blob: 3ff36828983ceb27efc71043b0d9dd972b218e1a [file] [log] [blame]
[Created by: generate-intermediary-basic-constraints-not-critical.py]
Certificate chain with 1 intermediary and a trusted root. The intermediary
has a basic constraints extension but does not mark it as critical.
Verification is expected to succeed, since although not critical, the
basicConstraints indicates CA=true as expected.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediary
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d2:25:d5:a0:7a:94:e6:21:0b:8b:e5:68:21:06:
c4:a7:fe:fd:de:97:31:a6:80:a2:3d:be:f0:03:c2:
de:d5:a1:a6:3f:6e:19:3b:fe:f4:66:8f:8f:c8:d3:
e4:7f:73:fc:e7:1c:2f:b4:9f:5e:bf:25:71:2d:d0:
65:60:76:0d:a6:be:af:1a:1f:3c:00:bf:cd:8e:de:
04:6f:6c:8d:25:c5:7a:64:71:31:d7:4a:e9:bd:5f:
fa:e6:b8:e8:55:a2:c7:2b:b4:7d:4e:e3:bc:23:c9:
0f:79:29:86:dd:4d:b3:dd:12:c5:1a:d3:fc:4a:31:
54:47:7b:62:20:f5:bb:7c:47:6d:7f:67:d5:69:4b:
f8:99:4f:dd:13:56:a4:9d:0a:fc:d0:da:b5:bd:e0:
0c:c8:50:d6:e1:73:d8:59:37:95:99:70:31:3d:46:
44:d5:68:7b:45:4b:9e:4a:fd:25:33:05:7c:24:05:
0f:6c:00:4b:3e:0c:cf:56:e8:88:ef:67:bc:bd:66:
b4:7c:bc:db:c6:4e:8b:44:0b:65:8f:c6:a9:57:d7:
b0:8e:88:19:fc:d6:b7:02:b9:50:a0:e2:06:61:1d:
d1:03:7a:ce:75:09:d2:64:d5:c6:61:3b:f1:28:5b:
4b:de:08:2f:b9:96:55:d9:4c:8c:48:d0:c6:2b:ee:
59:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:45:14:0B:10:A3:AC:77:3B:19:DE:FB:66:FE:CF:E3:9A:F4:57:1A
X509v3 Authority Key Identifier:
keyid:73:DC:40:FE:F8:8F:F4:BD:DE:B0:63:30:AF:05:0B:6C:4E:99:54:7F
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediary.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediary.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
41:3c:ca:d6:88:67:86:f8:dc:35:ab:37:d0:40:96:7b:4e:70:
2a:6b:cc:15:31:fd:06:87:ac:81:6d:89:ce:66:b2:26:73:bc:
71:3e:af:be:b2:ba:d5:bc:a5:b7:64:0c:7d:31:9b:0c:e1:0c:
73:14:0c:e0:fe:95:d3:ca:1d:d1:51:8a:fb:b1:e1:8d:68:58:
30:51:a6:2f:86:57:61:a6:20:7c:1f:0c:7f:14:c7:fe:fa:88:
14:7b:d9:41:5c:20:da:16:3c:ce:77:b8:ee:7c:33:d8:cf:2e:
6e:e3:43:01:00:0a:c0:1c:a0:eb:6b:36:a0:d6:bd:6e:91:a9:
e1:8d:8d:b2:4e:12:d3:fa:56:84:be:eb:65:d8:9d:e2:c7:d4:
36:a2:7e:b8:b2:d4:5c:2f:c2:47:1e:ca:7a:fd:b4:30:3a:59:
19:8d:ca:7e:44:65:86:97:2d:f4:65:3b:f0:12:4b:d0:74:48:
f9:dd:d3:d3:89:97:83:c6:4c:bb:da:e7:ce:e7:5e:93:f3:51:
4c:22:95:31:59:a9:3d:82:ec:8d:4c:8e:44:42:5f:13:d0:56:
c2:35:e1:07:11:6d:23:92:3c:de:b1:3e:1c:4e:0e:e3:c6:06:
09:e1:dc:b8:4c:89:82:35:3c:51:60:1f:06:65:11:39:8b:b4:
20:04:f0:90
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSJdWg
epTmIQuL5WghBsSn/v3elzGmgKI9vvADwt7VoaY/bhk7/vRmj4/I0+R/c/znHC+0
n16/JXEt0GVgdg2mvq8aHzwAv82O3gRvbI0lxXpkcTHXSum9X/rmuOhVoscrtH1O
47wjyQ95KYbdTbPdEsUa0/xKMVRHe2Ig9bt8R21/Z9VpS/iZT90TVqSdCvzQ2rW9
4AzIUNbhc9hZN5WZcDE9RkTVaHtFS55K/SUzBXwkBQ9sAEs+DM9W6IjvZ7y9ZrR8
vNvGTotEC2WPxqlX17COiBn81rcCuVCg4gZhHdEDes51CdJk1cZhO/EoW0veCC+5
llXZTIxI0MYr7lkzAgMBAAGjgekwgeYwHQYDVR0OBBYEFPlFFAsQo6x3Oxne+2b+
z+Oa9FcaMB8GA1UdIwQYMBaAFHPcQP74j/S93rBjMK8FC2xOmVR/MD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAQTzK1ohnhvjcNas30ECW
e05wKmvMFTH9BoesgW2JzmayJnO8cT6vvrK61bylt2QMfTGbDOEMcxQM4P6V08od
0VGK+7HhjWhYMFGmL4ZXYaYgfB8MfxTH/vqIFHvZQVwg2hY8zne47nwz2M8ubuND
AQAKwByg62s2oNa9bpGp4Y2Nsk4S0/pWhL7rZdid4sfUNqJ+uLLUXC/CRx7Kev20
MDpZGY3KfkRlhpct9GU78BJL0HRI+d3T04mXg8ZMu9rnzudek/NRTCKVMVmpPYLs
jUyOREJfE9BWwjXhBxFtI5I83rE+HE4O48YGCeHcuEyJgjU8UWAfBmUROYu0IATw
kA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediary
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d5:4a:96:98:34:e1:a8:92:88:9a:0c:d0:b7:e3:
a0:dc:71:4b:32:cd:59:a1:b9:9c:d5:e5:30:1b:ad:
7e:41:7f:e7:39:81:25:d1:e7:66:c2:5f:79:80:ea:
ff:6b:ef:b9:95:9e:8b:a0:0c:6a:b6:c8:4b:50:2c:
7d:f1:ad:46:ed:9a:7c:7d:6a:65:70:de:c2:45:7e:
1b:28:af:dc:eb:3d:bb:4c:98:a9:8c:b3:a3:35:a1:
2b:cd:bb:8e:2a:2b:74:6d:0c:91:72:36:c2:2f:0e:
46:2a:77:34:ab:98:f8:28:c9:02:42:78:2f:b2:e0:
9a:0d:ae:03:94:c0:31:79:1e:72:ce:8b:7c:21:c8:
d5:1c:9b:94:04:29:ce:1c:5f:22:e3:f0:20:62:2b:
7d:7d:c2:fa:29:5c:8b:2a:dd:0f:08:31:49:58:7d:
85:76:21:b4:46:0e:d8:26:dc:26:f9:0a:9b:58:a2:
b8:29:b4:df:c0:4e:10:56:28:96:02:54:7c:e9:a3:
3f:84:12:6a:89:ed:f0:0d:a0:03:54:0c:b2:33:6d:
1b:a7:84:f2:a0:b0:57:5e:4b:c1:2f:6d:e9:22:52:
50:b1:3b:a7:7d:ee:a7:dc:6e:6a:bd:b6:a6:ea:66:
f8:1f:30:60:18:d8:5b:a6:dd:9d:9b:d3:4e:2b:0a:
c4:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:DC:40:FE:F8:8F:F4:BD:DE:B0:63:30:AF:05:0B:6C:4E:99:54:7F
X509v3 Authority Key Identifier:
keyid:6C:05:B0:A0:A8:03:A4:A1:90:D1:A5:74:D2:13:D9:2E:57:83:36:73
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
81:08:b8:48:94:05:02:aa:61:ea:32:48:55:02:31:f6:e0:5d:
05:6f:32:9b:6a:a0:3b:6f:0e:1d:2a:01:1a:14:20:a2:1e:23:
b4:70:61:86:55:b5:4c:5b:61:3f:dd:1e:38:a4:98:3f:bd:61:
e4:1e:56:54:ed:0e:51:65:6c:73:af:99:86:fc:a7:50:48:87:
95:6f:5a:93:0d:c9:7a:ff:fb:39:d1:f4:40:2c:fe:1f:28:aa:
85:cf:12:bd:7b:df:2b:12:56:4a:91:4e:e4:80:00:52:4c:bb:
b2:e6:05:27:47:e2:3f:bb:a4:d7:cc:92:c2:27:02:10:50:10:
0c:f8:ee:4c:93:90:89:8d:db:8a:f9:05:f1:ec:d7:cf:67:20:
a4:da:90:e0:38:34:fd:79:9b:6b:04:a8:bd:6f:e8:82:4a:d9:
37:49:b3:10:50:e6:c5:56:d9:ac:9b:e8:97:52:41:a1:66:be:
cb:64:1d:12:0d:86:8b:34:42:26:9a:ad:c3:8a:14:ff:35:0d:
82:8f:96:e0:af:b7:e7:20:30:3e:b3:fe:57:4a:80:5e:53:8b:
ec:15:ca:a8:db:b7:c6:87:b7:ab:81:8b:42:23:4a:74:9c:9e:
59:b8:3c:8d:0e:d2:f3:9d:79:45:9a:0e:fd:8c:6b:9e:b5:c8:
e7:03:64:79
-----BEGIN CERTIFICATE-----
MIIDajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UqWmDTh
qJKImgzQt+Og3HFLMs1Zobmc1eUwG61+QX/nOYEl0edmwl95gOr/a++5lZ6LoAxq
tshLUCx98a1G7Zp8fWplcN7CRX4bKK/c6z27TJipjLOjNaErzbuOKit0bQyRcjbC
Lw5GKnc0q5j4KMkCQngvsuCaDa4DlMAxeR5yzot8IcjVHJuUBCnOHF8i4/AgYit9
fcL6KVyLKt0PCDFJWH2FdiG0Rg7YJtwm+QqbWKK4KbTfwE4QViiWAlR86aM/hBJq
ie3wDaADVAyyM20bp4TyoLBXXkvBL23pIlJQsTunfe6n3G5qvbam6mb4HzBgGNhb
pt2dm9NOKwrECwIDAQABo4HIMIHFMB0GA1UdDgQWBBRz3ED++I/0vd6wYzCvBQts
TplUfzAfBgNVHSMEGDAWgBRsBbCgqAOkoZDRpXTSE9kuV4M2czA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIEI
uEiUBQKqYeoySFUCMfbgXQVvMptqoDtvDh0qARoUIKIeI7RwYYZVtUxbYT/dHjik
mD+9YeQeVlTtDlFlbHOvmYb8p1BIh5VvWpMNyXr/+znR9EAs/h8oqoXPEr173ysS
VkqRTuSAAFJMu7LmBSdH4j+7pNfMksInAhBQEAz47kyTkImN24r5BfHs189nIKTa
kOA4NP15m2sEqL1v6IJK2TdJsxBQ5sVW2ayb6JdSQaFmvstkHRINhos0QiaarcOK
FP81DYKPluCvt+cgMD6z/ldKgF5Ti+wVyqjbt8aHt6uBi0IjSnScnlm4PI0O0vOd
eUWaDv2Ma561yOcDZHk=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:f1:d2:f8:c9:10:d5:cf:0c:55:ce:8c:38:a2:
8f:f5:f1:cf:20:85:56:92:df:42:8c:5c:1a:db:8e:
1d:2e:b4:b3:95:72:e4:67:76:7c:c5:61:62:2b:cf:
97:f7:84:29:80:ff:df:e8:e7:da:f6:05:11:1d:40:
1e:73:76:ff:e4:eb:fa:45:59:20:d9:35:cb:c7:4f:
2b:49:2a:61:7c:45:a1:fe:da:8c:89:05:38:84:ab:
cb:0b:c9:36:3b:e5:3e:31:5e:0b:a6:27:63:b1:c2:
34:88:3a:e5:e3:43:93:0b:46:69:03:dd:31:16:65:
18:6e:64:4c:84:e4:a1:37:6b:15:ef:f3:8f:57:e8:
57:f6:a8:86:62:9b:92:d0:67:d3:ed:0f:89:d3:4e:
09:aa:e8:74:ab:ce:4b:51:63:52:55:f1:24:9d:42:
70:cb:14:0f:e3:b4:7f:ba:6a:3c:87:27:eb:3b:82:
64:99:6a:f9:be:20:5a:9e:b9:8a:8b:ab:94:ed:f3:
33:eb:ea:42:5c:7e:20:df:f4:9d:82:8f:ac:8e:52:
99:06:db:d0:9f:01:38:e7:b9:0c:d2:b4:ca:7f:74:
03:e2:f7:0b:0e:a9:40:14:6c:7f:1b:15:00:77:0a:
98:76:ee:bd:62:24:f6:a7:8b:d4:7e:4b:8d:c9:eb:
04:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:05:B0:A0:A8:03:A4:A1:90:D1:A5:74:D2:13:D9:2E:57:83:36:73
X509v3 Authority Key Identifier:
keyid:6C:05:B0:A0:A8:03:A4:A1:90:D1:A5:74:D2:13:D9:2E:57:83:36:73
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
52:82:fe:3f:2b:71:41:fd:4c:9b:db:c5:b1:60:72:a7:cf:f4:
29:91:36:0f:ce:92:72:95:3e:34:ab:84:0c:af:23:e8:e1:28:
35:29:c9:c8:78:9a:12:d7:f1:22:1c:21:e1:b0:b4:df:af:36:
c4:ca:71:2a:6e:6f:4a:d5:65:58:31:7a:c2:d1:30:66:e0:0a:
61:54:e0:61:97:7b:41:72:58:d9:02:da:22:8b:21:e6:d5:31:
4c:d2:3c:11:d8:0d:12:f0:dc:eb:e0:1d:16:3a:74:de:9c:b4:
b2:bb:69:ed:e1:53:14:9e:1c:06:3f:ff:e7:2f:8a:d1:f6:37:
89:76:b2:61:60:5f:48:ce:a3:8f:e0:b5:6f:92:18:21:e4:a8:
1f:12:70:86:54:2a:da:78:3d:5d:3c:13:b8:b4:7f:a5:81:f0:
55:cf:ea:56:b4:0a:8a:ca:2b:ca:be:08:9e:a6:4c:12:99:5f:
23:93:08:58:70:8f:c8:fb:88:11:fe:d6:16:c7:a3:3b:1f:6b:
78:b0:05:29:9f:7d:4c:01:ba:ed:8a:5f:a8:38:e9:a4:c2:44:
ce:e8:37:1d:d8:1f:16:e4:ef:84:bb:1f:4b:3a:b0:9a:00:57:
aa:ba:52:1c:f4:da:f7:69:5d:ef:8d:35:ef:5c:03:fa:8d:87:
fc:92:60:28
-----BEGIN TRUSTED_CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbx0vjJENXPDFXOjDii
j/XxzyCFVpLfQoxcGtuOHS60s5Vy5Gd2fMVhYivPl/eEKYD/3+jn2vYFER1AHnN2
/+Tr+kVZINk1y8dPK0kqYXxFof7ajIkFOISrywvJNjvlPjFeC6YnY7HCNIg65eND
kwtGaQPdMRZlGG5kTITkoTdrFe/zj1foV/aohmKbktBn0+0PidNOCarodKvOS1Fj
UlXxJJ1CcMsUD+O0f7pqPIcn6zuCZJlq+b4gWp65iourlO3zM+vqQlx+IN/0nYKP
rI5SmQbb0J8BOOe5DNK0yn90A+L3Cw6pQBRsfxsVAHcKmHbuvWIk9qeL1H5Ljcnr
BKcCAwEAAaOByzCByDAdBgNVHQ4EFgQUbAWwoKgDpKGQ0aV00hPZLleDNnMwHwYD
VR0jBBgwFoAUbAWwoKgDpKGQ0aV00hPZLleDNnMwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBSgv4/K3FB
/Uyb28WxYHKnz/QpkTYPzpJylT40q4QMryPo4Sg1KcnIeJoS1/EiHCHhsLTfrzbE
ynEqbm9K1WVYMXrC0TBm4AphVOBhl3tBcljZAtoiiyHm1TFM0jwR2A0S8Nzr4B0W
OnTenLSyu2nt4VMUnhwGP//nL4rR9jeJdrJhYF9IzqOP4LVvkhgh5KgfEnCGVCra
eD1dPBO4tH+lgfBVz+pWtAqKyivKvgiepkwSmV8jkwhYcI/I+4gR/tYWx6M7H2t4
sAUpn31MAbrtil+oOOmkwkTO6Dcd2B8W5O+Eux9LOrCaAFequlIc9Nr3aV3vjTXv
XAP6jYf8kmAo
-----END TRUSTED_CERTIFICATE-----
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
-----BEGIN VERIFY_RESULT-----
U1VDQ0VTUw==
-----END VERIFY_RESULT-----