| [Created by: generate-intermediary-lacks-signing-key-usage.py] |
| |
| Certificate chain with 1 intermediary and a trusted root. The intermediary |
| contains a keyUsage extension, HOWEVER it does not contain the keyCertSign bit. |
| Hence validation is expected to fail. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediary |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:b6:80:03:5a:ee:21:94:59:e3:bf:eb:26:bb:b5: |
| 2e:39:80:35:38:e7:7e:1d:e6:17:d2:fb:50:be:d2: |
| 03:33:14:ee:1f:a2:f8:78:bb:d0:60:e2:0c:ff:59: |
| 80:52:fb:5a:3d:38:2d:26:9e:d6:af:df:f2:ff:49: |
| f7:ec:8a:02:2b:51:02:d3:53:f9:6e:2b:ed:68:5e: |
| 90:54:03:7b:f7:0c:08:93:59:9f:41:2c:27:05:6c: |
| dd:dc:f8:a8:ea:78:c0:6d:a1:c8:11:cd:e8:40:cc: |
| 6c:65:db:16:50:20:07:68:00:c0:7f:c5:89:fe:e8: |
| 6a:0c:36:6a:ad:5a:ab:40:8e:4c:0e:e9:51:a0:6b: |
| 28:b8:df:c0:7c:3c:6c:a7:b8:8b:9e:07:1f:e5:29: |
| 01:5b:81:76:ca:53:80:b8:a4:8f:1a:35:66:b7:96: |
| 24:ac:fb:44:a1:4c:71:c6:28:6d:91:75:59:1a:bf: |
| e4:8e:15:71:43:3f:24:3f:b4:db:a0:2c:5e:af:46: |
| 16:65:7e:25:0c:90:5e:16:7b:e3:a6:47:0f:03:fe: |
| 31:cc:06:dc:ba:0e:0b:fa:6b:e5:4a:53:11:c4:00: |
| 54:d5:76:09:97:12:38:31:12:9d:27:49:e8:4d:01: |
| 18:0c:54:b3:c7:a8:c3:fc:60:3f:92:0b:ef:9f:72: |
| 8e:59 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 76:E3:64:67:6F:B9:A6:B7:6E:DC:62:12:09:FE:30:0A:19:F4:BF:B3 |
| X509v3 Authority Key Identifier: |
| keyid:5A:C6:0B:DA:37:A3:BB:21:85:17:C5:EF:0C:FA:BF:A9:79:B1:FE:29 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediary.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediary.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 92:d5:77:f8:65:61:e9:66:0d:f7:00:9b:46:28:26:52:37:9f: |
| 3c:15:33:01:95:61:b9:0c:a1:c3:e7:f5:09:6a:4c:ba:0f:3b: |
| 80:3a:65:c3:22:e7:9d:e7:4d:c3:ca:3a:bc:88:98:6c:a3:8e: |
| 56:4e:64:98:b7:85:a7:aa:d3:e8:9a:b3:e4:2f:7d:18:bf:74: |
| c7:29:d9:51:a7:39:4a:4b:e1:94:14:0b:f9:af:e9:89:26:98: |
| cb:b2:b7:64:d4:ab:42:f5:68:cb:40:78:72:91:02:13:fe:05: |
| 41:68:42:c2:e0:d5:ea:bd:56:52:6f:76:b3:20:f4:e6:39:2a: |
| 83:ea:7a:c9:d2:37:4a:45:c4:ad:ac:6a:24:38:6e:fd:d6:ed: |
| 4c:42:cf:87:2c:7d:21:e5:18:ee:3a:c0:1e:83:ac:25:70:9a: |
| f5:fd:e7:4e:ab:67:0e:5d:00:9f:44:e4:e5:d6:d9:02:43:05: |
| 91:c3:66:a6:1f:8a:ce:ae:c8:2b:4d:c6:0e:9e:5f:d7:ff:e7: |
| b6:39:a7:f1:19:b0:3a:59:33:6a:72:a6:03:6b:42:e7:f8:07: |
| a3:0d:2d:f7:31:c3:f4:e5:cf:8b:24:42:0c:29:40:5a:7d:df: |
| 65:81:8c:0f:cb:86:e6:2b:39:26:58:0b:18:b8:4c:87:6c:10: |
