| [Created by: generate-constrained-root-lacks-basic-constraints.py] |
| |
| Certificate chain with 1 intermediate and a trust anchor. The trust anchor |
| lacks the basic constraints extension, and is loaded with anchor constraints. |
| This is not a problem and verification should succeed. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:ad:75:ea:d9:63:a8:36:b6:47:9e:1f:f4:c4:38: |
| b8:81:a1:cb:46:09:41:00:e8:12:9e:fd:c1:f8:92: |
| cc:cb:92:90:72:e3:8c:74:20:9a:b2:d7:17:2a:c5: |
| 91:d7:2f:99:64:ad:96:52:16:bc:cd:f0:7a:5d:c8: |
| 04:90:f9:28:ec:05:40:4a:ca:29:33:9f:6c:98:5b: |
| da:9d:be:6a:a5:2d:82:a5:78:2e:b9:a9:20:77:c0: |
| 53:3c:63:19:af:ca:1c:20:da:b6:69:bc:0b:ba:b5: |
| f0:a0:92:e7:f5:34:af:a2:41:32:86:6d:67:03:5e: |
| d5:e6:68:d0:e5:8d:54:89:5d:39:66:ae:af:f2:2f: |
| 38:e2:f6:64:a5:7c:84:fe:2b:87:73:1b:76:29:c8: |
| d9:06:a8:bf:c7:c9:90:a2:7a:ab:36:b5:96:b2:e4: |
| 1c:68:3a:27:d6:80:e8:f6:cd:61:cf:c5:a6:f8:60: |
| bf:bc:2c:8c:aa:fb:ae:a4:12:b7:3f:a5:db:cc:25: |
| f7:7e:fe:01:bf:0e:2d:26:ef:b4:da:d0:e7:31:53: |
| 88:e6:3f:bc:85:f9:e7:9d:40:a9:70:8a:73:8d:f7: |
| b3:dd:7d:67:52:a5:98:7a:22:2b:e8:15:3f:82:4e: |
| 10:27:ed:92:f8:fa:41:89:6b:26:e9:dd:93:4a:74: |
| d3:a9 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 92:9A:80:3A:5C:7F:B9:45:6C:C1:79:03:FC:BE:1D:F9:00:A5:ED:9E |
| X509v3 Authority Key Identifier: |
| keyid:A4:79:C2:53:F1:7B:AF:B0:97:61:6B:AE:EA:24:7A:98:C7:D7:41:18 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 5e:39:9f:dc:2f:71:14:dc:68:84:af:52:a3:3d:07:68:3f:cc: |
| db:fa:4e:b9:d8:7e:7a:a0:7c:9a:75:81:55:a4:c2:45:4f:90: |
| 46:d4:8d:08:ca:3a:fa:64:04:b0:1c:42:e4:64:ad:4b:d3:c3: |
| 3c:57:b5:47:76:fd:7e:e4:a5:6c:22:71:4b:1c:d2:0d:23:8c: |
| b1:9a:20:18:f5:78:49:fa:06:e6:47:e5:4a:43:88:b4:8e:b8: |
| d9:23:b8:75:97:d4:cd:db:58:dd:7a:21:c6:65:47:fa:2f:f5: |
| c5:c7:c3:43:7f:e2:61:ff:55:e5:0e:1e:f7:2b:a7:1a:45:16: |
| 16:e6:bb:4b:f5:f5:2d:fd:01:f2:e3:41:b9:d1:dc:bb:52:97: |
| c5:90:cf:d1:57:70:46:46:ad:0f:e3:81:cc:18:e6:ce:05:fd: |
| 29:09:b2:eb:91:18:79:38:92:23:33:9b:0f:53:b1:fe:5d:81: |
| 65:b9:49:c9:64:6a:75:c4:e6:fe:8b:fc:3f:06:22:ab:e0:0a: |
| 18:d9:d5:5e:a6:d5:bd:2d:9f:b4:48:b5:ba:42:54:c7:75:be: |
| 8d:95:8b:ef:27:68:2a:a9:82:14:e4:9f:2c:ec:fd:27:cb:56: |
| c3:26:ec:10:96:85:f5:9b:42:b6:9c:99:ee:48:4a:3e:1b:81: |
| 9c:5f:7d:ad |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtderZ |
| Y6g2tkeeH/TEOLiBoctGCUEA6BKe/cH4kszLkpBy44x0IJqy1xcqxZHXL5lkrZZS |
| FrzN8HpdyASQ+SjsBUBKyikzn2yYW9qdvmqlLYKleC65qSB3wFM8Yxmvyhwg2rZp |
| vAu6tfCgkuf1NK+iQTKGbWcDXtXmaNDljVSJXTlmrq/yLzji9mSlfIT+K4dzG3Yp |
| yNkGqL/HyZCieqs2tZay5BxoOifWgOj2zWHPxab4YL+8LIyq+66kErc/pdvMJfd+ |
| /gG/Di0m77Ta0OcxU4jmP7yF+eedQKlwinON97PdfWdSpZh6IivoFT+CThAn7ZL4 |
| +kGJaybp3ZNKdNOpAgMBAAGjgekwgeYwHQYDVR0OBBYEFJKagDpcf7lFbMF5A/y+ |
| HfkApe2eMB8GA1UdIwQYMBaAFKR5wlPxe6+wl2FrruokepjH10EYMD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAXjmf3C9xFNxohK9Soz0H |
| aD/M2/pOudh+eqB8mnWBVaTCRU+QRtSNCMo6+mQEsBxC5GStS9PDPFe1R3b9fuSl |
| bCJxSxzSDSOMsZogGPV4SfoG5kflSkOItI642SO4dZfUzdtY3XohxmVH+i/1xcfD |
| Q3/iYf9V5Q4e9yunGkUWFua7S/X1Lf0B8uNBudHcu1KXxZDP0VdwRkatD+OBzBjm |
| zgX9KQmy65EYeTiSIzObD1Ox/l2BZblJyWRqdcTm/ov8PwYiq+AKGNnVXqbVvS2f |
| tEi1ukJUx3W+jZWL7ydoKqmCFOSfLOz9J8tWwybsEJaF9ZtCtpyZ7khKPhuBnF99 |
| rQ== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:9b:ae:24:f7:35:a1:99:8f:a3:2e:f8:62:c1:ba: |
| f3:f3:92:a8:18:1e:57:b1:40:17:0a:3a:3b:67:64: |
| 7d:7c:97:98:ce:b0:e4:4b:aa:98:5e:66:4f:d6:4a: |
| 83:2d:c2:db:ac:4e:d0:83:3c:07:0a:f1:51:3f:7d: |
| 8f:5f:1d:48:14:e1:39:98:bf:c9:44:f6:a0:72:6c: |
| 1d:1c:13:91:cd:90:e2:19:88:80:59:2f:13:62:ac: |
| 9b:d0:19:53:a8:fe:f3:43:a7:94:fb:8c:df:98:10: |
| 48:6c:4b:20:c5:70:21:27:43:02:fe:15:ed:37:bf: |
| ee:71:d0:7d:69:f6:94:82:8e:83:a5:f8:b2:31:47: |
| bf:af:5c:94:d8:d8:a7:f8:bd:a2:fa:89:62:61:43: |
| 9e:46:10:e9:32:73:9c:32:bd:b9:a2:fe:35:96:df: |
| 10:b5:a6:8f:af:ed:4b:e0:4b:22:00:7f:e8:78:bf: |
| e9:0f:2d:26:80:d2:96:3a:0a:2e:02:b9:f7:49:57: |
| d6:7e:df:e4:97:dd:50:69:c7:49:f2:b2:74:94:1e: |
| ea:f9:7b:61:45:36:3b:7d:29:6b:09:de:ac:58:19: |
| 14:58:2c:83:b8:99:08:ba:be:78:ba:e8:f1:bb:f1: |
| 09:32:44:18:fb:72:4e:41:1c:6b:43:16:a2:73:6a: |
| 63:65 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| A4:79:C2:53:F1:7B:AF:B0:97:61:6B:AE:EA:24:7A:98:C7:D7:41:18 |
| X509v3 Authority Key Identifier: |
| keyid:75:7D:62:57:BC:81:26:58:67:4D:49:F8:04:11:12:62:63:3C:3C:DC |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 93:d8:9b:e5:69:16:43:e6:5b:3b:c0:70:44:ec:1d:7d:9e:4f: |
| 28:16:99:b5:70:6f:5a:f6:f3:90:1f:e9:3c:eb:8f:bb:3b:28: |
| d0:e1:3f:60:6d:81:de:01:77:71:88:54:44:41:16:73:48:3c: |
| f6:5c:7d:6b:6d:81:e4:35:05:f6:4c:91:cb:a3:bf:06:d3:b2: |
| 33:39:06:07:4f:2d:99:ff:34:85:6b:75:02:18:5f:b1:9e:5d: |
| a7:a0:78:b9:26:aa:1e:87:51:37:3f:47:af:56:07:04:95:01: |
