| [Created by: generate-constrained-non-self-signed-root.py] |
| |
| Certificate chain with 1 intermediate and a non-self-signed trust anchor. |
| Verification should succeed, it doesn't matter that the root was not |
| self-signed if it is designated as the trust anchor. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:b3:aa:6c:0c:2e:35:34:f6:1f:5d:c3:8b:9e:fe: |
| f7:7e:5b:26:fd:2b:ba:20:83:92:3a:4e:02:18:7c: |
| 1d:49:c5:05:15:c1:fa:98:b3:5d:0c:e8:03:9b:60: |
| d4:e3:a6:3e:0c:ae:b3:c5:21:38:3b:a0:02:fd:80: |
| a6:05:47:29:d2:12:95:6b:41:7b:41:94:45:ce:bd: |
| 65:84:d4:5a:51:cc:81:2a:a4:03:8f:31:00:d5:15: |
| 06:13:54:07:87:99:d9:55:fa:23:a8:19:56:11:87: |
| 78:4d:62:15:55:4d:b1:5f:00:c3:ce:a1:f0:21:6f: |
| 97:01:ef:76:49:6d:21:6b:f8:50:12:e9:48:94:3e: |
| cd:01:d2:30:1f:2d:e2:25:f8:b5:ee:ad:a8:91:e9: |
| 0d:03:be:b4:11:84:1c:9f:9f:09:60:37:bf:52:c4: |
| ad:2c:12:6d:eb:2d:1f:e2:c5:64:a8:55:c3:01:e8: |
| 19:f8:be:96:07:e2:3b:32:7f:59:28:12:79:f2:fd: |
| e4:98:a7:f1:77:9f:28:13:1e:b7:2c:56:d9:af:8f: |
| a4:9c:ac:4e:7d:3a:3c:a0:a6:06:61:d2:9c:88:d0: |
| 4b:72:d4:f3:88:18:b5:53:90:ae:b2:80:dd:b4:90: |
| c4:e4:76:20:c3:ee:ed:ce:bb:44:d9:ad:39:b1:dd: |
| 27:cf |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 4C:67:B6:67:88:D3:B0:33:53:B8:A0:1F:0F:63:46:A3:28:35:A9:A3 |
| X509v3 Authority Key Identifier: |
| keyid:9C:54:60:08:5E:37:A1:FA:4A:EA:A7:CB:AB:E1:74:51:84:5F:46:FD |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 26:13:cf:55:3b:59:ce:94:65:01:3e:96:fb:c5:62:d9:d8:0c: |
| 53:f2:23:12:f6:a1:a5:c7:30:f3:2b:f2:68:7d:ed:6a:c9:9d: |
| a5:21:b5:5d:1c:aa:4e:af:57:8c:3d:08:e7:72:d6:8c:20:9f: |
| 25:f5:cf:31:91:23:47:4e:cc:cc:db:9c:e3:f7:53:d4:46:8f: |
| ea:92:05:37:12:c8:4b:c8:e5:57:24:ed:86:93:0f:14:1b:ea: |
| 83:5c:87:c5:52:a4:bb:1c:48:80:4a:28:f6:ef:e6:6d:9a:0c: |
| 62:75:11:6d:87:bf:8e:79:14:ed:4a:3f:74:5c:5f:7d:f6:53: |
| f1:dc:94:9b:67:cb:ae:da:18:80:db:31:85:64:ee:b9:36:67: |
| 50:a8:26:55:0e:38:74:e3:b3:4f:19:10:b4:82:2b:90:18:34: |
| eb:89:47:3c:2a:fc:e5:06:01:99:fe:8c:56:6c:a1:5b:d6:5f: |
| 22:b5:00:c8:dd:fc:ae:43:5a:77:ee:17:1c:27:73:7f:71:a9: |
| e1:e1:0d:7c:81:31:b7:7d:8d:3f:3e:96:8a:2c:5f:bb:8d:7b: |
| ad:b3:91:3a:ce:68:f2:25:02:cf:ca:84:0b:91:4f:b3:f5:d3: |
| e2:34:b6:4a:d7:92:c4:f0:4d:d2:40:f9:46:b7:60:ff:84:95: |
| cd:da:73:73 |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzqmwM |
| LjU09h9dw4ue/vd+Wyb9K7ogg5I6TgIYfB1JxQUVwfqYs10M6AObYNTjpj4MrrPF |
| ITg7oAL9gKYFRynSEpVrQXtBlEXOvWWE1FpRzIEqpAOPMQDVFQYTVAeHmdlV+iOo |