| 03:0b:7c:c4 |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2gANa |
| 7iGUWeO/6ya7tS45gDU4534d5hfS+1C+0gMzFO4fovh4u9Bg4gz/WYBS+1o9OC0m |
| ntav3/L/SffsigIrUQLTU/luK+1oXpBUA3v3DAiTWZ9BLCcFbN3c+KjqeMBtocgR |
| zehAzGxl2xZQIAdoAMB/xYn+6GoMNmqtWqtAjkwO6VGgayi438B8PGynuIueBx/l |
| KQFbgXbKU4C4pI8aNWa3liSs+0ShTHHGKG2RdVkav+SOFXFDPyQ/tNugLF6vRhZl |
| fiUMkF4We+OmRw8D/jHMBty6Dgv6a+VKUxHEAFTVdgmXEjgxEp0nSehNARgMVLPH |
| qMP8YD+SC++fco5ZAgMBAAGjgekwgeYwHQYDVR0OBBYEFHbjZGdvuaa3btxiEgn+ |
| MAoZ9L+zMB8GA1UdIwQYMBaAFFrGC9o3o7shhRfF7wz6v6l5sf4pMD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAktV3+GVh6WYN9wCbRigm |
| UjefPBUzAZVhuQyhw+f1CWpMug87gDplwyLnnedNw8o6vIiYbKOOVk5kmLeFp6rT |
| 6Jqz5C99GL90xynZUac5SkvhlBQL+a/piSaYy7K3ZNSrQvVoy0B4cpECE/4FQWhC |
| wuDV6r1WUm92syD05jkqg+p6ydI3SkXEraxqJDhu/dbtTELPhyx9IeUY7jrAHoOs |
| JXCa9f3nTqtnDl0An0Tk5dbZAkMFkcNmph+Kzq7IK03GDp5f1//ntjmn8RmwOlkz |
| anKmA2tC5/gHow0t9zHD9OXPiyRCDClAWn3fZYGMD8uG5is5JlgLGLhMh2wQAwt8 |
| xA== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediary |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:9b:71:4d:95:69:ff:1c:81:da:58:66:90:29:ae: |
| 15:48:a6:43:09:a2:05:75:ca:16:d1:a5:69:e0:77: |
| c8:c1:f4:e5:e2:4d:97:c6:09:e4:e0:98:64:c2:b7: |
| 7f:11:5a:ee:7a:3e:c5:d8:24:b0:b8:a2:98:ac:05: |
| bd:71:07:71:6a:11:67:17:55:5c:2d:d3:fe:4b:d0: |
| e1:f3:d5:08:de:7e:c2:56:ff:e6:95:6f:11:7f:5a: |
| 34:e7:0c:1c:e3:82:f6:f4:e1:ed:4e:ce:60:2f:f7: |
| 5d:b8:b1:54:f0:c8:aa:28:5d:56:90:24:7b:cf:a7: |
| 01:de:d9:63:16:a3:7b:5e:34:c9:8c:35:50:57:fc: |
| be:6c:48:70:83:7a:52:d9:19:f8:e8:a2:91:f3:23: |
| 34:f3:14:b6:3d:59:e6:86:05:9b:26:ec:14:fa:78: |
| d3:91:a4:af:f7:c5:01:15:c0:3c:84:b8:5f:09:62: |
| ab:c3:b3:51:df:14:20:47:ee:0b:5f:85:06:42:4d: |
| b3:5a:e0:08:14:32:d8:0a:8b:7a:41:f5:0e:34:cc: |
| 4a:a3:79:be:6d:b5:cd:d1:b8:e0:71:2a:81:e1:22: |
| bc:6c:fe:89:59:97:ee:71:ad:d7:e1:d4:ea:01:85: |
| 0a:ae:83:a1:09:65:3c:2e:68:29:e1:3f:b0:c2:c7: |
| 90:85 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 5A:C6:0B:DA:37:A3:BB:21:85:17:C5:EF:0C:FA:BF:A9:79:B1:FE:29 |
| X509v3 Authority Key Identifier: |
| keyid:D3:3B:10:26:28:99:EC:09:2A:08:9C:53:7D:24:9F:B1:F1:04:0B:B5 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 53:21:fb:72:d3:86:6c:af:f6:75:07:5c:bc:0c:7a:97:8f:05: |
| b8:86:af:ee:af:ca:9b:c0:89:2f:28:cd:79:a7:a3:70:04:37: |
| 8b:ca:4d:84:3a:72:d5:9a:2e:f9:85:64:59:5b:7f:7e:b4:bf: |