| cf:40:39:0a:ce:01:7b:e0:34:dc:14:e3:06:57:d8:93:0c:6c: |
| 90:51:92:51:6e:b8:f7:ff:62:81:e3:73:f1:34:5f:a0:19:7c: |
| 39:d7:d1:81:10:5a:90:52:e1:32:c7:3a:66:69:c5:5b:d7:54: |
| 15:70:d0:9b:42:bd:70:74:37:2b:a2:e7:ee:d3:20:96:3a:32: |
| ee:53:21:f0:f6:4b:c8:fb:a7:e1:ce:9d:72:cf:d0:e2:7c:e4: |
| 13:20:66:62:8d:b6:b9:9d:56:4b:c8:cc:e9:00:b6:c7:f7:e4: |
| dc:ed:2c:25:af:32:05:98:ef:56:de:7a:07:ff:eb:62:c1:7b: |
| 0b:56:95:ee:90:55:d6:6f:c9:8d:8f:15:dd:d3:65:c1:c7:8c: |
| 94:f9:82:5d |
| -----BEGIN CERTIFICATE----- |
| MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm64k9zWh |
| mY+jLvhiwbrz85KoGB5XsUAXCjo7Z2R9fJeYzrDkS6qYXmZP1kqDLcLbrE7QgzwH |
| CvFRP32PXx1IFOE5mL/JRPagcmwdHBORzZDiGYiAWS8TYqyb0BlTqP7zQ6eU+4zf |
| mBBIbEsgxXAhJ0MC/hXtN7/ucdB9afaUgo6DpfiyMUe/r1yU2Nin+L2i+oliYUOe |
| RhDpMnOcMr25ov41lt8QtaaPr+1L4EsiAH/oeL/pDy0mgNKWOgouArn3SVfWft/k |
| l91QacdJ8rJ0lB7q+XthRTY7fSlrCd6sWBkUWCyDuJkIur54uujxu/EJMkQY+3JO |
| QRxrQxaic2pjZQIDAQABo4HLMIHIMB0GA1UdDgQWBBSkecJT8XuvsJdha67qJHqY |
| x9dBGDAfBgNVHSMEGDAWgBR1fWJXvIEmWGdNSfgEERJiYzw83DA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| AJPYm+VpFkPmWzvAcETsHX2eTygWmbVwb1r285Af6Tzrj7s7KNDhP2Btgd4Bd3GI |
| VERBFnNIPPZcfWttgeQ1BfZMkcujvwbTsjM5BgdPLZn/NIVrdQIYX7GeXaegeLkm |
| qh6HUTc/R69WBwSVAc9AOQrOAXvgNNwU4wZX2JMMbJBRklFuuPf/YoHjc/E0X6AZ |
| fDnX0YEQWpBS4TLHOmZpxVvXVBVw0JtCvXB0Nyui5+7TIJY6Mu5TIfD2S8j7p+HO |
| nXLP0OJ85BMgZmKNtrmdVkvIzOkAtsf35NztLCWvMgWY71beegf/62LBewtWle6Q |
| VdZvyY2PFd3TZcHHjJT5gl0= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:d6:d2:49:ce:36:d3:12:76:22:3f:67:89:7e:64: |
| 6e:09:f4:eb:b8:d7:66:3e:92:18:f2:2b:2c:4e:4a: |
| ca:77:97:83:cc:79:38:d2:50:ea:cf:7e:cf:dc:fa: |
| 83:05:61:d1:70:8f:e3:32:85:39:52:57:0b:77:62: |
| a0:63:ce:69:79:d0:a5:2c:95:06:92:38:f1:12:41: |
| 4b:5d:87:1e:8e:c5:40:28:36:16:c6:bd:fc:1f:ca: |
| 07:73:d5:1d:c5:5d:46:56:03:c7:f6:67:fb:91:ab: |
| 43:fb:53:48:a4:6f:75:e7:0b:10:f1:3d:aa:14:42: |
| 32:0b:b1:fc:10:81:d0:18:1b:1b:bd:d1:fd:e9:0d: |
| 53:64:3e:8f:3e:df:f0:07:2e:b8:b2:23:74:ea:9b: |
| 23:7c:15:42:e5:53:1a:0c:80:1e:49:dd:4e:fa:e4: |
| 50:a8:e2:74:3f:09:4f:bc:1c:71:7d:72:fe:7a:15: |
| ac:2e:0b:9b:8c:41:2b:ce:32:a4:f5:40:71:6b:e8: |
| 2c:93:a9:41:03:53:95:a0:4a:68:2d:f0:b6:1e:01: |
| da:7d:34:47:3d:d5:fb:ef:63:9a:72:df:e8:14:08: |
| 1a:29:29:aa:c3:ff:37:f4:ee:37:a4:45:da:d1:2c: |
| 94:1c:f3:df:62:41:f2:d0:00:0e:2c:06:88:12:71: |
