| [Created by: generate-intermediary-unknown-critical-extension.py] |
| |
| Certificate chain with 1 intermediary and a trusted root. The intermediary |
| has an unknown X.509v3 extension (OID=1.2.3.4) that is marked as critical. |
| Verifying this certificate chain is expected to fail because there is an |
| unrecognized critical extension. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediary |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:cf:51:a6:c4:9e:d4:eb:c4:eb:d6:57:2b:80:e5: |
| da:cd:db:3a:cf:b0:43:c5:18:9c:4e:b7:c4:9c:18: |
| 73:e6:85:e6:00:00:76:25:9f:5d:8f:28:19:f2:05: |
| 02:a9:5c:75:65:12:38:d7:7a:eb:e3:46:42:07:3d: |
| 3b:c4:5d:32:7b:26:fb:1e:69:cb:36:ca:c2:da:2f: |
| b4:ec:e3:bf:5e:9a:d3:8a:6d:3e:f2:53:dc:da:40: |
| 3c:fe:fd:02:36:32:f5:b2:17:bf:05:97:f0:3e:8b: |
| b7:15:a2:10:be:27:79:62:30:82:3e:57:60:60:13: |
| 8e:fc:33:8e:72:cd:d9:d9:50:e9:62:04:8c:e4:db: |
| f8:cf:1b:da:a2:f7:ee:4c:b8:7f:b2:bf:92:c9:2c: |
| 44:a7:b5:ad:b9:75:06:c0:24:5a:0b:44:ca:4f:af: |
| f6:2f:c2:00:12:bb:7b:0c:c4:54:47:f1:73:53:64: |
| 72:40:9d:51:40:b3:21:73:ce:82:c5:f3:b7:14:ef: |
| 31:50:5b:d5:0b:b7:92:0e:08:5c:ea:ed:73:86:e3: |
| b1:6d:63:7f:56:7d:74:3e:3b:90:8c:2f:a2:6e:65: |
| b9:4e:38:a3:54:fb:7b:de:69:6f:c0:57:ea:51:c0: |
| 09:83:b4:a8:4d:ec:74:a6:ea:31:97:0c:9a:66:b7: |
| 58:0f |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 89:EB:AF:F5:F3:C7:53:ED:03:95:5A:DB:94:4A:E0:BF:C3:D2:CE:FA |
| X509v3 Authority Key Identifier: |
| keyid:21:32:55:0D:16:9C:AD:C4:16:5D:BE:40:67:0D:B6:40:4E:E2:75:60 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediary.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediary.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 17:7b:87:2f:11:ac:6d:68:03:d3:07:31:20:18:b7:d4:9d:98: |
| e4:aa:10:6d:f2:41:2f:3e:cf:1f:50:f9:f9:3f:6e:61:c2:b7: |
| dd:e0:f6:5a:d6:66:bb:2d:31:98:6a:12:0a:17:e8:a1:4e:cd: |
| fd:c4:ed:3e:01:a3:1c:ef:18:9e:fb:f8:46:c6:1b:ad:a4:ce: |
| ba:84:79:a6:84:f0:2c:84:d4:6c:3f:f9:ff:f8:66:f1:9b:82: |
| 8c:83:c8:79:5b:bd:f0:dd:e0:e5:76:55:92:97:d2:46:64:ea: |
| 3e:99:bc:9d:b8:8f:15:41:f8:3f:1b:c0:df:cd:d5:01:88:74: |
| 37:8e:58:f8:ad:7d:75:70:59:98:cc:c4:bd:fc:b9:bd:f5:69: |
| fe:09:08:be:ea:e8:f3:ee:53:d8:05:4f:d5:d1:85:dc:7e:58: |
| 64:cf:d4:41:c1:d0:ec:c4:2a:ca:ae:39:8e:57:63:e3:03:ff: |
| 4f:d4:42:92:ec:ac:e8:f6:83:e5:51:0e:32:2c:6f:2d:15:72: |
| 21:37:f0:18:77:3b:97:f5:71:84:1f:07:e0:76:b6:a0:f4:34: |
| 16:b9:53:e2:4f:48:45:b6:7d:b3:0f:30:06:e6:89:89:a4:3f: |
