blob: 63275452fce3fb9530cb12b7daabe523fedbe843 [file] [log] [blame]
[Created by: generate-intermediary-lacks-signing-key-usage.py]
Certificate chain with 1 intermediary and a trusted root. The intermediary
contains a keyUsage extension, HOWEVER it does not contain the keyCertSign bit.
Hence validation is expected to fail.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediary
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:80:03:5a:ee:21:94:59:e3:bf:eb:26:bb:b5:
2e:39:80:35:38:e7:7e:1d:e6:17:d2:fb:50:be:d2:
03:33:14:ee:1f:a2:f8:78:bb:d0:60:e2:0c:ff:59:
80:52:fb:5a:3d:38:2d:26:9e:d6:af:df:f2:ff:49:
f7:ec:8a:02:2b:51:02:d3:53:f9:6e:2b:ed:68:5e:
90:54:03:7b:f7:0c:08:93:59:9f:41:2c:27:05:6c:
dd:dc:f8:a8:ea:78:c0:6d:a1:c8:11:cd:e8:40:cc:
6c:65:db:16:50:20:07:68:00:c0:7f:c5:89:fe:e8:
6a:0c:36:6a:ad:5a:ab:40:8e:4c:0e:e9:51:a0:6b:
28:b8:df:c0:7c:3c:6c:a7:b8:8b:9e:07:1f:e5:29:
01:5b:81:76:ca:53:80:b8:a4:8f:1a:35:66:b7:96:
24:ac:fb:44:a1:4c:71:c6:28:6d:91:75:59:1a:bf:
e4:8e:15:71:43:3f:24:3f:b4:db:a0:2c:5e:af:46:
16:65:7e:25:0c:90:5e:16:7b:e3:a6:47:0f:03:fe:
31:cc:06:dc:ba:0e:0b:fa:6b:e5:4a:53:11:c4:00:
54:d5:76:09:97:12:38:31:12:9d:27:49:e8:4d:01:
18:0c:54:b3:c7:a8:c3:fc:60:3f:92:0b:ef:9f:72:
8e:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:E3:64:67:6F:B9:A6:B7:6E:DC:62:12:09:FE:30:0A:19:F4:BF:B3
X509v3 Authority Key Identifier:
keyid:5A:C6:0B:DA:37:A3:BB:21:85:17:C5:EF:0C:FA:BF:A9:79:B1:FE:29
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediary.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediary.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
92:d5:77:f8:65:61:e9:66:0d:f7:00:9b:46:28:26:52:37:9f:
3c:15:33:01:95:61:b9:0c:a1:c3:e7:f5:09:6a:4c:ba:0f:3b:
80:3a:65:c3:22:e7:9d:e7:4d:c3:ca:3a:bc:88:98:6c:a3:8e:
56:4e:64:98:b7:85:a7:aa:d3:e8:9a:b3:e4:2f:7d:18:bf:74:
c7:29:d9:51:a7:39:4a:4b:e1:94:14:0b:f9:af:e9:89:26:98:
cb:b2:b7:64:d4:ab:42:f5:68:cb:40:78:72:91:02:13:fe:05:
41:68:42:c2:e0:d5:ea:bd:56:52:6f:76:b3:20:f4:e6:39:2a:
83:ea:7a:c9:d2:37:4a:45:c4:ad:ac:6a:24:38:6e:fd:d6:ed:
4c:42:cf:87:2c:7d:21:e5:18:ee:3a:c0:1e:83:ac:25:70:9a:
f5:fd:e7:4e:ab:67:0e:5d:00:9f:44:e4:e5:d6:d9:02:43:05:
91:c3:66:a6:1f:8a:ce:ae:c8:2b:4d:c6:0e:9e:5f:d7:ff:e7:
b6:39:a7:f1:19:b0:3a:59:33:6a:72:a6:03:6b:42:e7:f8:07:
a3:0d:2d:f7:31:c3:f4:e5:cf:8b:24:42:0c:29:40:5a:7d:df:
65:81:8c:0f:cb:86:e6:2b:39:26:58:0b:18:b8:4c:87:6c:10:
03:0b:7c:c4
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2gANa
7iGUWeO/6ya7tS45gDU4534d5hfS+1C+0gMzFO4fovh4u9Bg4gz/WYBS+1o9OC0m
ntav3/L/SffsigIrUQLTU/luK+1oXpBUA3v3DAiTWZ9BLCcFbN3c+KjqeMBtocgR
zehAzGxl2xZQIAdoAMB/xYn+6GoMNmqtWqtAjkwO6VGgayi438B8PGynuIueBx/l
KQFbgXbKU4C4pI8aNWa3liSs+0ShTHHGKG2RdVkav+SOFXFDPyQ/tNugLF6vRhZl
fiUMkF4We+OmRw8D/jHMBty6Dgv6a+VKUxHEAFTVdgmXEjgxEp0nSehNARgMVLPH
qMP8YD+SC++fco5ZAgMBAAGjgekwgeYwHQYDVR0OBBYEFHbjZGdvuaa3btxiEgn+
MAoZ9L+zMB8GA1UdIwQYMBaAFFrGC9o3o7shhRfF7wz6v6l5sf4pMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAktV3+GVh6WYN9wCbRigm
UjefPBUzAZVhuQyhw+f1CWpMug87gDplwyLnnedNw8o6vIiYbKOOVk5kmLeFp6rT
6Jqz5C99GL90xynZUac5SkvhlBQL+a/piSaYy7K3ZNSrQvVoy0B4cpECE/4FQWhC
wuDV6r1WUm92syD05jkqg+p6ydI3SkXEraxqJDhu/dbtTELPhyx9IeUY7jrAHoOs
JXCa9f3nTqtnDl0An0Tk5dbZAkMFkcNmph+Kzq7IK03GDp5f1//ntjmn8RmwOlkz
anKmA2tC5/gHow0t9zHD9OXPiyRCDClAWn3fZYGMD8uG5is5JlgLGLhMh2wQAwt8
xA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediary
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9b:71:4d:95:69:ff:1c:81:da:58:66:90:29:ae:
15:48:a6:43:09:a2:05:75:ca:16:d1:a5:69:e0:77:
c8:c1:f4:e5:e2:4d:97:c6:09:e4:e0:98:64:c2:b7:
7f:11:5a:ee:7a:3e:c5:d8:24:b0:b8:a2:98:ac:05:
bd:71:07:71:6a:11:67:17:55:5c:2d:d3:fe:4b:d0:
e1:f3:d5:08:de:7e:c2:56:ff:e6:95:6f:11:7f:5a:
34:e7:0c:1c:e3:82:f6:f4:e1:ed:4e:ce:60:2f:f7:
5d:b8:b1:54:f0:c8:aa:28:5d:56:90:24:7b:cf:a7:
01:de:d9:63:16:a3:7b:5e:34:c9:8c:35:50:57:fc:
be:6c:48:70:83:7a:52:d9:19:f8:e8:a2:91:f3:23:
34:f3:14:b6:3d:59:e6:86:05:9b:26:ec:14:fa:78:
d3:91:a4:af:f7:c5:01:15:c0:3c:84:b8:5f:09:62:
ab:c3:b3:51:df:14:20:47:ee:0b:5f:85:06:42:4d:
b3:5a:e0:08:14:32:d8:0a:8b:7a:41:f5:0e:34:cc:
4a:a3:79:be:6d:b5:cd:d1:b8:e0:71:2a:81:e1:22:
bc:6c:fe:89:59:97:ee:71:ad:d7:e1:d4:ea:01:85:
0a:ae:83:a1:09:65:3c:2e:68:29:e1:3f:b0:c2:c7:
90:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:C6:0B:DA:37:A3:BB:21:85:17:C5:EF:0C:FA:BF:A9:79:B1:FE:29
X509v3 Authority Key Identifier:
keyid:D3:3B:10:26:28:99:EC:09:2A:08:9C:53:7D:24:9F:B1:F1:04:0B:B5
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
53:21:fb:72:d3:86:6c:af:f6:75:07:5c:bc:0c:7a:97:8f:05:
b8:86:af:ee:af:ca:9b:c0:89:2f:28:cd:79:a7:a3:70:04:37:
8b:ca:4d:84:3a:72:d5:9a:2e:f9:85:64:59:5b:7f:7e:b4:bf:
09:74:af:fe:f1:d1:8c:47:3a:1b:87:9d:73:ce:a1:de:8f:33:
f7:ad:b4:7d:83:d5:e2:60:ff:f4:b2:79:ee:6b:fb:db:ae:c5:
f5:1c:e9:20:9a:b9:71:31:c9:55:02:a1:e1:9b:a6:b7:dd:c0:
cc:e1:66:02:91:fe:a1:59:67:bf:3b:45:32:20:08:a0:08:66:
eb:47:2d:db:24:6f:ab:3c:53:9b:96:81:5f:61:4a:fa:bb:70:
2a:31:a1:2b:ff:cc:ae:1c:c9:be:e5:a6:f1:6a:6e:b1:3f:4b:
30:59:e3:a7:9f:f2:6e:6d:9d:ed:5f:b9:cf:b2:07:66:84:63:
53:f4:64:c7:d1:b2:62:63:c6:ec:a2:09:89:c5:bc:75:96:bc:
d2:a5:86:f7:9c:28:1c:47:45:30:e6:90:87:c6:e3:2b:be:d3:
8e:b7:89:30:f3:f3:83:14:f6:56:be:0c:e7:34:6e:6f:b4:f3:
0c:17:87:dd:a8:e2:8b:ec:34:24:dc:0c:16:dc:e4:c4:21:da:
dc:ba:9d:a6
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3FNlWn/
HIHaWGaQKa4VSKZDCaIFdcoW0aVp4HfIwfTl4k2Xxgnk4Jhkwrd/EVruej7F2CSw
uKKYrAW9cQdxahFnF1VcLdP+S9Dh89UI3n7CVv/mlW8Rf1o05wwc44L29OHtTs5g
L/dduLFU8MiqKF1WkCR7z6cB3tljFqN7XjTJjDVQV/y+bEhwg3pS2Rn46KKR8yM0
8xS2PVnmhgWbJuwU+njTkaSv98UBFcA8hLhfCWKrw7NR3xQgR+4LX4UGQk2zWuAI
FDLYCot6QfUONMxKo3m+bbXN0bjgcSqB4SK8bP6JWZfuca3X4dTqAYUKroOhCWU8
Lmgp4T+wwseQhQIDAQABo4HLMIHIMB0GA1UdDgQWBBRaxgvaN6O7IYUXxe8M+r+p
ebH+KTAfBgNVHSMEGDAWgBTTOxAmKJnsCSoInFN9JJ+x8QQLtTA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgWgMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AFMh+3LThmyv9nUHXLwMepePBbiGr+6vypvAiS8ozXmno3AEN4vKTYQ6ctWaLvmF
ZFlbf360vwl0r/7x0YxHOhuHnXPOod6PM/ettH2D1eJg//Syee5r+9uuxfUc6SCa
uXExyVUCoeGbprfdwMzhZgKR/qFZZ787RTIgCKAIZutHLdskb6s8U5uWgV9hSvq7
cCoxoSv/zK4cyb7lpvFqbrE/SzBZ46ef8m5tne1fuc+yB2aEY1P0ZMfRsmJjxuyi
CYnFvHWWvNKlhvecKBxHRTDmkIfG4yu+0463iTDz84MU9la+DOc0bm+08wwXh92o
4ovsNCTcDBbc5MQh2ty6naY=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:99:27:87:07:8d:52:53:4f:bc:b6:55:16:e3:64:
12:13:89:32:c4:f9:6f:a2:9c:93:06:fc:4c:a9:4d:
09:1a:04:8a:24:58:74:7a:53:ad:d6:c6:29:0e:19:
f2:cc:1e:02:72:2d:7f:52:4c:3a:88:dd:35:fc:c5:
e6:d4:41:1a:b0:76:a7:b9:c1:db:d9:7a:a0:56:d8:
e7:4c:a6:ed:45:ca:99:eb:4c:dd:44:5b:52:79:00:
1b:f0:ca:fc:19:c9:39:d7:1c:24:e5:90:f8:77:f7:
4a:cd:0c:ec:dc:c5:15:6d:43:de:43:b4:f9:03:b9:
fa:b9:8f:4f:b4:e2:9f:dd:e8:d5:af:9f:ab:79:ce:
32:2f:be:04:85:e8:2f:5e:91:26:b5:08:a1:ef:11:
f5:20:28:8d:09:9f:4e:b9:5a:ef:cf:45:b3:aa:6e:
14:1b:fe:1e:c3:4b:39:ad:76:9a:58:b5:be:c4:ae:
ce:0e:03:ef:8e:5d:a7:03:00:e7:ed:88:0e:97:8e:
2d:bd:82:6e:d8:39:7f:c0:7e:4e:c8:1e:eb:60:cb:
f7:97:dd:fb:79:ee:a8:00:4a:40:b7:1c:2f:1a:59:
5a:51:36:a9:aa:0b:97:a0:d0:d5:87:5e:b9:36:73:
5c:31:fc:b6:8c:ef:f1:2a:f5:ea:6d:2b:05:d2:8c:
60:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:3B:10:26:28:99:EC:09:2A:08:9C:53:7D:24:9F:B1:F1:04:0B:B5
X509v3 Authority Key Identifier:
keyid:D3:3B:10:26:28:99:EC:09:2A:08:9C:53:7D:24:9F:B1:F1:04:0B:B5
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
2e:84:d8:57:d4:09:e8:0e:8f:b5:9c:8f:48:ef:62:40:49:3e:
9a:2e:b9:85:1c:77:f6:94:f3:73:0e:06:58:d4:63:5d:20:90:
e4:4b:c8:39:64:ca:ec:04:8c:bb:dd:b2:58:81:3e:89:05:1d:
42:19:f9:d4:92:24:de:03:6c:69:36:74:95:65:b3:a4:06:83:
2b:9f:93:72:57:dc:53:09:be:d2:fb:23:39:df:85:73:9a:c2:
c4:2d:7e:aa:36:01:dd:4e:a6:4f:fe:61:99:21:9c:89:a4:e7:
f8:8e:03:92:f6:cc:24:08:db:c8:59:41:6e:ea:c2:c3:4a:54:
d6:93:e5:3d:17:ff:24:a4:f7:55:2b:3c:d2:40:a7:2a:67:df:
67:66:f5:37:ef:aa:20:d2:5a:da:d1:19:08:43:be:ae:11:f3:
43:80:8a:ce:15:af:04:c5:b5:10:21:7c:f6:5e:7a:68:8e:59:
40:ca:4b:be:c7:59:1b:48:a4:a1:ee:ef:57:b4:5b:d9:93:3b:
a2:36:3b:b6:f2:54:1e:c8:97:7e:5c:62:99:6c:f6:b0:bf:df:
af:5a:52:64:99:39:93:20:dc:4f:5e:a6:fe:8d:19:e2:21:1f:
95:9d:7c:e8:8e:05:eb:74:ed:60:8e:ee:76:17:a8:40:56:36:
ac:bf:61:b9
-----BEGIN TRUSTED_CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJknhweNUlNPvLZVFuNk
EhOJMsT5b6Kckwb8TKlNCRoEiiRYdHpTrdbGKQ4Z8sweAnItf1JMOojdNfzF5tRB
GrB2p7nB29l6oFbY50ym7UXKmetM3URbUnkAG/DK/BnJOdccJOWQ+Hf3Ss0M7NzF
FW1D3kO0+QO5+rmPT7Tin93o1a+fq3nOMi++BIXoL16RJrUIoe8R9SAojQmfTrla
789Fs6puFBv+HsNLOa12mli1vsSuzg4D745dpwMA5+2IDpeOLb2Cbtg5f8B+Tsge
62DL95fd+3nuqABKQLccLxpZWlE2qaoLl6DQ1YdeuTZzXDH8tozv8Sr16m0rBdKM
YIcCAwEAAaOByzCByDAdBgNVHQ4EFgQU0zsQJiiZ7AkqCJxTfSSfsfEEC7UwHwYD
VR0jBBgwFoAU0zsQJiiZ7AkqCJxTfSSfsfEEC7UwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAuhNhX1Ano
Do+1nI9I72JAST6aLrmFHHf2lPNzDgZY1GNdIJDkS8g5ZMrsBIy73bJYgT6JBR1C
GfnUkiTeA2xpNnSVZbOkBoMrn5NyV9xTCb7S+yM534VzmsLELX6qNgHdTqZP/mGZ
IZyJpOf4jgOS9swkCNvIWUFu6sLDSlTWk+U9F/8kpPdVKzzSQKcqZ99nZvU376og
0lra0RkIQ76uEfNDgIrOFa8ExbUQIXz2XnpojllAyku+x1kbSKSh7u9XtFvZkzui
Nju28lQeyJd+XGKZbPawv9+vWlJkmTmTINxPXqb+jRniIR+VnXzojgXrdO1gju52
F6hAVjasv2G5
-----END TRUSTED_CERTIFICATE-----
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----