| 09:74:af:fe:f1:d1:8c:47:3a:1b:87:9d:73:ce:a1:de:8f:33: |
| f7:ad:b4:7d:83:d5:e2:60:ff:f4:b2:79:ee:6b:fb:db:ae:c5: |
| f5:1c:e9:20:9a:b9:71:31:c9:55:02:a1:e1:9b:a6:b7:dd:c0: |
| cc:e1:66:02:91:fe:a1:59:67:bf:3b:45:32:20:08:a0:08:66: |
| eb:47:2d:db:24:6f:ab:3c:53:9b:96:81:5f:61:4a:fa:bb:70: |
| 2a:31:a1:2b:ff:cc:ae:1c:c9:be:e5:a6:f1:6a:6e:b1:3f:4b: |
| 30:59:e3:a7:9f:f2:6e:6d:9d:ed:5f:b9:cf:b2:07:66:84:63: |
| 53:f4:64:c7:d1:b2:62:63:c6:ec:a2:09:89:c5:bc:75:96:bc: |
| d2:a5:86:f7:9c:28:1c:47:45:30:e6:90:87:c6:e3:2b:be:d3: |
| 8e:b7:89:30:f3:f3:83:14:f6:56:be:0c:e7:34:6e:6f:b4:f3: |
| 0c:17:87:dd:a8:e2:8b:ec:34:24:dc:0c:16:dc:e4:c4:21:da: |
| dc:ba:9d:a6 |
| -----BEGIN CERTIFICATE----- |
| MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3FNlWn/ |
| HIHaWGaQKa4VSKZDCaIFdcoW0aVp4HfIwfTl4k2Xxgnk4Jhkwrd/EVruej7F2CSw |
| uKKYrAW9cQdxahFnF1VcLdP+S9Dh89UI3n7CVv/mlW8Rf1o05wwc44L29OHtTs5g |
| L/dduLFU8MiqKF1WkCR7z6cB3tljFqN7XjTJjDVQV/y+bEhwg3pS2Rn46KKR8yM0 |
| 8xS2PVnmhgWbJuwU+njTkaSv98UBFcA8hLhfCWKrw7NR3xQgR+4LX4UGQk2zWuAI |
| FDLYCot6QfUONMxKo3m+bbXN0bjgcSqB4SK8bP6JWZfuca3X4dTqAYUKroOhCWU8 |
| Lmgp4T+wwseQhQIDAQABo4HLMIHIMB0GA1UdDgQWBBRaxgvaN6O7IYUXxe8M+r+p |
| ebH+KTAfBgNVHSMEGDAWgBTTOxAmKJnsCSoInFN9JJ+x8QQLtTA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgWgMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| AFMh+3LThmyv9nUHXLwMepePBbiGr+6vypvAiS8ozXmno3AEN4vKTYQ6ctWaLvmF |
| ZFlbf360vwl0r/7x0YxHOhuHnXPOod6PM/ettH2D1eJg//Syee5r+9uuxfUc6SCa |
| uXExyVUCoeGbprfdwMzhZgKR/qFZZ787RTIgCKAIZutHLdskb6s8U5uWgV9hSvq7 |
| cCoxoSv/zK4cyb7lpvFqbrE/SzBZ46ef8m5tne1fuc+yB2aEY1P0ZMfRsmJjxuyi |
| CYnFvHWWvNKlhvecKBxHRTDmkIfG4yu+0463iTDz84MU9la+DOc0bm+08wwXh92o |
| 4ovsNCTcDBbc5MQh2ty6naY= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:99:27:87:07:8d:52:53:4f:bc:b6:55:16:e3:64: |
| 12:13:89:32:c4:f9:6f:a2:9c:93:06:fc:4c:a9:4d: |
| 09:1a:04:8a:24:58:74:7a:53:ad:d6:c6:29:0e:19: |
| f2:cc:1e:02:72:2d:7f:52:4c:3a:88:dd:35:fc:c5: |
| e6:d4:41:1a:b0:76:a7:b9:c1:db:d9:7a:a0:56:d8: |
| e7:4c:a6:ed:45:ca:99:eb:4c:dd:44:5b:52:79:00: |
| 1b:f0:ca:fc:19:c9:39:d7:1c:24:e5:90:f8:77:f7: |
| 4a:cd:0c:ec:dc:c5:15:6d:43:de:43:b4:f9:03:b9: |
| fa:b9:8f:4f:b4:e2:9f:dd:e8:d5:af:9f:ab:79:ce: |
| 32:2f:be:04:85:e8:2f:5e:91:26:b5:08:a1:ef:11: |
| f5:20:28:8d:09:9f:4e:b9:5a:ef:cf:45:b3:aa:6e: |
| 14:1b:fe:1e:c3:4b:39:ad:76:9a:58:b5:be:c4:ae: |
| ce:0e:03:ef:8e:5d:a7:03:00:e7:ed:88:0e:97:8e: |
| 2d:bd:82:6e:d8:39:7f:c0:7e:4e:c8:1e:eb:60:cb: |