| e8:4c:2a:9c:1f:9c:91:c9:66:4e:28:39:3d:5b:21:19:03:dc: |
| 02:56:69:e9 |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPUabE |
| ntTrxOvWVyuA5drN2zrPsEPFGJxOt8ScGHPmheYAAHYln12PKBnyBQKpXHVlEjjX |
| euvjRkIHPTvEXTJ7Jvseacs2ysLaL7Ts479emtOKbT7yU9zaQDz+/QI2MvWyF78F |
| l/A+i7cVohC+J3liMII+V2BgE478M45yzdnZUOliBIzk2/jPG9qi9+5MuH+yv5LJ |
| LESnta25dQbAJFoLRMpPr/YvwgASu3sMxFRH8XNTZHJAnVFAsyFzzoLF87cU7zFQ |
| W9ULt5IOCFzq7XOG47FtY39WfXQ+O5CML6JuZblOOKNU+3veaW/AV+pRwAmDtKhN |
| 7HSm6jGXDJpmt1gPAgMBAAGjgekwgeYwHQYDVR0OBBYEFInrr/Xzx1PtA5Va25RK |
| 4L/D0s76MB8GA1UdIwQYMBaAFCEyVQ0WnK3EFl2+QGcNtkBO4nVgMD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAF3uHLxGsbWgD0wcxIBi3 |
| 1J2Y5KoQbfJBLz7PH1D5+T9uYcK33eD2WtZmuy0xmGoSChfooU7N/cTtPgGjHO8Y |
| nvv4RsYbraTOuoR5poTwLITUbD/5//hm8ZuCjIPIeVu98N3g5XZVkpfSRmTqPpm8 |
| nbiPFUH4PxvA383VAYh0N45Y+K19dXBZmMzEvfy5vfVp/gkIvuro8+5T2AVP1dGF |
| 3H5YZM/UQcHQ7MQqyq45jldj4wP/T9RCkuys6PaD5VEOMixvLRVyITfwGHc7l/Vx |
| hB8H4Ha2oPQ0FrlT4k9IRbZ9sw8wBuaJiaQ/6EwqnB+ckclmTig5PVshGQPcAlZp |
| 6Q== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediary |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:c7:80:3b:a7:4e:4e:fa:0a:39:4f:5b:5c:af:ba: |
| 84:27:6a:8d:34:95:5e:91:93:c8:d0:1f:64:84:5f: |
| 25:d9:3b:5d:f9:31:5f:4f:6f:04:be:50:35:09:5e: |
| 78:f3:9a:15:b5:27:fa:24:70:04:26:29:08:95:a5: |
| dd:b1:ee:4f:ee:d8:a0:59:51:ab:75:70:c2:7b:42: |
| 06:e2:4d:d7:91:ec:e5:e7:f8:34:1e:01:63:45:11: |
| 6a:fe:45:3e:e7:16:59:86:e7:4b:91:67:ec:1f:c1: |
| 13:a4:62:cb:f6:0d:9b:2b:e5:1e:df:c4:35:f3:94: |
| 60:9b:99:e1:54:ce:ff:7d:92:f1:9d:d4:f6:0e:99: |
| 8c:dc:7b:b1:95:54:04:6f:40:1c:23:42:50:ab:96: |
| f5:9e:93:27:f1:5c:e5:97:9c:c1:e4:ae:a8:cb:f9: |
| 42:7e:14:02:e1:32:4b:4d:03:2d:2a:a6:7e:a1:77: |
| c3:4e:4e:46:18:1a:95:d7:0d:48:8d:a1:d3:bb:b7: |
| 55:07:01:d9:c0:27:fd:f7:ec:61:3a:57:84:b6:91: |
| 78:dc:a9:19:a6:d4:83:c5:57:67:bd:b7:a0:6a:ec: |
| 7b:83:1e:d9:bf:2f:b7:bf:d6:ce:18:5a:54:cf:8b: |
| 1a:fc:5a:03:63:bc:d2:3a:01:db:91:e0:ce:96:19: |
| 55:19 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 21:32:55:0D:16:9C:AD:C4:16:5D:BE:40:67:0D:B6:40:4E:E2:75:60 |
| X509v3 Authority Key Identifier: |
| keyid:BA:1F:26:2C:E0:77:F2:16:78:6D:83:49:A1:30:9E:B4:AB:10:6A:22 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| 1.2.3.4: critical |
| .... |
| Signature Algorithm: sha256WithRSAEncryption |
| 02:57:1a:5a:82:9a:29:1e:39:b4:aa:c4:e3:04:2b:6f:1c:0a: |
| 79:df:d3:f8:c9:9f:94:b6:c1:7e:e5:47:8d:35:72:e2:09:ce: |
