e:5f: |
| e7:bf:bc:f4:a0:5f:43:f7:3a:1f:78:a3:0e:8e:c0:46:16:9e: |
| 58:6a:0f:7e:e0:69:af:94:ec:bc:3a:7f:8b:44:ef:19:f8:14: |
| 16:a4:1d:bd:49:c6:96:da:ba:11:a8:bc:36:11:c7:ad:ab:e0: |
| a5:e2:05:77 |
| -----BEGIN CERTIFICATE----- |
| MIIDXDCCAkSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb/O5I7S |
| uZLZeOs2eLDUK6kizYNXWKIPW+XI5PTWQSwfWghrEnv2jzlED/TSPlbNY4cTsYga |
| 2vETL0rQdnhhb3EI4Ayimmprx4yBb+HqIgmD/QlTePAdTvezFxd+/NylIYN/RoyB |
| rwdokRRUQ7/ShfpYkWHMh7yNs5fBpULec0kpyQxIkhXZDms9SkxQxoulaWyyLwKe |
| Ck8nGtAcDrjZ/KdikmkMQOxJO1mlOPyOyy+Rnwl2LLjUJX6DcVaJKSyj2L+VcJn1 |
| yyDf+v24ieZCgqkB2OBC8tLDeCbM+wUwkKCDvc6zbbsBroSqcU/ZNzh+BzVv7YjH |
| Uhc4rMZEtf5KswIDAQABo4G6MIG3MB0GA1UdDgQWBBTlro/Mh/e1hYYeS6bP/LnK |
| EMh5kDAfBgNVHSMEGDAWgBQPWTwNuLFbxZadtOhPz0ums60z5zA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQASEZkLWfbNYb+ZvCWDsudL |
| QuzuHQM7z112lRks0UHQ9lwInW9mUAfqB/qIAZYFOY1q4DQnHqKAwpuRuhc1Se+M |
| Qp1ZrEI/UvrvX1GqOty27taMIIneNn2i4v/rE53cmdFiM8WCGRIY1JRbX8T3dFXw |
| vvoOTXoBflOzLU0JtnuOCnw+uTmh7rY9P+hKsB3k7nuWdRm1cWqu4K8UWZ/8KxPd |
| cMna3ak8FD7xaTvOQrTFPxL4N+u/DJ1IpG5Mn+c8T6WRMot/Ll/nv7z0oF9D9zof |
| eKMOjsBGFp5Yag9+4GmvlOy8On+LRO8Z+BQWpB29ScaW2roRqLw2Ecetq+Cl4gV3 |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:c3:da:da:10:95:78:5c:73:c8:43:66:41:23:8e: |
| 3e:3f:a1:00:57:de:60:d9:2a:84:57:85:08:c6:60: |
| 79:65:2d:51:c9:93:c1:e7:fa:5b:1a:eb:6f:79:44: |
| d5:71:f6:bd:f4:8c:86:0b:d9:e3:49:dd:a6:f3:5d: |
| 48:8a:25:4a:2a:20:80:c1:83:da:b8:c5:e0:20:de: |
| 40:67:bc:22:38:51:72:df:e3:b7:82:aa:47:ed:c9: |
| 74:a0:82:97:71:35:a8:2f:73:01:86:56:43:e8:88: |
| 42:f9:cc:9b:69:71:09:45:8c:39:82:14:db:2e:08: |
| 17:85:96:c5:69:46:73:55:9b:d8:12:4b:5f:32:70: |
| cc:52:4e:7e:77:94:78:0e:f4:dd:40:ff:d7:3b:cc: |
| f7:df:a9:a7:a1:a3:a3:4e:25:c8:e4:68:1c:e3:90: |
| c2:c5:bb:66:3a:c1:8b:e3:1b:df:b9:8c:0c:9a:3a: |
| 6a:a9:8e:8d:b3:54:49:14:af:28:51:29:b2:5b:7b: |
| 68:34:4c:f3:bb:a5:5d:51:0b:99:6b:b1:fe:b3:16: |
| d1:ef:2f:18:ee:8a:f8:05:9b:df:0d:92:3a:e0:62: |
| 7b:1d:bc:fb:60:45:ce:f9:e0:46:f6:16:39:08:a7: |
| 68:b5:da:e5:9f:7c:db:07:15:dc:47:e6:5d:a3:8c: |
| 06:7b |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 0F:59:3C:0D:B8:B1:5B:C5:96:9D:B4:E8:4F:CF:4B:A6:B3:AD:33:E7 |
| X509v3 Authority Key Identifier: |
| keyid:0F:59:3C:0D:B8:B1:5B:C5:96:9D:B4:E8:4F:CF:4B:A6:B3:AD:33:E7 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 3e:f9:8e:c2:1a:d7:ea:b1:71:03:6d:6d:a9:de:e9:45:1d:ab: |
