| [Created by: generate-intermediary-basic-constraints-not-critical.py] |
| |
| Certificate chain with 1 intermediary and a trusted root. The intermediary |
| has a basic constraints extension but does not mark it as critical. |
| Verification is expected to succeed, since although not critical, the |
| basicConstraints indicates CA=true as expected. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediary |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:d2:25:d5:a0:7a:94:e6:21:0b:8b:e5:68:21:06: |
| c4:a7:fe:fd:de:97:31:a6:80:a2:3d:be:f0:03:c2: |
| de:d5:a1:a6:3f:6e:19:3b:fe:f4:66:8f:8f:c8:d3: |
| e4:7f:73:fc:e7:1c:2f:b4:9f:5e:bf:25:71:2d:d0: |
| 65:60:76:0d:a6:be:af:1a:1f:3c:00:bf:cd:8e:de: |
| 04:6f:6c:8d:25:c5:7a:64:71:31:d7:4a:e9:bd:5f: |
| fa:e6:b8:e8:55:a2:c7:2b:b4:7d:4e:e3:bc:23:c9: |
| 0f:79:29:86:dd:4d:b3:dd:12:c5:1a:d3:fc:4a:31: |
| 54:47:7b:62:20:f5:bb:7c:47:6d:7f:67:d5:69:4b: |
| f8:99:4f:dd:13:56:a4:9d:0a:fc:d0:da:b5:bd:e0: |
| 0c:c8:50:d6:e1:73:d8:59:37:95:99:70:31:3d:46: |
| 44:d5:68:7b:45:4b:9e:4a:fd:25:33:05:7c:24:05: |
| 0f:6c:00:4b:3e:0c:cf:56:e8:88:ef:67:bc:bd:66: |
| b4:7c:bc:db:c6:4e:8b:44:0b:65:8f:c6:a9:57:d7: |
| b0:8e:88:19:fc:d6:b7:02:b9:50:a0:e2:06:61:1d: |
| d1:03:7a:ce:75:09:d2:64:d5:c6:61:3b:f1:28:5b: |
| 4b:de:08:2f:b9:96:55:d9:4c:8c:48:d0:c6:2b:ee: |
| 59:33 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| F9:45:14:0B:10:A3:AC:77:3B:19:DE:FB:66:FE:CF:E3:9A:F4:57:1A |
| X509v3 Authority Key Identifier: |
| keyid:73:DC:40:FE:F8:8F:F4:BD:DE:B0:63:30:AF:05:0B:6C:4E:99:54:7F |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediary.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediary.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 41:3c:ca:d6:88:67:86:f8:dc:35:ab:37:d0:40:96:7b:4e:70: |
| 2a:6b:cc:15:31:fd:06:87:ac:81:6d:89:ce:66:b2:26:73:bc: |
| 71:3e:af:be:b2:ba:d5:bc:a5:b7:64:0c:7d:31:9b:0c:e1:0c: |
| 73:14:0c:e0:fe:95:d3:ca:1d:d1:51:8a:fb:b1:e1:8d:68:58: |
| 30:51:a6:2f:86:57:61:a6:20:7c:1f:0c:7f:14:c7:fe:fa:88: |
| 14:7b:d9:41:5c:20:da:16:3c:ce:77:b8:ee:7c:33:d8:cf:2e: |
| 6e:e3:43:01:00:0a:c0:1c:a0:eb:6b:36:a0:d6:bd:6e:91:a9: |
| e1:8d:8d:b2:4e:12:d3:fa:56:84:be:eb:65:d8:9d:e2:c7:d4: |
| 36:a2:7e:b8:b2:d4:5c:2f:c2:47:1e:ca:7a:fd:b4:30:3a:59: |
| 19:8d:ca:7e:44:65:86:97:2d:f4:65:3b:f0:12:4b:d0:74:48: |
| f9:dd:d3:d3:89:97:83:c6:4c:bb:da:e7:ce:e7:5e:93:f3:51: |
| 4c:22:95:31:59:a9:3d:82:ec:8d:4c:8e:44:42:5f:13:d0:56: |
