| [Created by: generate-intermediary-basic-constraints-ca-false.py] |
| |
| Certificate chain with 1 intermediary and a trusted root. The intermediary |
| has a basic constraints extension that indicates it is NOT a CA. Verification |
| is expected to fail. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediary |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:d7:2c:b6:2c:cc:74:93:54:76:43:6a:c8:78:5d: |
| c4:cc:30:ab:d1:16:46:84:b6:d8:28:13:74:4f:7f: |
| 6c:e1:ef:0c:12:07:c8:f5:2b:bd:98:3e:5f:ec:3c: |
| 6b:96:6b:7d:42:d1:a0:1c:e3:9a:c5:04:10:9f:f6: |
| d8:d2:e9:0b:98:3b:40:f1:3d:9f:39:fd:70:7b:d3: |
| f6:af:83:14:48:89:1c:87:aa:f1:21:fc:ab:f4:1e: |
| b3:66:3b:1e:ae:f9:9b:5d:9b:6d:6c:19:14:e2:38: |
| 09:36:99:be:b6:c0:27:50:91:33:c5:8d:11:4b:83: |
| 95:db:21:d6:3b:a8:7c:d9:a7:6b:04:cc:d4:81:28: |
| 8e:bb:57:76:2a:d9:d9:fa:31:07:62:dc:34:af:2d: |
| ec:7d:2f:8c:73:b9:57:44:cc:86:3b:49:d5:45:df: |
| bd:11:97:4e:b5:d2:07:17:71:39:0c:54:5b:c7:76: |
| db:69:64:e6:0d:3d:a2:c8:bc:45:35:06:f4:6f:fb: |
| ff:e5:23:53:9d:36:92:b5:15:2e:c7:62:62:22:69: |
| 66:62:2c:51:ee:1c:b7:2e:10:82:14:e2:ff:3f:f9: |
| 4e:a5:ad:70:fe:c8:26:d3:99:fb:ee:ea:67:f9:8a: |
| 06:b8:a1:60:99:4f:ef:95:0e:96:3a:c2:35:11:e9: |
| 4e:7d |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 34:A4:95:47:59:7D:2A:43:E3:DD:5F:55:F7:D0:F4:C0:25:E5:AD:8E |
| X509v3 Authority Key Identifier: |
| keyid:9F:6B:93:D1:46:61:07:80:55:0A:40:C8:FE:A8:D8:DD:8E:B1:EF:DD |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediary.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediary.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 75:a4:8c:02:02:da:03:71:90:d9:46:cc:6a:21:36:ef:86:21: |
| 68:60:4a:a9:ce:af:f6:49:cf:f4:6b:b0:96:42:60:d5:02:91: |
| 62:93:01:8b:cb:0b:eb:a5:b0:b8:49:6c:8e:54:84:c2:53:d4: |
| 46:09:d6:db:29:96:a0:45:e5:09:5b:c1:b7:ba:be:8a:43:62: |
| f9:8b:e4:47:d5:a9:d9:03:0e:83:86:78:19:81:c8:3b:20:86: |
| 1d:72:98:cd:06:73:fa:b1:e4:df:fd:08:9c:52:bb:f6:48:61: |
| bc:6f:3f:1e:1c:ef:f5:4e:94:5b:ee:e7:96:44:ff:1a:8d:6c: |
| a6:9c:d1:77:17:1f:c7:e1:53:d5:5e:a5:d8:55:c8:36:48:f6: |
| 8c:25:c3:1b:27:09:58:8e:30:6a:ad:ad:5e:0a:2e:5f:6f:5a: |
| cb:1a:fb:fe:c9:03:1f:bf:37:9c:b5:c3:93:b7:4c:a2:d5:e2: |
| ac:af:94:91:85:22:8c:c7:8b:b0:39:4a:67:f0:82:dc:db:fe: |
| 39:3c:1d:50:4c:70:44:7e:aa:73:e4:fd:51:48:12:ea:9c:18: |
| b1:27:6b:96:e7:aa:cf:f6:58:bf:05:d0:a4:51:71:27:b6:2c: |
| 3d:a7:50:4d:93:1a:8d:04:84:7e:d3:9f:0d:b5:a5:6b:d3:db: |