| a3:26:4c:95:4b:15:ad:9d:be:94:aa:20:57:83:b2:32:96:06: |
| c1:37:9a:6a:18:41:ad:13:3b:52:23:a1:0a:1f:fc:8c:fa:3b: |
| 88:43:d1:5e:1e:59:80:06:a5:0a:5e:95:66:3d:3d:cb:4a:b4: |
| 38:77:a6:fa:04:29:e8:c1:b8:b5:f7:49:07:ae:53:dd:62:64: |
| 3c:70:4c:64:b5:54:84:4d:04:3f:6d:86:80:9d:e2:2b:a4:88: |
| 1c:38:74:fc:83:c3:60:c8:86:64:f5:d7:29:f7:e4:8e:02:a9: |
| 47:a6:e1:46:0f:c4:b5:22:59:f1:a7:1b:ae:86:7c:70:32:d4: |
| 8c:19:7f:a7:6d:82:0b:f3:42:37:02:b5:3d:f3:41:d5:7d:67: |
| 97:80:78:9a:e2:06:54:18:bc:b0:7f:5d:77:15:bb:89:cb:4d: |
| 29:0c:02:ab:b3:b7:40:44:3a:2c:4a:2e:54:43:7f:ff:b0:5f: |
| da:c5:5f:38:0e:ce:4e:18:ed:f3:f9:99:f0:7c:01:69:ca:0e: |
| 15:85:1e:ff:b7:2d:04:6c:3b:5b:f9:7f:70:bc:0c:ac:16:b7: |
| d1:b4:f1:74:84:ad:73:e7:9f:c7:c9:ea:93:d9:f1:c6:a7:59: |
| bf:92:4e:ec |
| -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- |
| MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPa2hCVeFxzyENmQSOO |
| Pj+hAFfeYNkqhFeFCMZgeWUtUcmTwef6Wxrrb3lE1XH2vfSMhgvZ40ndpvNdSIol |
| SioggMGD2rjF4CDeQGe8IjhRct/jt4KqR+3JdKCCl3E1qC9zAYZWQ+iIQvnMm2lx |
| CUWMOYIU2y4IF4WWxWlGc1Wb2BJLXzJwzFJOfneUeA703UD/1zvM99+pp6Gjo04l |
| yORoHOOQwsW7ZjrBi+Mb37mMDJo6aqmOjbNUSRSvKFEpslt7aDRM87ulXVELmWux |
| /rMW0e8vGO6K+AWb3w2SOuBiex28+2BFzvngRvYWOQinaLXa5Z982wcV3EfmXaOM |
| BnsCAwEAAaOByzCByDAdBgNVHQ4EFgQUD1k8DbixW8WWnbToT89LprOtM+cwHwYD |
| VR0jBBgwFoAUD1k8DbixW8WWnbToT89LprOtM+cwNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA++Y7CGtfq |
| sXEDbW2p3ulFHaujJkyVSxWtnb6UqiBXg7IylgbBN5pqGEGtEztSI6EKH/yM+juI |
| Q9FeHlmABqUKXpVmPT3LSrQ4d6b6BCnowbi190kHrlPdYmQ8cExktVSETQQ/bYaA |
| neIrpIgcOHT8g8NgyIZk9dcp9+SOAqlHpuFGD8S1IlnxpxuuhnxwMtSMGX+nbYIL |
| 80I3ArU980HVfWeXgHia4gZUGLywf113FbuJy00pDAKrs7dARDosSi5UQ3//sF/a |
| xV84Ds5OGO3z+ZnwfAFpyg4VhR7/ty0EbDtb+X9wvAysFrfRtPF0hK1z55/HyeqT |
| 2fHGp1m/kk7s |
| -----END TRUST_ANCHOR_UNCONSTRAINED----- |
| |
| 150302120000Z |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| FAIL |
| -----BEGIN VERIFY_RESULT----- |
| RkFJTA== |
| -----END VERIFY_RESULT----- |
| |
| [Context] Processing Certificate |
| index: 0 |
| [Error] Does not have Basic Constraints |
| |
| -----BEGIN ERRORS----- |
| W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMAogICAgICBbRXJyb3JdIERvZXMgbm90IGhhdmUgQmFzaWMgQ29uc3RyYWludHMK |
| -----END ERRORS----- |