| f7:97:dd:fb:79:ee:a8:00:4a:40:b7:1c:2f:1a:59: |
| 5a:51:36:a9:aa:0b:97:a0:d0:d5:87:5e:b9:36:73: |
| 5c:31:fc:b6:8c:ef:f1:2a:f5:ea:6d:2b:05:d2:8c: |
| 60:87 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| D3:3B:10:26:28:99:EC:09:2A:08:9C:53:7D:24:9F:B1:F1:04:0B:B5 |
| X509v3 Authority Key Identifier: |
| keyid:D3:3B:10:26:28:99:EC:09:2A:08:9C:53:7D:24:9F:B1:F1:04:0B:B5 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 2e:84:d8:57:d4:09:e8:0e:8f:b5:9c:8f:48:ef:62:40:49:3e: |
| 9a:2e:b9:85:1c:77:f6:94:f3:73:0e:06:58:d4:63:5d:20:90: |
| e4:4b:c8:39:64:ca:ec:04:8c:bb:dd:b2:58:81:3e:89:05:1d: |
| 42:19:f9:d4:92:24:de:03:6c:69:36:74:95:65:b3:a4:06:83: |
| 2b:9f:93:72:57:dc:53:09:be:d2:fb:23:39:df:85:73:9a:c2: |
| c4:2d:7e:aa:36:01:dd:4e:a6:4f:fe:61:99:21:9c:89:a4:e7: |
| f8:8e:03:92:f6:cc:24:08:db:c8:59:41:6e:ea:c2:c3:4a:54: |
| d6:93:e5:3d:17:ff:24:a4:f7:55:2b:3c:d2:40:a7:2a:67:df: |
| 67:66:f5:37:ef:aa:20:d2:5a:da:d1:19:08:43:be:ae:11:f3: |
| 43:80:8a:ce:15:af:04:c5:b5:10:21:7c:f6:5e:7a:68:8e:59: |
| 40:ca:4b:be:c7:59:1b:48:a4:a1:ee:ef:57:b4:5b:d9:93:3b: |
| a2:36:3b:b6:f2:54:1e:c8:97:7e:5c:62:99:6c:f6:b0:bf:df: |
| af:5a:52:64:99:39:93:20:dc:4f:5e:a6:fe:8d:19:e2:21:1f: |
| 95:9d:7c:e8:8e:05:eb:74:ed:60:8e:ee:76:17:a8:40:56:36: |
| ac:bf:61:b9 |
| -----BEGIN TRUSTED_CERTIFICATE----- |
| MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJknhweNUlNPvLZVFuNk |
| EhOJMsT5b6Kckwb8TKlNCRoEiiRYdHpTrdbGKQ4Z8sweAnItf1JMOojdNfzF5tRB |
| GrB2p7nB29l6oFbY50ym7UXKmetM3URbUnkAG/DK/BnJOdccJOWQ+Hf3Ss0M7NzF |
| FW1D3kO0+QO5+rmPT7Tin93o1a+fq3nOMi++BIXoL16RJrUIoe8R9SAojQmfTrla |
| 789Fs6puFBv+HsNLOa12mli1vsSuzg4D745dpwMA5+2IDpeOLb2Cbtg5f8B+Tsge |
| 62DL95fd+3nuqABKQLccLxpZWlE2qaoLl6DQ1YdeuTZzXDH8tozv8Sr16m0rBdKM |
| YIcCAwEAAaOByzCByDAdBgNVHQ4EFgQU0zsQJiiZ7AkqCJxTfSSfsfEEC7UwHwYD |
| VR0jBBgwFoAU0zsQJiiZ7AkqCJxTfSSfsfEEC7UwNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAuhNhX1Ano |
| Do+1nI9I72JAST6aLrmFHHf2lPNzDgZY1GNdIJDkS8g5ZMrsBIy73bJYgT6JBR1C |
| GfnUkiTeA2xpNnSVZbOkBoMrn5NyV9xTCb7S+yM534VzmsLELX6qNgHdTqZP/mGZ |
| IZyJpOf4jgOS9swkCNvIWUFu6sLDSlTWk+U9F/8kpPdVKzzSQKcqZ99nZvU376og |
| 0lra0RkIQ76uEfNDgIrOFa8ExbUQIXz2XnpojllAyku+x1kbSKSh7u9XtFvZkzui |
| Nju28lQeyJd+XGKZbPawv9+vWlJkmTmTINxPXqb+jRniIR+VnXzojgXrdO1gju52 |
| F6hAVjasv2G5 |
| -----END TRUSTED_CERTIFICATE----- |
| |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| -----BEGIN VERIFY_RESULT----- |
| RkFJTA== |
| -----END VERIFY_RESULT----- |