blob: 7e7045c11585511f20528721aa673445f959bd90 [file] [log] [blame]
[Created by: generate-intermediary-unknown-critical-extension.py]
Certificate chain with 1 intermediary and a trusted root. The intermediary
has an unknown X.509v3 extension (OID=1.2.3.4) that is marked as critical.
Verifying this certificate chain is expected to fail because there is an
unrecognized critical extension.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediary
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cf:51:a6:c4:9e:d4:eb:c4:eb:d6:57:2b:80:e5:
da:cd:db:3a:cf:b0:43:c5:18:9c:4e:b7:c4:9c:18:
73:e6:85:e6:00:00:76:25:9f:5d:8f:28:19:f2:05:
02:a9:5c:75:65:12:38:d7:7a:eb:e3:46:42:07:3d:
3b:c4:5d:32:7b:26:fb:1e:69:cb:36:ca:c2:da:2f:
b4:ec:e3:bf:5e:9a:d3:8a:6d:3e:f2:53:dc:da:40:
3c:fe:fd:02:36:32:f5:b2:17:bf:05:97:f0:3e:8b:
b7:15:a2:10:be:27:79:62:30:82:3e:57:60:60:13:
8e:fc:33:8e:72:cd:d9:d9:50:e9:62:04:8c:e4:db:
f8:cf:1b:da:a2:f7:ee:4c:b8:7f:b2:bf:92:c9:2c:
44:a7:b5:ad:b9:75:06:c0:24:5a:0b:44:ca:4f:af:
f6:2f:c2:00:12:bb:7b:0c:c4:54:47:f1:73:53:64:
72:40:9d:51:40:b3:21:73:ce:82:c5:f3:b7:14:ef:
31:50:5b:d5:0b:b7:92:0e:08:5c:ea:ed:73:86:e3:
b1:6d:63:7f:56:7d:74:3e:3b:90:8c:2f:a2:6e:65:
b9:4e:38:a3:54:fb:7b:de:69:6f:c0:57:ea:51:c0:
09:83:b4:a8:4d:ec:74:a6:ea:31:97:0c:9a:66:b7:
58:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:EB:AF:F5:F3:C7:53:ED:03:95:5A:DB:94:4A:E0:BF:C3:D2:CE:FA
X509v3 Authority Key Identifier:
keyid:21:32:55:0D:16:9C:AD:C4:16:5D:BE:40:67:0D:B6:40:4E:E2:75:60
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediary.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediary.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
17:7b:87:2f:11:ac:6d:68:03:d3:07:31:20:18:b7:d4:9d:98:
e4:aa:10:6d:f2:41:2f:3e:cf:1f:50:f9:f9:3f:6e:61:c2:b7:
dd:e0:f6:5a:d6:66:bb:2d:31:98:6a:12:0a:17:e8:a1:4e:cd:
fd:c4:ed:3e:01:a3:1c:ef:18:9e:fb:f8:46:c6:1b:ad:a4:ce:
ba:84:79:a6:84:f0:2c:84:d4:6c:3f:f9:ff:f8:66:f1:9b:82:
8c:83:c8:79:5b:bd:f0:dd:e0:e5:76:55:92:97:d2:46:64:ea:
3e:99:bc:9d:b8:8f:15:41:f8:3f:1b:c0:df:cd:d5:01:88:74:
37:8e:58:f8:ad:7d:75:70:59:98:cc:c4:bd:fc:b9:bd:f5:69:
fe:09:08:be:ea:e8:f3:ee:53:d8:05:4f:d5:d1:85:dc:7e:58:
64:cf:d4:41:c1:d0:ec:c4:2a:ca:ae:39:8e:57:63:e3:03:ff:
4f:d4:42:92:ec:ac:e8:f6:83:e5:51:0e:32:2c:6f:2d:15:72:
21:37:f0:18:77:3b:97:f5:71:84:1f:07:e0:76:b6:a0:f4:34:
16:b9:53:e2:4f:48:45:b6:7d:b3:0f:30:06:e6:89:89:a4:3f:
e8:4c:2a:9c:1f:9c:91:c9:66:4e:28:39:3d:5b:21:19:03:dc:
02:56:69:e9
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPUabE
ntTrxOvWVyuA5drN2zrPsEPFGJxOt8ScGHPmheYAAHYln12PKBnyBQKpXHVlEjjX
euvjRkIHPTvEXTJ7Jvseacs2ysLaL7Ts479emtOKbT7yU9zaQDz+/QI2MvWyF78F
l/A+i7cVohC+J3liMII+V2BgE478M45yzdnZUOliBIzk2/jPG9qi9+5MuH+yv5LJ
LESnta25dQbAJFoLRMpPr/YvwgASu3sMxFRH8XNTZHJAnVFAsyFzzoLF87cU7zFQ
W9ULt5IOCFzq7XOG47FtY39WfXQ+O5CML6JuZblOOKNU+3veaW/AV+pRwAmDtKhN
7HSm6jGXDJpmt1gPAgMBAAGjgekwgeYwHQYDVR0OBBYEFInrr/Xzx1PtA5Va25RK
4L/D0s76MB8GA1UdIwQYMBaAFCEyVQ0WnK3EFl2+QGcNtkBO4nVgMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAF3uHLxGsbWgD0wcxIBi3
1J2Y5KoQbfJBLz7PH1D5+T9uYcK33eD2WtZmuy0xmGoSChfooU7N/cTtPgGjHO8Y
nvv4RsYbraTOuoR5poTwLITUbD/5//hm8ZuCjIPIeVu98N3g5XZVkpfSRmTqPpm8
nbiPFUH4PxvA383VAYh0N45Y+K19dXBZmMzEvfy5vfVp/gkIvuro8+5T2AVP1dGF
3H5YZM/UQcHQ7MQqyq45jldj4wP/T9RCkuys6PaD5VEOMixvLRVyITfwGHc7l/Vx
hB8H4Ha2oPQ0FrlT4k9IRbZ9sw8wBuaJiaQ/6EwqnB+ckclmTig5PVshGQPcAlZp
6Q==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediary
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:80:3b:a7:4e:4e:fa:0a:39:4f:5b:5c:af:ba:
84:27:6a:8d:34:95:5e:91:93:c8:d0:1f:64:84:5f:
25:d9:3b:5d:f9:31:5f:4f:6f:04:be:50:35:09:5e:
78:f3:9a:15:b5:27:fa:24:70:04:26:29:08:95:a5:
dd:b1:ee:4f:ee:d8:a0:59:51:ab:75:70:c2:7b:42:
06:e2:4d:d7:91:ec:e5:e7:f8:34:1e:01:63:45:11:
6a:fe:45:3e:e7:16:59:86:e7:4b:91:67:ec:1f:c1:
13:a4:62:cb:f6:0d:9b:2b:e5:1e:df:c4:35:f3:94:
60:9b:99:e1:54:ce:ff:7d:92:f1:9d:d4:f6:0e:99:
8c:dc:7b:b1:95:54:04:6f:40:1c:23:42:50:ab:96:
f5:9e:93:27:f1:5c:e5:97:9c:c1:e4:ae:a8:cb:f9:
42:7e:14:02:e1:32:4b:4d:03:2d:2a:a6:7e:a1:77:
c3:4e:4e:46:18:1a:95:d7:0d:48:8d:a1:d3:bb:b7:
55:07:01:d9:c0:27:fd:f7:ec:61:3a:57:84:b6:91:
78:dc:a9:19:a6:d4:83:c5:57:67:bd:b7:a0:6a:ec:
7b:83:1e:d9:bf:2f:b7:bf:d6:ce:18:5a:54:cf:8b:
1a:fc:5a:03:63:bc:d2:3a:01:db:91:e0:ce:96:19:
55:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:32:55:0D:16:9C:AD:C4:16:5D:BE:40:67:0D:B6:40:4E:E2:75:60
X509v3 Authority Key Identifier:
keyid:BA:1F:26:2C:E0:77:F2:16:78:6D:83:49:A1:30:9E:B4:AB:10:6A:22
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
1.2.3.4: critical
....