| d4:3a:03:fb |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXLLYs |
| zHSTVHZDash4XcTMMKvRFkaEttgoE3RPf2zh7wwSB8j1K72YPl/sPGuWa31C0aAc |
| 45rFBBCf9tjS6QuYO0DxPZ85/XB70/avgxRIiRyHqvEh/Kv0HrNmOx6u+Ztdm21s |
| GRTiOAk2mb62wCdQkTPFjRFLg5XbIdY7qHzZp2sEzNSBKI67V3Yq2dn6MQdi3DSv |
| Lex9L4xzuVdEzIY7SdVF370Rl0610gcXcTkMVFvHdttpZOYNPaLIvEU1BvRv+//l |
| I1OdNpK1FS7HYmIiaWZiLFHuHLcuEIIU4v8/+U6lrXD+yCbTmfvu6mf5iga4oWCZ |
| T++VDpY6wjUR6U59AgMBAAGjgekwgeYwHQYDVR0OBBYEFDSklUdZfSpD491fVffQ |
| 9MAl5a2OMB8GA1UdIwQYMBaAFJ9rk9FGYQeAVQpAyP6o2N2Ose/dMD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAdaSMAgLaA3GQ2UbMaiE2 |
| 74YhaGBKqc6v9knP9GuwlkJg1QKRYpMBi8sL66WwuElsjlSEwlPURgnW2ymWoEXl |
| CVvBt7q+ikNi+YvkR9Wp2QMOg4Z4GYHIOyCGHXKYzQZz+rHk3/0InFK79khhvG8/ |
| Hhzv9U6UW+7nlkT/Go1sppzRdxcfx+FT1V6l2FXINkj2jCXDGycJWI4waq2tXgou |
| X29ayxr7/skDH783nLXDk7dMotXirK+UkYUijMeLsDlKZ/CC3Nv+OTwdUExwRH6q |
| c+T9UUgS6pwYsSdrlueqz/ZYvwXQpFFxJ7YsPadQTZMajQSEftOfDbWla9Pb1DoD |
| +w== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediary |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:b6:2b:92:72:9f:d2:59:95:3f:16:fd:eb:d3:37: |
| 3e:4d:fa:bf:05:3a:e3:8b:b5:32:90:42:9c:d7:69: |
| c5:30:e6:0f:d3:6d:fb:93:c0:0e:30:f2:9f:42:8d: |
| 83:17:62:e0:ac:41:c4:2b:29:4f:e6:c7:64:27:a8: |
| ca:c0:46:16:50:ba:e1:de:3a:ed:4b:1e:49:84:cf: |
| 16:2c:5d:84:0c:8e:0d:42:c0:d2:01:e3:94:2a:79: |
| d7:da:d7:a6:51:75:fe:a3:e5:1a:95:f5:38:a3:5b: |
| f8:5c:8a:a9:90:f1:f9:83:4a:13:25:61:bc:33:fb: |
| 19:69:71:c1:c1:a6:45:4a:bd:7f:3f:a6:92:43:fe: |
| db:88:a2:15:a9:41:cf:9d:62:9b:b4:fc:71:8f:4f: |
| be:5d:4a:48:8a:7a:de:57:11:82:44:49:a6:5c:25: |
| a0:8c:0b:f0:ec:74:51:76:ae:f4:5c:14:c6:d0:90: |
| b9:93:64:93:f8:04:82:99:28:98:fa:c8:a2:e8:98: |
| 20:2d:7d:cd:d9:99:ef:74:eb:7a:63:06:4c:7a:86: |
| 1e:e8:4b:8f:d0:8d:ab:d9:3a:8e:bc:ec:f2:2a:0d: |
| e1:5f:89:54:0f:ef:b8:28:ff:d5:f6:ef:a7:14:94: |
| 52:72:48:50:29:85:5b:d9:fd:1e:14:59:c8:69:df: |
| 89:47 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 9F:6B:93:D1:46:61:07:80:55:0A:40:C8:FE:A8:D8:DD:8E:B1:EF:DD |
| X509v3 Authority Key Identifier: |
| keyid:D8:01:99:4C:28:49:4B:7F:FB:30:0A:92:A8:90:6F:8B:9C:45:05:7F |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:FALSE |
| Signature Algorithm: sha256WithRSAEncryption |
| 7f:36:da:7c:f5:4a:3b:37:53:82:b4:98:99:0b:d7:c0:73:b9: |
| 05:89:75:fa:97:e4:cc:9d:73:61:18:ad:f2:bd:57:3f:6b:d0: |
| 45:a2:45:2a:27:68:13:f1:a3:80:15:85:13:52:4b:c6:8f:12: |