| c2:35:e1:07:11:6d:23:92:3c:de:b1:3e:1c:4e:0e:e3:c6:06: |
| 09:e1:dc:b8:4c:89:82:35:3c:51:60:1f:06:65:11:39:8b:b4: |
| 20:04:f0:90 |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSJdWg |
| epTmIQuL5WghBsSn/v3elzGmgKI9vvADwt7VoaY/bhk7/vRmj4/I0+R/c/znHC+0 |
| n16/JXEt0GVgdg2mvq8aHzwAv82O3gRvbI0lxXpkcTHXSum9X/rmuOhVoscrtH1O |
| 47wjyQ95KYbdTbPdEsUa0/xKMVRHe2Ig9bt8R21/Z9VpS/iZT90TVqSdCvzQ2rW9 |
| 4AzIUNbhc9hZN5WZcDE9RkTVaHtFS55K/SUzBXwkBQ9sAEs+DM9W6IjvZ7y9ZrR8 |
| vNvGTotEC2WPxqlX17COiBn81rcCuVCg4gZhHdEDes51CdJk1cZhO/EoW0veCC+5 |
| llXZTIxI0MYr7lkzAgMBAAGjgekwgeYwHQYDVR0OBBYEFPlFFAsQo6x3Oxne+2b+ |
| z+Oa9FcaMB8GA1UdIwQYMBaAFHPcQP74j/S93rBjMK8FC2xOmVR/MD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAQTzK1ohnhvjcNas30ECW |
| e05wKmvMFTH9BoesgW2JzmayJnO8cT6vvrK61bylt2QMfTGbDOEMcxQM4P6V08od |
| 0VGK+7HhjWhYMFGmL4ZXYaYgfB8MfxTH/vqIFHvZQVwg2hY8zne47nwz2M8ubuND |
| AQAKwByg62s2oNa9bpGp4Y2Nsk4S0/pWhL7rZdid4sfUNqJ+uLLUXC/CRx7Kev20 |
| MDpZGY3KfkRlhpct9GU78BJL0HRI+d3T04mXg8ZMu9rnzudek/NRTCKVMVmpPYLs |
| jUyOREJfE9BWwjXhBxFtI5I83rE+HE4O48YGCeHcuEyJgjU8UWAfBmUROYu0IATw |
| kA== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediary |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:d5:4a:96:98:34:e1:a8:92:88:9a:0c:d0:b7:e3: |
| a0:dc:71:4b:32:cd:59:a1:b9:9c:d5:e5:30:1b:ad: |
| 7e:41:7f:e7:39:81:25:d1:e7:66:c2:5f:79:80:ea: |
| ff:6b:ef:b9:95:9e:8b:a0:0c:6a:b6:c8:4b:50:2c: |
| 7d:f1:ad:46:ed:9a:7c:7d:6a:65:70:de:c2:45:7e: |
| 1b:28:af:dc:eb:3d:bb:4c:98:a9:8c:b3:a3:35:a1: |
| 2b:cd:bb:8e:2a:2b:74:6d:0c:91:72:36:c2:2f:0e: |
| 46:2a:77:34:ab:98:f8:28:c9:02:42:78:2f:b2:e0: |
| 9a:0d:ae:03:94:c0:31:79:1e:72:ce:8b:7c:21:c8: |
| d5:1c:9b:94:04:29:ce:1c:5f:22:e3:f0:20:62:2b: |
| 7d:7d:c2:fa:29:5c:8b:2a:dd:0f:08:31:49:58:7d: |
| 85:76:21:b4:46:0e:d8:26:dc:26:f9:0a:9b:58:a2: |
| b8:29:b4:df:c0:4e:10:56:28:96:02:54:7c:e9:a3: |
| 3f:84:12:6a:89:ed:f0:0d:a0:03:54:0c:b2:33:6d: |
| 1b:a7:84:f2:a0:b0:57:5e:4b:c1:2f:6d:e9:22:52: |
| 50:b1:3b:a7:7d:ee:a7:dc:6e:6a:bd:b6:a6:ea:66: |
| f8:1f:30:60:18:d8:5b:a6:dd:9d:9b:d3:4e:2b:0a: |
| c4:0b |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 73:DC:40:FE:F8:8F:F4:BD:DE:B0:63:30:AF:05:0B:6C:4E:99:54:7F |
| X509v3 Authority Key Identifier: |
| keyid:6C:05:B0:A0:A8:03:A4:A1:90:D1:A5:74:D2:13:D9:2E:57:83:36:73 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 81:08:b8:48:94:05:02:aa:61:ea:32:48:55:02:31:f6:e0:5d: |
| 05:6f:32:9b:6a:a0:3b:6f:0e:1d:2a:01:1a:14:20:a2:1e:23: |