| 8d:7f |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 75:7D:62:57:BC:81:26:58:67:4D:49:F8:04:11:12:62:63:3C:3C:DC |
| X509v3 Authority Key Identifier: |
| keyid:75:7D:62:57:BC:81:26:58:67:4D:49:F8:04:11:12:62:63:3C:3C:DC |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| Signature Algorithm: sha256WithRSAEncryption |
| 52:16:ce:5c:55:aa:c3:76:80:5a:60:ee:8a:85:f5:9f:64:ca: |
| 6d:b9:66:53:73:a4:92:47:a9:d5:8e:b5:90:b2:a9:62:69:32: |
| e3:2c:f5:28:e6:d3:6c:d9:94:af:83:11:04:30:95:48:e2:9e: |
| 2d:bf:67:63:95:97:32:99:28:b7:87:3d:dc:97:41:08:72:f7: |
| 89:6a:94:bb:fe:62:cd:08:f6:d6:0b:86:60:5b:d7:4d:eb:df: |
| 40:70:d9:bd:cb:e0:24:b8:ee:62:5a:7f:58:d3:3d:11:53:63: |
| 34:aa:af:59:6b:86:30:ab:fb:55:40:cc:e3:65:0e:d6:36:b4: |
| dc:d1:db:a4:bc:1c:7a:51:cf:8a:7d:41:0a:e6:3a:16:c9:43: |
| e6:9e:41:31:f3:4f:81:c1:24:e8:fb:c5:db:87:c8:01:f5:b8: |
| 60:ed:2a:0e:fc:31:59:26:63:fb:60:26:8f:52:0c:7c:19:b7: |
| 29:18:c9:12:eb:80:6c:aa:25:46:41:92:1a:3a:e1:df:9e:94: |
| 1f:92:01:90:b0:92:2c:e0:dd:31:81:a2:c0:ae:05:ae:85:c2: |
| ee:ce:63:2c:c8:3f:41:f9:06:8b:66:56:05:e7:58:7d:3f:d0: |
| ed:05:25:ea:1e:d0:69:24:f0:e3:dd:0a:d8:2e:ba:fe:d9:1a: |
| ba:39:2b:7d |
| -----BEGIN TRUST_ANCHOR_CONSTRAINED----- |
| MIIDVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbSSc420xJ2Ij9niX5k |
| bgn067jXZj6SGPIrLE5KyneXg8x5ONJQ6s9+z9z6gwVh0XCP4zKFOVJXC3dioGPO |
| aXnQpSyVBpI48RJBS12HHo7FQCg2Fsa9/B/KB3PVHcVdRlYDx/Zn+5GrQ/tTSKRv |
| decLEPE9qhRCMgux/BCB0BgbG73R/ekNU2Q+jz7f8AcuuLIjdOqbI3wVQuVTGgyA |
| HkndTvrkUKjidD8JT7wccX1y/noVrC4Lm4xBK84ypPVAcWvoLJOpQQNTlaBKaC3w |
| th4B2n00Rz3V++9jmnLf6BQIGikpqsP/N/TuN6RF2tEslBzz32JB8tAADiwGiBJx |
| jX8CAwEAAaOBujCBtzAdBgNVHQ4EFgQUdX1iV7yBJlhnTUn4BBESYmM8PNwwHwYD |
| VR0jBBgwFoAUdX1iV7yBJlhnTUn4BBESYmM8PNwwNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAUhbOXFWqw3aAWmDuioX1n2TKbblmU3Ok |
| kkep1Y61kLKpYmky4yz1KObTbNmUr4MRBDCVSOKeLb9nY5WXMpkot4c93JdBCHL3 |
| iWqUu/5izQj21guGYFvXTevfQHDZvcvgJLjuYlp/WNM9EVNjNKqvWWuGMKv7VUDM |
| 42UO1ja03NHbpLwcelHPin1BCuY6FslD5p5BMfNPgcEk6PvF24fIAfW4YO0qDvwx |
| WSZj+2Amj1IMfBm3KRjJEuuAbKolRkGSGjrh356UH5IBkLCSLODdMYGiwK4FroXC |
| 7s5jLMg/QfkGi2ZWBedYfT/Q7QUl6h7QaSTw490K2C66/tkaujkrfQ== |
| -----END TRUST_ANCHOR_CONSTRAINED----- |
| |
| 150302120000Z |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| SUCCESS |
| -----BEGIN VERIFY_RESULT----- |
| U1VDQ0VTUw== |
| -----END VERIFY_RESULT----- |