| GVYRh3hNYhVVTbFfAMPOofAhb5cB73ZJbSFr+FAS6UiUPs0B0jAfLeIl+LXuraiR |
| 6Q0DvrQRhByfnwlgN79SxK0sEm3rLR/ixWSoVcMB6Bn4vpYH4jsyf1koEnny/eSY |
| p/F3nygTHrcsVtmvj6ScrE59OjygpgZh0pyI0Ety1POIGLVTkK6ygN20kMTkdiDD |
| 7u3Ou0TZrTmx3SfPAgMBAAGjgekwgeYwHQYDVR0OBBYEFExntmeI07AzU7igHw9j |
| RqMoNamjMB8GA1UdIwQYMBaAFJxUYAheN6H6Suqny6vhdFGEX0b9MD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAJhPPVTtZzpRlAT6W+8Vi |
| 2dgMU/IjEvahpccw8yvyaH3tasmdpSG1XRyqTq9XjD0I53LWjCCfJfXPMZEjR07M |
| zNuc4/dT1EaP6pIFNxLIS8jlVyTthpMPFBvqg1yHxVKkuxxIgEoo9u/mbZoMYnUR |
| bYe/jnkU7Uo/dFxfffZT8dyUm2fLrtoYgNsxhWTuuTZnUKgmVQ44dOOzTxkQtIIr |
| kBg064lHPCr85QYBmf6MVmyhW9ZfIrUAyN38rkNad+4XHCdzf3Gp4eENfIExt32N |
| Pz6Wiixfu417rbOROs5o8iUCz8qEC5FPs/XT4jS2SteSxPBN0kD5Rrdg/4SVzdpz |
| cw== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:c6:0a:10:7c:70:eb:74:84:70:54:78:38:0e:6b: |
| da:e4:e6:9c:3b:92:69:8c:5f:eb:ab:11:af:56:27: |
| 1d:59:94:21:91:c3:5c:2b:cd:67:75:95:5d:fc:d6: |
| 04:e6:65:0d:9b:4b:70:ce:e5:23:11:a8:a3:f5:61: |
| d4:5b:d0:99:b8:4b:44:51:3d:7a:ed:9d:5d:e7:82: |
| 09:25:23:60:12:16:0f:b9:9a:3d:9f:02:22:39:f3: |
| 02:85:b2:45:a6:f4:81:e7:2f:6a:f9:65:28:94:b4: |
| 61:b2:4b:04:6e:2d:dd:a9:75:3e:d4:78:16:8a:45: |
| 6f:3c:85:81:b2:f1:8d:3b:84:ff:19:bd:c5:4d:58: |
| d4:87:ec:dc:34:23:5c:e3:67:d8:26:c0:dc:ae:ad: |
| 27:34:8b:60:9d:47:bb:be:54:c1:4a:0d:56:91:c6: |
| 54:2d:07:51:d5:87:5d:e4:d5:b6:ee:1a:50:51:99: |
| c4:2d:37:2d:47:4a:3e:19:1c:4f:ba:14:2d:0b:b0: |
| e7:87:ab:d4:e4:ca:93:a7:77:13:6f:10:c6:df:dd: |
| f0:86:53:03:0d:b6:92:66:1d:bf:63:1c:84:f0:63: |
| cb:18:d3:f4:54:20:a8:e8:4c:94:21:7e:3f:b5:81: |
| 49:9f:bc:51:b9:eb:12:ab:6d:cb:03:37:d0:30:a8: |
| 1b:11 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 9C:54:60:08:5E:37:A1:FA:4A:EA:A7:CB:AB:E1:74:51:84:5F:46:FD |
| X509v3 Authority Key Identifier: |
| keyid:4E:4A:66:D2:28:27:6E:75:19:FA:97:E6:3D:38:18:C6:A6:56:68:69 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 5e:d4:51:bf:58:80:db:77:af:e6:7c:a7:03:ab:95:ae:e6:0f: |
| 26:64:63:b0:70:30:92:1c:f0:d8:7c:f8:93:13:14:e3:62:6e: |
| 45:ed:cf:dd:c0:4d:8d:b7:b7:2f:bc:29:2d:6e:c2:ed:d5:10: |
| e6:80:53:91:88:18:35:c5:88:63:69:95:c1:f2:bc:e6:5c:02: |
| 01:e7:e8:22:f4:3e:6d:91:09:82:64:12:86:80:b1:27:3c:9b: |
| ee:61:43:c2:1f:54:dc:31:9b:89:38:fe:3d:48:27:f0:fb:c6: |
| 44:58:c6:de:21:19:b1:e1:4a:70:e4:1b:aa:ea:ad:e9:d3:a8: |
| bd:23:9a:95:d8:06:3c:32:9d:21:28:7c:de:37:d7:47:a6:96: |
| a0:d1:98:04:19:f5:47:bc:19:f8:9e:b6:dc:4b:d5:39:c6:27: |
| 88:ab:9a:19:f1:f1:33:af:e0:62:36:f7:2e:5d:26:5c:70:55: |