Signature Algorithm: sha256WithRSAEncryption
02:57:1a:5a:82:9a:29:1e:39:b4:aa:c4:e3:04:2b:6f:1c:0a:
79:df:d3:f8:c9:9f:94:b6:c1:7e:e5:47:8d:35:72:e2:09:ce:
6f:61:f1:7e:93:f3:37:11:0d:c0:28:05:bc:8d:dc:f8:2a:22:
0e:dc:79:b9:71:99:38:f5:c2:81:ac:0b:47:c2:39:96:2e:2b:
35:0a:fe:80:fe:50:da:74:03:1c:4b:36:be:4b:23:70:4f:a1:
1f:c8:3b:9a:6b:92:3d:61:9b:67:9a:8b:ea:0b:b0:8c:aa:6a:
02:fd:27:6f:a8:be:8f:d0:78:f2:84:76:da:e2:c5:10:3c:9f:
61:c4:3f:50:8e:40:ac:d8:aa:87:b6:7c:da:42:c5:05:c0:82:
bc:9f:35:ae:22:34:32:11:71:ab:fd:27:af:ef:42:ec:cd:b7:
d1:66:14:5f:f1:e5:10:c2:1f:ac:e4:96:1f:a9:9c:5a:ad:97:
4d:90:40:df:cb:77:15:ba:d5:f4:76:94:9f:d6:c2:4f:53:60:
3b:c3:a3:9c:02:4d:03:28:32:58:3d:0f:62:36:a9:7b:70:d9:
f8:2b:05:cd:ca:c7:17:68:76:6b:cd:ad:7f:f1:65:a6:d1:be:
b7:4c:83:bb:0d:5d:98:6e:02:d3:b6:ea:82:b6:44:0d:a1:b2:
37:4b:a0:a3
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4A7p05O
+go5T1tcr7qEJ2qNNJVekZPI0B9khF8l2Ttd+TFfT28EvlA1CV5485oVtSf6JHAE
JikIlaXdse5P7tigWVGrdXDCe0IG4k3Xkezl5/g0HgFjRRFq/kU+5xZZhudLkWfs
H8ETpGLL9g2bK+Ue38Q185Rgm5nhVM7/fZLxndT2DpmM3HuxlVQEb0AcI0JQq5b1
npMn8Vzll5zB5K6oy/lCfhQC4TJLTQMtKqZ+oXfDTk5GGBqV1w1IjaHTu7dVBwHZ
wCf99+xhOleEtpF43KkZptSDxVdnvbegaux7gx7Zvy+3v9bOGFpUz4sa/FoDY7zS
OgHbkeDOlhlVGQIDAQABo4HbMIHYMB0GA1UdDgQWBBQhMlUNFpytxBZdvkBnDbZA
TuJ1YDAfBgNVHSMEGDAWgBS6HyYs4HfyFnhtg0mhMJ60qxBqIjA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDgYDKgMEAQH/BAQBAgMEMA0G
CSqGSIb3DQEBCwUAA4IBAQACVxpagpopHjm0qsTjBCtvHAp539P4yZ+UtsF+5UeN
NXLiCc5vYfF+k/M3EQ3AKAW8jdz4KiIO3Hm5cZk49cKBrAtHwjmWLis1Cv6A/lDa
dAMcSza+SyNwT6EfyDuaa5I9YZtnmovqC7CMqmoC/SdvqL6P0HjyhHba4sUQPJ9h
xD9QjkCs2KqHtnzaQsUFwIK8nzWuIjQyEXGr/Sev70LszbfRZhRf8eUQwh+s5JYf
qZxarZdNkEDfy3cVutX0dpSf1sJPU2A7w6OcAk0DKDJYPQ9iNql7cNn4KwXNyscX
aHZrza1/8WWm0b63TIO7DV2YbgLTtuqCtkQNobI3S6Cj
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9f:42:45:62:cb:c5:f3:07:65:8a:9b:4c:d4:91:
4a:66:e6:89:24:24:6f:91:3e:4a:50:63:42:47:e3:
67:10:71:ac:f3:81:82:3b:9f:56:7c:6a:36:a6:87:
be:d5:e6:03:4b:bb:d3:c8:90:6a:6b:1d:4c:16:a1:
c3:98:58:f7:39:de:90:27:df:40:c5:03:10:b2:b4:
1b:cb:28:5d:80:a4:83:60:f2:c0:ac:f5:1f:81:4d:
31:84:6f:04:96:7b:26:bf:b6:55:78:33:06:23:65:
1c:bc:65:ac:a3:31:27:49:38:ce:92:73:87:a7:b4:
53:4b:85:71:29:7a:f5:09:fc:03:9a:90:56:14:b1:
b7:89:03:c4:61:b6:49:fc:3d:30:62:84:a2:46:66:
22:37:32:fd:a3:62:bb:99:62:53:ca:fc:1f:e9:29:
c6:d4:8c:09:6f:02:d5:de:7c:de:12:d8:00:dd:df:
04:94:d4:36:b5:f6:d9:fe:a7:ff:46:e7:07:da:3e:
d0:e3:ea:90:4c:7c:b7:ff:bc:85:99:d5:1f:46:f5:
ac:57:e9:09:03:61:8c:0b:9d:a8:82:9c:17:43:27:
de:80:d2:59:e3:ca:ed:23:41:1a:32:48:83:ca:bd:
8e:cb:bf:9c:f0:03:7d:e0:41:ce:72:05:27:59:3c:
10:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:1F:26:2C:E0:77:F2:16:78:6D:83:49:A1:30:9E:B4:AB:10:6A:22
X509v3 Authority Key Identifier:
keyid:BA:1F:26:2C:E0:77:F2:16:78:6D:83:49:A1:30:9E:B4:AB:10:6A:22
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
70:b4:15:ff:b7:d9:b7:51:10:ce:fa:e5:61:0e:f6:c7:b6:d7:
be:59:ed:07:d5:77:95:e1:ef:3f:80:9e:99:d2:2c:1b:9a:a7:
35:1c:ec:84:9e:ce:27:52:3a:2c:00:06:4d:60:62:aa:4b:a7:
61:32:e3:64:f1:96:c7:d2:3f:fe:78:bc:f4:da:76:f9:44:d2:
9b:1a:94:1f:44:9a:49:c9:c0:1c:de:a9:63:d0:23:4a:c3:fb:
60:45:76:dd:12:ef:c1:95:4f:8e:bd:48:56:b8:f9:74:e2:5c:
ae:90:5a:19:9e:90:13:0b:97:ff:cd:a9:45:54:68:aa:fa:f6:
ea:3f:2e:fa:2a:40:48:42:cd:10:cc:c8:e6:a4:34:9d:8f:1c:
74:55:58:b2:99:cf:35:40:23:bf:90:5f:4c:60:30:5f:a0:b4:
d6:0f:4f:42:03:71:82:f7:d3:f5:72:bb:a8:cf:24:ab:10:7e:
c5:e1:84:a9:7e:25:b1:8a:80:db:ae:0e:49:f1:03:fb:11:1a:
63:58:42:7f:73:9b:f3:f8:d6:ae:81:0b:59:ca:98:ec:3d:9c:
85:6b:7d:70:e8:c2:04:47:f0:b6:7e:4a:96:70:c9:a8:11:b7:
23:54:55:d3:57:c3:7e:47:66:35:91:26:56:fd:37:14:35:a4:
6b:29:38:ee
-----BEGIN TRUSTED_CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ9CRWLLxfMHZYqbTNSR
SmbmiSQkb5E+SlBjQkfjZxBxrPOBgjufVnxqNqaHvtXmA0u708iQamsdTBahw5hY
9znekCffQMUDELK0G8soXYCkg2DywKz1H4FNMYRvBJZ7Jr+2VXgzBiNlHLxlrKMx
J0k4zpJzh6e0U0uFcSl69Qn8A5qQVhSxt4kDxGG2Sfw9MGKEokZmIjcy/aNiu5li
U8r8H+kpxtSMCW8C1d583hLYAN3fBJTUNrX22f6n/0bnB9o+0OPqkEx8t/+8hZnV
H0b1rFfpCQNhjAudqIKcF0Mn3oDSWePK7SNBGjJIg8q9jsu/nPADfeBBznIFJ1k8
EFsCAwEAAaOByzCByDAdBgNVHQ4EFgQUuh8mLOB38hZ4bYNJoTCetKsQaiIwHwYD
VR0jBBgwFoAUuh8mLOB38hZ4bYNJoTCetKsQaiIwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBwtBX/t9m3
URDO+uVhDvbHtte+We0H1XeV4e8/gJ6Z0iwbmqc1HOyEns4nUjosAAZNYGKqS6dh
MuNk8ZbH0j/+eLz02nb5RNKbGpQfRJpJycAc3qlj0CNKw/tgRXbdEu/BlU+OvUhW
uPl04lyukFoZnpATC5f/zalFVGiq+vbqPy76KkBIQs0QzMjmpDSdjxx0VViymc81
QCO/kF9MYDBfoLTWD09CA3GC99P1cruozySrEH7F4YSpfiWxioDbrg5J8QP7ERpj
WEJ/c5vz+NaugQtZypjsPZyFa31w6MIER/C2fkqWcMmoEbcjVFXTV8N+R2Y1kSZW
/TcUNaRrKTju
-----END TRUSTED_CERTIFICATE-----
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----