| b4:70:61:86:55:b5:4c:5b:61:3f:dd:1e:38:a4:98:3f:bd:61: |
| e4:1e:56:54:ed:0e:51:65:6c:73:af:99:86:fc:a7:50:48:87: |
| 95:6f:5a:93:0d:c9:7a:ff:fb:39:d1:f4:40:2c:fe:1f:28:aa: |
| 85:cf:12:bd:7b:df:2b:12:56:4a:91:4e:e4:80:00:52:4c:bb: |
| b2:e6:05:27:47:e2:3f:bb:a4:d7:cc:92:c2:27:02:10:50:10: |
| 0c:f8:ee:4c:93:90:89:8d:db:8a:f9:05:f1:ec:d7:cf:67:20: |
| a4:da:90:e0:38:34:fd:79:9b:6b:04:a8:bd:6f:e8:82:4a:d9: |
| 37:49:b3:10:50:e6:c5:56:d9:ac:9b:e8:97:52:41:a1:66:be: |
| cb:64:1d:12:0d:86:8b:34:42:26:9a:ad:c3:8a:14:ff:35:0d: |
| 82:8f:96:e0:af:b7:e7:20:30:3e:b3:fe:57:4a:80:5e:53:8b: |
| ec:15:ca:a8:db:b7:c6:87:b7:ab:81:8b:42:23:4a:74:9c:9e: |
| 59:b8:3c:8d:0e:d2:f3:9d:79:45:9a:0e:fd:8c:6b:9e:b5:c8: |
| e7:03:64:79 |
| -----BEGIN CERTIFICATE----- |
| MIIDajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UqWmDTh |
| qJKImgzQt+Og3HFLMs1Zobmc1eUwG61+QX/nOYEl0edmwl95gOr/a++5lZ6LoAxq |
| tshLUCx98a1G7Zp8fWplcN7CRX4bKK/c6z27TJipjLOjNaErzbuOKit0bQyRcjbC |
| Lw5GKnc0q5j4KMkCQngvsuCaDa4DlMAxeR5yzot8IcjVHJuUBCnOHF8i4/AgYit9 |
| fcL6KVyLKt0PCDFJWH2FdiG0Rg7YJtwm+QqbWKK4KbTfwE4QViiWAlR86aM/hBJq |
| ie3wDaADVAyyM20bp4TyoLBXXkvBL23pIlJQsTunfe6n3G5qvbam6mb4HzBgGNhb |
| pt2dm9NOKwrECwIDAQABo4HIMIHFMB0GA1UdDgQWBBRz3ED++I/0vd6wYzCvBQts |
| TplUfzAfBgNVHSMEGDAWgBRsBbCgqAOkoZDRpXTSE9kuV4M2czA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIEI |
| uEiUBQKqYeoySFUCMfbgXQVvMptqoDtvDh0qARoUIKIeI7RwYYZVtUxbYT/dHjik |
| mD+9YeQeVlTtDlFlbHOvmYb8p1BIh5VvWpMNyXr/+znR9EAs/h8oqoXPEr173ysS |
| VkqRTuSAAFJMu7LmBSdH4j+7pNfMksInAhBQEAz47kyTkImN24r5BfHs189nIKTa |
| kOA4NP15m2sEqL1v6IJK2TdJsxBQ5sVW2ayb6JdSQaFmvstkHRINhos0QiaarcOK |
| FP81DYKPluCvt+cgMD6z/ldKgF5Ti+wVyqjbt8aHt6uBi0IjSnScnlm4PI0O0vOd |
| eUWaDv2Ma561yOcDZHk= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:b6:f1:d2:f8:c9:10:d5:cf:0c:55:ce:8c:38:a2: |
| 8f:f5:f1:cf:20:85:56:92:df:42:8c:5c:1a:db:8e: |
| 1d:2e:b4:b3:95:72:e4:67:76:7c:c5:61:62:2b:cf: |
| 97:f7:84:29:80:ff:df:e8:e7:da:f6:05:11:1d:40: |
| 1e:73:76:ff:e4:eb:fa:45:59:20:d9:35:cb:c7:4f: |
| 2b:49:2a:61:7c:45:a1:fe:da:8c:89:05:38:84:ab: |
| cb:0b:c9:36:3b:e5:3e:31:5e:0b:a6:27:63:b1:c2: |
| 34:88:3a:e5:e3:43:93:0b:46:69:03:dd:31:16:65: |
| 18:6e:64:4c:84:e4:a1:37:6b:15:ef:f3:8f:57:e8: |
| 57:f6:a8:86:62:9b:92:d0:67:d3:ed:0f:89:d3:4e: |
| 09:aa:e8:74:ab:ce:4b:51:63:52:55:f1:24:9d:42: |
| 70:cb:14:0f:e3:b4:7f:ba:6a:3c:87:27:eb:3b:82: |
| 64:99:6a:f9:be:20:5a:9e:b9:8a:8b:ab:94:ed:f3: |
| 33:eb:ea:42:5c:7e:20:df:f4:9d:82:8f:ac:8e:52: |