| 78:ba:21:51:fb:9d:1c:88:5d:5c:f5:0b:e5:66:ef:b4:72:67: |
| 16:cb:3d:79:83:56:9b:90:50:91:fe:f2:0c:f9:36:88:dd:14: |
| ef:b7:d2:1e:a3:54:d3:67:9f:3e:bc:7b:8c:45:be:12:c0:a9: |
| 21:cf:b7:ea:e9:9e:ec:e8:79:02:a0:48:3e:a8:b9:fc:62:9d: |
| a3:ab:74:b6:22:97:ab:78:7f:60:8e:67:96:02:ff:13:6d:66: |
| b9:df:a4:55:c7:e4:82:a9:f7:0d:30:d4:e9:6b:a9:25:68:f8: |
| 3c:2f:73:38:cf:07:af:b5:ef:82:5a:5f:34:0c:d9:0a:56:ad: |
| 30:c4:8a:2a:90:5c:92:e6:01:f5:49:4e:58:a0:13:0c:81:46: |
| ef:01:bc:8f:48:15:49:da:5d:20:28:a7:2a:b9:2b:85:9c:f8: |
| c4:5e:76:6f:ff:67:c0:2a:ee:96:91:2e:8d:b3:be:6b:66:51: |
| 0e:d5:7f:c9:21:c0:af:79:cc:07:0a:cc:dc:85:00:85:cf:74: |
| 9e:6f:2f:31 |
| -----BEGIN CERTIFICATE----- |
| MIIDajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiuScp/S |
| WZU/Fv3r0zc+Tfq/BTrji7UykEKc12nFMOYP0237k8AOMPKfQo2DF2LgrEHEKylP |
| 5sdkJ6jKwEYWULrh3jrtSx5JhM8WLF2EDI4NQsDSAeOUKnnX2temUXX+o+UalfU4 |
| o1v4XIqpkPH5g0oTJWG8M/sZaXHBwaZFSr1/P6aSQ/7biKIVqUHPnWKbtPxxj0++ |
| XUpIinreVxGCREmmXCWgjAvw7HRRdq70XBTG0JC5k2ST+ASCmSiY+sii6JggLX3N |
| 2ZnvdOt6YwZMeoYe6EuP0I2r2TqOvOzyKg3hX4lUD++4KP/V9u+nFJRSckhQKYVb |
| 2f0eFFnIad+JRwIDAQABo4HIMIHFMB0GA1UdDgQWBBSfa5PRRmEHgFUKQMj+qNjd |
| jrHv3TAfBgNVHSMEGDAWgBTYAZlMKElLf/swCpKokG+LnEUFfzA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAH82 |
| 2nz1Sjs3U4K0mJkL18BzuQWJdfqX5Mydc2EYrfK9Vz9r0EWiRSonaBPxo4AVhRNS |
| S8aPEni6IVH7nRyIXVz1C+Vm77RyZxbLPXmDVpuQUJH+8gz5NojdFO+30h6jVNNn |
| nz68e4xFvhLAqSHPt+rpnuzoeQKgSD6oufxinaOrdLYil6t4f2COZ5YC/xNtZrnf |
| pFXH5IKp9w0w1OlrqSVo+DwvczjPB6+174JaXzQM2QpWrTDEiiqQXJLmAfVJTlig |
| EwyBRu8BvI9IFUnaXSAopyq5K4Wc+MRedm//Z8Aq7paRLo2zvmtmUQ7Vf8khwK95 |
| zAcKzNyFAIXPdJ5vLzE= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:a6:91:a5:68:ad:ba:89:8f:b6:5c:19:a1:3d:10: |
| ad:55:97:10:17:06:9a:7d:59:e7:7c:56:3d:1d:5f: |
| 17:c7:a2:e5:e7:80:52:a8:cd:ef:ca:82:4a:77:e4: |
| ac:77:7c:35:f1:1b:b3:7a:9a:58:78:9e:1c:00:c9: |
| 67:9d:4d:d0:f4:92:f1:0a:82:8a:f0:d4:57:04:04: |
| cc:12:e4:86:95:93:12:a7:9b:ee:6f:d2:85:5d:63: |
| 3c:5c:94:91:db:d0:3c:f1:a8:ca:05:19:22:98:e0: |
| ef:29:22:35:40:3c:7c:c4:74:5c:df:24:2b:e4:b8: |
| bc:23:ba:db:aa:6b:ef:ba:bb:aa:c2:ab:ce:9f:07: |
| 2e:36:da:21:67:4d:80:71:ba:4a:7b:62:16:08:51: |
| 29:35:dd:c8:1d:8c:60:d8:8c:05:a2:ec:f0:5e:af: |
| f4:f2:e8:95:03:c1:79:77:3e:ff:f4:31:ed:ab:cc: |
| 1b:dd:7e:f6:2c:71:3a:1c:e3:ab:ab:a4:ab:79:12: |
| 59:a5:f6:84:00:83:ff:8c:e5:3b:a0:4f:37:2a:b1: |