| 6f:61:f1:7e:93:f3:37:11:0d:c0:28:05:bc:8d:dc:f8:2a:22: |
| 0e:dc:79:b9:71:99:38:f5:c2:81:ac:0b:47:c2:39:96:2e:2b: |
| 35:0a:fe:80:fe:50:da:74:03:1c:4b:36:be:4b:23:70:4f:a1: |
| 1f:c8:3b:9a:6b:92:3d:61:9b:67:9a:8b:ea:0b:b0:8c:aa:6a: |
| 02:fd:27:6f:a8:be:8f:d0:78:f2:84:76:da:e2:c5:10:3c:9f: |
| 61:c4:3f:50:8e:40:ac:d8:aa:87:b6:7c:da:42:c5:05:c0:82: |
| bc:9f:35:ae:22:34:32:11:71:ab:fd:27:af:ef:42:ec:cd:b7: |
| d1:66:14:5f:f1:e5:10:c2:1f:ac:e4:96:1f:a9:9c:5a:ad:97: |
| 4d:90:40:df:cb:77:15:ba:d5:f4:76:94:9f:d6:c2:4f:53:60: |
| 3b:c3:a3:9c:02:4d:03:28:32:58:3d:0f:62:36:a9:7b:70:d9: |
| f8:2b:05:cd:ca:c7:17:68:76:6b:cd:ad:7f:f1:65:a6:d1:be: |
| b7:4c:83:bb:0d:5d:98:6e:02:d3:b6:ea:82:b6:44:0d:a1:b2: |
| 37:4b:a0:a3 |
| -----BEGIN CERTIFICATE----- |
| MIIDfTCCAmWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4A7p05O |
| +go5T1tcr7qEJ2qNNJVekZPI0B9khF8l2Ttd+TFfT28EvlA1CV5485oVtSf6JHAE |
| JikIlaXdse5P7tigWVGrdXDCe0IG4k3Xkezl5/g0HgFjRRFq/kU+5xZZhudLkWfs |
| H8ETpGLL9g2bK+Ue38Q185Rgm5nhVM7/fZLxndT2DpmM3HuxlVQEb0AcI0JQq5b1 |
| npMn8Vzll5zB5K6oy/lCfhQC4TJLTQMtKqZ+oXfDTk5GGBqV1w1IjaHTu7dVBwHZ |
| wCf99+xhOleEtpF43KkZptSDxVdnvbegaux7gx7Zvy+3v9bOGFpUz4sa/FoDY7zS |
| OgHbkeDOlhlVGQIDAQABo4HbMIHYMB0GA1UdDgQWBBQhMlUNFpytxBZdvkBnDbZA |
| TuJ1YDAfBgNVHSMEGDAWgBS6HyYs4HfyFnhtg0mhMJ60qxBqIjA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDgYDKgMEAQH/BAQBAgMEMA0G |
| CSqGSIb3DQEBCwUAA4IBAQACVxpagpopHjm0qsTjBCtvHAp539P4yZ+UtsF+5UeN |
| NXLiCc5vYfF+k/M3EQ3AKAW8jdz4KiIO3Hm5cZk49cKBrAtHwjmWLis1Cv6A/lDa |
| dAMcSza+SyNwT6EfyDuaa5I9YZtnmovqC7CMqmoC/SdvqL6P0HjyhHba4sUQPJ9h |
| xD9QjkCs2KqHtnzaQsUFwIK8nzWuIjQyEXGr/Sev70LszbfRZhRf8eUQwh+s5JYf |
| qZxarZdNkEDfy3cVutX0dpSf1sJPU2A7w6OcAk0DKDJYPQ9iNql7cNn4KwXNyscX |
| aHZrza1/8WWm0b63TIO7DV2YbgLTtuqCtkQNobI3S6Cj |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:9f:42:45:62:cb:c5:f3:07:65:8a:9b:4c:d4:91: |
| 4a:66:e6:89:24:24:6f:91:3e:4a:50:63:42:47:e3: |
| 67:10:71:ac:f3:81:82:3b:9f:56:7c:6a:36:a6:87: |
| be:d5:e6:03:4b:bb:d3:c8:90:6a:6b:1d:4c:16:a1: |
| c3:98:58:f7:39:de:90:27:df:40:c5:03:10:b2:b4: |
| 1b:cb:28:5d:80:a4:83:60:f2:c0:ac:f5:1f:81:4d: |
| 31:84:6f:04:96:7b:26:bf:b6:55:78:33:06:23:65: |
| 1c:bc:65:ac:a3:31:27:49:38:ce:92:73:87:a7:b4: |
| 53:4b:85:71:29:7a:f5:09:fc:03:9a:90:56:14:b1: |
| b7:89:03:c4:61:b6:49:fc:3d:30:62:84:a2:46:66: |
| 22:37:32:fd:a3:62:bb:99:62:53:ca:fc:1f:e9:29: |
| c6:d4:8c:09:6f:02:d5:de:7c:de:12:d8:00:dd:df: |
| 04:94:d4:36:b5:f6:d9:fe:a7:ff:46:e7:07:da:3e: |