| 99:06:db:d0:9f:01:38:e7:b9:0c:d2:b4:ca:7f:74: |
| 03:e2:f7:0b:0e:a9:40:14:6c:7f:1b:15:00:77:0a: |
| 98:76:ee:bd:62:24:f6:a7:8b:d4:7e:4b:8d:c9:eb: |
| 04:a7 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 6C:05:B0:A0:A8:03:A4:A1:90:D1:A5:74:D2:13:D9:2E:57:83:36:73 |
| X509v3 Authority Key Identifier: |
| keyid:6C:05:B0:A0:A8:03:A4:A1:90:D1:A5:74:D2:13:D9:2E:57:83:36:73 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 52:82:fe:3f:2b:71:41:fd:4c:9b:db:c5:b1:60:72:a7:cf:f4: |
| 29:91:36:0f:ce:92:72:95:3e:34:ab:84:0c:af:23:e8:e1:28: |
| 35:29:c9:c8:78:9a:12:d7:f1:22:1c:21:e1:b0:b4:df:af:36: |
| c4:ca:71:2a:6e:6f:4a:d5:65:58:31:7a:c2:d1:30:66:e0:0a: |
| 61:54:e0:61:97:7b:41:72:58:d9:02:da:22:8b:21:e6:d5:31: |
| 4c:d2:3c:11:d8:0d:12:f0:dc:eb:e0:1d:16:3a:74:de:9c:b4: |
| b2:bb:69:ed:e1:53:14:9e:1c:06:3f:ff:e7:2f:8a:d1:f6:37: |
| 89:76:b2:61:60:5f:48:ce:a3:8f:e0:b5:6f:92:18:21:e4:a8: |
| 1f:12:70:86:54:2a:da:78:3d:5d:3c:13:b8:b4:7f:a5:81:f0: |
| 55:cf:ea:56:b4:0a:8a:ca:2b:ca:be:08:9e:a6:4c:12:99:5f: |
| 23:93:08:58:70:8f:c8:fb:88:11:fe:d6:16:c7:a3:3b:1f:6b: |
| 78:b0:05:29:9f:7d:4c:01:ba:ed:8a:5f:a8:38:e9:a4:c2:44: |
| ce:e8:37:1d:d8:1f:16:e4:ef:84:bb:1f:4b:3a:b0:9a:00:57: |
| aa:ba:52:1c:f4:da:f7:69:5d:ef:8d:35:ef:5c:03:fa:8d:87: |
| fc:92:60:28 |
| -----BEGIN TRUSTED_CERTIFICATE----- |
| MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbx0vjJENXPDFXOjDii |
| j/XxzyCFVpLfQoxcGtuOHS60s5Vy5Gd2fMVhYivPl/eEKYD/3+jn2vYFER1AHnN2 |
| /+Tr+kVZINk1y8dPK0kqYXxFof7ajIkFOISrywvJNjvlPjFeC6YnY7HCNIg65eND |
| kwtGaQPdMRZlGG5kTITkoTdrFe/zj1foV/aohmKbktBn0+0PidNOCarodKvOS1Fj |
| UlXxJJ1CcMsUD+O0f7pqPIcn6zuCZJlq+b4gWp65iourlO3zM+vqQlx+IN/0nYKP |
| rI5SmQbb0J8BOOe5DNK0yn90A+L3Cw6pQBRsfxsVAHcKmHbuvWIk9qeL1H5Ljcnr |
| BKcCAwEAAaOByzCByDAdBgNVHQ4EFgQUbAWwoKgDpKGQ0aV00hPZLleDNnMwHwYD |
| VR0jBBgwFoAUbAWwoKgDpKGQ0aV00hPZLleDNnMwNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBSgv4/K3FB |
| /Uyb28WxYHKnz/QpkTYPzpJylT40q4QMryPo4Sg1KcnIeJoS1/EiHCHhsLTfrzbE |
| ynEqbm9K1WVYMXrC0TBm4AphVOBhl3tBcljZAtoiiyHm1TFM0jwR2A0S8Nzr4B0W |
| OnTenLSyu2nt4VMUnhwGP//nL4rR9jeJdrJhYF9IzqOP4LVvkhgh5KgfEnCGVCra |
| eD1dPBO4tH+lgfBVz+pWtAqKyivKvgiepkwSmV8jkwhYcI/I+4gR/tYWx6M7H2t4 |
| sAUpn31MAbrtil+oOOmkwkTO6Dcd2B8W5O+Eux9LOrCaAFequlIc9Nr3aV3vjTXv |
| XAP6jYf8kmAo |
| -----END TRUSTED_CERTIFICATE----- |
| |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| -----BEGIN VERIFY_RESULT----- |
| U1VDQ0VTUw== |
| -----END VERIFY_RESULT----- |