| c4:a5:19:69:46:2c:87:bc:a5:0e:ee:31:13:2e:0e: |
| ed:d2:e2:19:be:d0:14:b3:68:b5:34:c6:3f:6e:95: |
| da:eb:2c:55:30:92:3d:f8:93:df:4e:ec:85:a7:b3: |
| 06:71 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| D8:01:99:4C:28:49:4B:7F:FB:30:0A:92:A8:90:6F:8B:9C:45:05:7F |
| X509v3 Authority Key Identifier: |
| keyid:D8:01:99:4C:28:49:4B:7F:FB:30:0A:92:A8:90:6F:8B:9C:45:05:7F |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 38:6a:c5:72:2a:2b:2b:2c:d4:6f:07:a5:14:46:10:e5:3b:68: |
| 80:3c:d9:60:ef:12:ed:e6:1a:c0:76:4a:3d:9c:e1:86:71:b5: |
| 15:de:eb:47:51:d6:85:3e:14:ef:18:e6:b0:3c:ac:6b:0b:48: |
| 42:0f:76:3d:59:89:84:63:61:fe:6a:a0:47:0a:75:1a:64:92: |
| e3:09:14:12:d9:af:36:ec:f4:c5:79:37:22:cd:88:b8:f8:3c: |
| 55:0a:28:2e:21:26:45:cf:95:41:e4:6c:5a:ad:23:0a:cc:fd: |
| 83:71:76:7d:63:e2:9f:6c:f2:07:ee:6e:e3:fd:dd:87:f0:23: |
| 9c:04:5e:19:b2:67:38:00:91:ea:05:4c:3c:db:cd:19:d3:f6: |
| 7c:fd:fa:1d:86:fc:49:fe:45:ac:99:28:b1:a6:e7:fb:90:a2: |
| 98:59:a7:12:bc:26:ce:6d:b5:0f:62:19:40:a4:67:45:06:ec: |
| 18:1e:c5:83:e4:a1:fb:e6:58:3c:6c:a3:12:29:46:22:0d:8a: |
| 07:75:72:ab:6a:a9:c3:1c:0c:d3:a3:0b:fd:50:af:37:89:0b: |
| f6:70:57:1c:fb:d6:e7:0f:e6:52:5e:f6:1f:02:1c:73:bb:2b: |
| eb:21:1e:f0:aa:fe:b1:50:c0:12:fc:76:8c:d0:94:0a:ab:3b: |
| a8:0a:6c:28 |
| -----BEGIN TRUSTED_CERTIFICATE----- |
| MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKaRpWituomPtlwZoT0Q |
| rVWXEBcGmn1Z53xWPR1fF8ei5eeAUqjN78qCSnfkrHd8NfEbs3qaWHieHADJZ51N |
| 0PSS8QqCivDUVwQEzBLkhpWTEqeb7m/ShV1jPFyUkdvQPPGoygUZIpjg7ykiNUA8 |
| fMR0XN8kK+S4vCO626pr77q7qsKrzp8HLjbaIWdNgHG6SntiFghRKTXdyB2MYNiM |
| BaLs8F6v9PLolQPBeXc+//Qx7avMG91+9ixxOhzjq6ukq3kSWaX2hACD/4zlO6BP |
| NyqxxKUZaUYsh7ylDu4xEy4O7dLiGb7QFLNotTTGP26V2ussVTCSPfiT307shaez |
| BnECAwEAAaOByzCByDAdBgNVHQ4EFgQU2AGZTChJS3/7MAqSqJBvi5xFBX8wHwYD |
| VR0jBBgwFoAU2AGZTChJS3/7MAqSqJBvi5xFBX8wNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA4asVyKisr |
| LNRvB6UURhDlO2iAPNlg7xLt5hrAdko9nOGGcbUV3utHUdaFPhTvGOawPKxrC0hC |
| D3Y9WYmEY2H+aqBHCnUaZJLjCRQS2a827PTFeTcizYi4+DxVCiguISZFz5VB5Gxa |
| rSMKzP2DcXZ9Y+KfbPIH7m7j/d2H8COcBF4Zsmc4AJHqBUw8280Z0/Z8/fodhvxJ |
| /kWsmSixpuf7kKKYWacSvCbObbUPYhlApGdFBuwYHsWD5KH75lg8bKMSKUYiDYoH |
| dXKraqnDHAzTowv9UK83iQv2cFcc+9bnD+ZSXvYfAhxzuyvrIR7wqv6xUMAS/HaM |
| 0JQKqzuoCmwo |
| -----END TRUSTED_CERTIFICATE----- |
| |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| -----BEGIN VERIFY_RESULT----- |
| RkFJTA== |
| -----END VERIFY_RESULT----- |