| 5e:3c:df:20:12:42:54:64:e0:5e:5f:2e:ee:6a:85:a4:1e:15: |
| 52:0b:01:01:1b:70:19:fe:67:31:b7:6e:5e:4d:61:93:6b:3c: |
| c3:fd:c7:55:a8:f0:bc:81:5e:2b:38:84:ab:d8:b8:54:3c:a1: |
| 59:db:ae:70:2b:71:ca:f3:5f:f8:ce:d0:67:af:45:99:19:8c: |
| 25:9d:d1:e9 |
| -----BEGIN CERTIFICATE----- |
| MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgoQfHDr |
| dIRwVHg4Dmva5OacO5JpjF/rqxGvVicdWZQhkcNcK81ndZVd/NYE5mUNm0twzuUj |
| Eaij9WHUW9CZuEtEUT167Z1d54IJJSNgEhYPuZo9nwIiOfMChbJFpvSB5y9q+WUo |
| lLRhsksEbi3dqXU+1HgWikVvPIWBsvGNO4T/Gb3FTVjUh+zcNCNc42fYJsDcrq0n |
| NItgnUe7vlTBSg1WkcZULQdR1Ydd5NW27hpQUZnELTctR0o+GRxPuhQtC7Dnh6vU |
| 5MqTp3cTbxDG393whlMDDbaSZh2/YxyE8GPLGNP0VCCo6EyUIX4/tYFJn7xRuesS |
| q23LAzfQMKgbEQIDAQABo4HLMIHIMB0GA1UdDgQWBBScVGAIXjeh+krqp8ur4XRR |
| hF9G/TAfBgNVHSMEGDAWgBROSmbSKCdudRn6l+Y9OBjGplZoaTA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| AF7UUb9YgNt3r+Z8pwOrla7mDyZkY7BwMJIc8Nh8+JMTFONibkXtz93ATY23ty+8 |
| KS1uwu3VEOaAU5GIGDXFiGNplcHyvOZcAgHn6CL0Pm2RCYJkEoaAsSc8m+5hQ8If |
| VNwxm4k4/j1IJ/D7xkRYxt4hGbHhSnDkG6rqrenTqL0jmpXYBjwynSEofN4310em |
| lqDRmAQZ9Ue8GfiettxL1TnGJ4irmhnx8TOv4GI29y5dJlxwVV483yASQlRk4F5f |
| Lu5qhaQeFVILAQEbcBn+ZzG3bl5NYZNrPMP9x1Wo8LyBXis4hKvYuFQ8oVnbrnAr |
| ccrzX/jO0GevRZkZjCWd0ek= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=UberRoot |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:a5:1a:7b:1e:97:d2:f5:6c:17:83:73:76:62:4f: |
| 12:53:75:3d:4b:86:2d:42:77:e7:11:75:65:cd:43: |
| 69:5a:b3:80:ad:42:87:a0:8e:9e:cf:e5:9e:6a:2d: |
| 1f:3e:0a:9a:6e:2b:01:e9:aa:d5:bd:91:50:38:f8: |
| 16:04:79:d3:fe:69:1c:82:9d:e7:10:2c:19:31:8a: |
| 1b:8d:a7:ef:f2:4c:36:de:f6:2f:65:93:78:0a:77: |
| ba:1d:5b:b1:39:bf:55:71:05:43:fb:6c:d4:49:b2: |
| 35:93:85:c0:99:4e:3b:d2:4d:bf:19:4c:1b:55:b6: |
| ef:ca:40:b3:6e:6a:18:29:eb:78:fa:f5:7e:15:61: |
| 85:70:1d:1f:a4:cd:59:eb:86:c1:a5:c4:8b:74:22: |
| e1:5d:9b:80:d4:26:a1:a1:7d:40:4d:89:17:4f:ef: |
| ea:04:d0:d1:b8:7a:38:b1:a5:13:9a:08:64:4d:85: |
| 88:4e:8d:07:fc:55:0b:22:7e:b7:ab:85:28:b9:d9: |
| 71:c9:99:cb:fb:85:fb:cf:8a:2e:cd:98:90:bb:b1: |
| 17:5f:50:02:5e:23:9c:55:d7:f2:fa:76:47:d6:ee: |
| 12:44:9a:17:c4:67:83:9d:75:5f:20:b1:a8:70:c4: |
| 22:69:00:17:26:a8:9d:c5:88:1a:e5:29:bb:63:c8: |
| 02:f5 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 4E:4A:66:D2:28:27:6E:75:19:FA:97:E6:3D:38:18:C6:A6:56:68:69 |
| X509v3 Authority Key Identifier: |