| d0:e3:ea:90:4c:7c:b7:ff:bc:85:99:d5:1f:46:f5: |
| ac:57:e9:09:03:61:8c:0b:9d:a8:82:9c:17:43:27: |
| de:80:d2:59:e3:ca:ed:23:41:1a:32:48:83:ca:bd: |
| 8e:cb:bf:9c:f0:03:7d:e0:41:ce:72:05:27:59:3c: |
| 10:5b |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| BA:1F:26:2C:E0:77:F2:16:78:6D:83:49:A1:30:9E:B4:AB:10:6A:22 |
| X509v3 Authority Key Identifier: |
| keyid:BA:1F:26:2C:E0:77:F2:16:78:6D:83:49:A1:30:9E:B4:AB:10:6A:22 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 70:b4:15:ff:b7:d9:b7:51:10:ce:fa:e5:61:0e:f6:c7:b6:d7: |
| be:59:ed:07:d5:77:95:e1:ef:3f:80:9e:99:d2:2c:1b:9a:a7: |
| 35:1c:ec:84:9e:ce:27:52:3a:2c:00:06:4d:60:62:aa:4b:a7: |
| 61:32:e3:64:f1:96:c7:d2:3f:fe:78:bc:f4:da:76:f9:44:d2: |
| 9b:1a:94:1f:44:9a:49:c9:c0:1c:de:a9:63:d0:23:4a:c3:fb: |
| 60:45:76:dd:12:ef:c1:95:4f:8e:bd:48:56:b8:f9:74:e2:5c: |
| ae:90:5a:19:9e:90:13:0b:97:ff:cd:a9:45:54:68:aa:fa:f6: |
| ea:3f:2e:fa:2a:40:48:42:cd:10:cc:c8:e6:a4:34:9d:8f:1c: |
| 74:55:58:b2:99:cf:35:40:23:bf:90:5f:4c:60:30:5f:a0:b4: |
| d6:0f:4f:42:03:71:82:f7:d3:f5:72:bb:a8:cf:24:ab:10:7e: |
| c5:e1:84:a9:7e:25:b1:8a:80:db:ae:0e:49:f1:03:fb:11:1a: |
| 63:58:42:7f:73:9b:f3:f8:d6:ae:81:0b:59:ca:98:ec:3d:9c: |
| 85:6b:7d:70:e8:c2:04:47:f0:b6:7e:4a:96:70:c9:a8:11:b7: |
| 23:54:55:d3:57:c3:7e:47:66:35:91:26:56:fd:37:14:35:a4: |
| 6b:29:38:ee |
| -----BEGIN TRUSTED_CERTIFICATE----- |
| MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ9CRWLLxfMHZYqbTNSR |
| SmbmiSQkb5E+SlBjQkfjZxBxrPOBgjufVnxqNqaHvtXmA0u708iQamsdTBahw5hY |
| 9znekCffQMUDELK0G8soXYCkg2DywKz1H4FNMYRvBJZ7Jr+2VXgzBiNlHLxlrKMx |
| J0k4zpJzh6e0U0uFcSl69Qn8A5qQVhSxt4kDxGG2Sfw9MGKEokZmIjcy/aNiu5li |
| U8r8H+kpxtSMCW8C1d583hLYAN3fBJTUNrX22f6n/0bnB9o+0OPqkEx8t/+8hZnV |
| H0b1rFfpCQNhjAudqIKcF0Mn3oDSWePK7SNBGjJIg8q9jsu/nPADfeBBznIFJ1k8 |
| EFsCAwEAAaOByzCByDAdBgNVHQ4EFgQUuh8mLOB38hZ4bYNJoTCetKsQaiIwHwYD |
| VR0jBBgwFoAUuh8mLOB38hZ4bYNJoTCetKsQaiIwNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBwtBX/t9m3 |
| URDO+uVhDvbHtte+We0H1XeV4e8/gJ6Z0iwbmqc1HOyEns4nUjosAAZNYGKqS6dh |
| MuNk8ZbH0j/+eLz02nb5RNKbGpQfRJpJycAc3qlj0CNKw/tgRXbdEu/BlU+OvUhW |
| uPl04lyukFoZnpATC5f/zalFVGiq+vbqPy76KkBIQs0QzMjmpDSdjxx0VViymc81 |
| QCO/kF9MYDBfoLTWD09CA3GC99P1cruozySrEH7F4YSpfiWxioDbrg5J8QP7ERpj |
| WEJ/c5vz+NaugQtZypjsPZyFa31w6MIER/C2fkqWcMmoEbcjVFXTV8N+R2Y1kSZW |
| /TcUNaRrKTju |
| -----END TRUSTED_CERTIFICATE----- |
| |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| -----BEGIN VERIFY_RESULT----- |
| RkFJTA== |
| -----END VERIFY_RESULT----- |