| keyid:8F:01:DF:48:8B:1D:55:FA:61:CF:0A:EF:D6:89:C1:E7:69:7E:24:51 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/UberRoot.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/UberRoot.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| c8:bb:c7:40:ef:2b:d4:1d:61:92:65:48:61:99:5b:d4:5b:1d: |
| 8d:c6:ea:b8:d4:bf:1b:e9:ea:5a:f0:21:f3:95:b8:e7:cf:e7: |
| c3:8b:68:b2:14:53:fc:c8:07:4d:d8:fc:97:27:8d:0d:41:68: |
| 4c:5e:c8:ab:ee:e3:9c:72:d3:d5:5b:a4:3a:2b:e4:2f:e2:13: |
| c8:a5:8d:63:61:c9:f8:e1:99:3f:c4:22:36:0d:bb:88:28:85: |
| 99:23:ae:b9:0b:4e:50:7b:81:2d:28:da:9e:9e:7e:86:21:99: |
| ac:f1:a9:bc:1f:cf:6c:5f:90:91:b1:bf:76:b2:3a:5f:f3:e6: |
| 54:89:bf:db:1e:f5:3a:93:53:ec:80:75:7e:ea:81:e0:c1:8b: |
| 2d:89:f8:62:16:f0:96:ae:8e:be:d7:af:e6:fa:d4:54:b4:01: |
| bc:dd:f0:93:cc:89:b7:f2:06:81:2e:df:02:11:ac:22:21:44: |
| 77:de:22:aa:9f:2b:05:3a:4e:a9:b4:a2:15:50:13:03:b1:a1: |
| 1a:f4:de:c4:7b:2e:84:56:80:7c:98:db:82:af:a0:8e:79:a5: |
| b1:81:b7:0f:9b:60:78:5b:57:fc:eb:8e:74:91:e5:e3:58:c6: |
| b7:82:b2:88:d2:83:5f:b4:94:75:6b:97:8a:3f:88:40:ad:5d: |
| a1:18:da:7a |
| -----BEGIN TRUST_ANCHOR_CONSTRAINED----- |
| MIIDcTCCAlmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhVYmVy |
| Um9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAwMDBaMA8xDTALBgNVBAMM |
| BFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClGnsel9L1bBeD |
| c3ZiTxJTdT1Lhi1Cd+cRdWXNQ2las4CtQoegjp7P5Z5qLR8+CppuKwHpqtW9kVA4 |
| +BYEedP+aRyCnecQLBkxihuNp+/yTDbe9i9lk3gKd7odW7E5v1VxBUP7bNRJsjWT |
| hcCZTjvSTb8ZTBtVtu/KQLNuahgp63j69X4VYYVwHR+kzVnrhsGlxIt0IuFdm4DU |
| JqGhfUBNiRdP7+oE0NG4ejixpROaCGRNhYhOjQf8VQsifrerhSi52XHJmcv7hfvP |
| ii7NmJC7sRdfUAJeI5xV1/L6dkfW7hJEmhfEZ4OddV8gsahwxCJpABcmqJ3FiBrl |
| KbtjyAL1AgMBAAGjgdMwgdAwHQYDVR0OBBYEFE5KZtIoJ251GfqX5j04GMamVmhp |
| MB8GA1UdIwQYMBaAFI8B30iLHVX6Yc8K79aJwedpfiRRMDsGCCsGAQUFBwEBBC8w |
| LTArBggrBgEFBQcwAoYfaHR0cDovL3VybC1mb3ItYWlhL1ViZXJSb290LmNlcjAw |
| BgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vdXJsLWZvci1jcmwvVWJlclJvb3QuY3Js |
| MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA |
| A4IBAQDIu8dA7yvUHWGSZUhhmVvUWx2Nxuq41L8b6epa8CHzlbjnz+fDi2iyFFP8 |
| yAdN2PyXJ40NQWhMXsir7uOcctPVW6Q6K+Qv4hPIpY1jYcn44Zk/xCI2DbuIKIWZ |
| I665C05Qe4EtKNqenn6GIZms8am8H89sX5CRsb92sjpf8+ZUib/bHvU6k1PsgHV+ |
| 6oHgwYstifhiFvCWro6+16/m+tRUtAG83fCTzIm38gaBLt8CEawiIUR33iKqnysF |
| Ok6ptKIVUBMDsaEa9N7Eey6EVoB8mNuCr6COeaWxgbcPm2B4W1f86450keXjWMa3 |
| grKI0oNftJR1a5eKP4hArV2hGNp6 |
| -----END TRUST_ANCHOR_CONSTRAINED----- |
| |
| 150302120000Z |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| SUCCESS |
| -----BEGIN VERIFY_RESULT----- |
| U1VDQ0VTUw== |
| -----END VERIFY_RESULT----- |