| [Created by: generate-intermediary-unknown-non-critical-extension.py] |
| |
| Certificate chain with 1 intermediary and a trusted root. The intermediary |
| has an unknown X.509v3 extension that is marked as non-critical. Verification |
| is expected to succeed because although unrecognized, the extension is not |
| critical. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediary |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:e2:f4:a3:48:79:59:87:08:4d:c1:84:b4:97:67: |
| 5d:f6:24:2b:74:f1:f0:1a:13:e0:a5:28:30:1f:c6: |
| 04:fc:ce:9b:73:4a:95:1f:56:a0:9d:26:07:97:8f: |
| 7c:06:c7:a2:fb:5f:85:41:d3:bd:50:83:61:72:5e: |
| a0:f9:e1:39:c6:ae:77:05:8c:f7:8e:6f:ae:5d:14: |
| 69:97:12:4a:c7:40:de:e7:ab:7a:83:9b:b3:e8:15: |
| 90:ab:52:3a:ee:c4:36:9b:58:eb:51:c3:1d:c5:c8: |
| eb:f7:65:e9:15:56:93:e4:55:37:97:29:f1:88:da: |
| fc:1c:53:5f:24:07:f9:3e:14:86:b3:50:c6:94:06: |
| 8e:b1:b1:ab:32:d4:f3:98:ee:f8:42:ed:65:43:36: |
| bb:4f:59:a0:4d:77:a5:9e:a9:c2:40:40:df:cc:3c: |
| d7:dc:56:bd:d4:2c:fe:b5:20:d6:a8:74:cd:99:4f: |
| bf:eb:71:0b:20:95:f2:c3:21:92:42:d7:e6:ff:5b: |
| 87:0b:c2:89:5c:e7:d6:30:77:cd:8d:c7:92:0d:74: |
| 6f:88:d6:81:49:e8:f6:25:de:6d:51:3e:db:cd:e4: |
| 91:99:98:5a:ff:7a:61:46:da:7a:ec:9b:22:a5:5f: |
| 16:6e:cd:7a:ec:3b:b0:aa:1b:af:65:a6:3a:85:fc: |
| a6:e9 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 82:EC:E0:87:C2:A2:2A:EF:4B:E0:B5:F8:75:6A:18:32:51:B4:0D:54 |
| X509v3 Authority Key Identifier: |
| keyid:60:BD:98:38:CE:C3:01:40:CA:86:14:C7:F4:E4:D5:72:BA:ED:80:31 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediary.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediary.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 89:1e:64:8c:61:b5:87:aa:76:6d:f6:ef:87:b6:ca:3b:0f:47: |
| a9:bb:9a:91:7f:7a:d8:65:e9:c7:b1:1a:ea:13:fb:9c:79:5e: |
| df:33:f5:d9:bc:f1:f8:89:bc:59:31:27:c2:2d:3e:47:e9:13: |
| 27:65:c8:cb:ba:e1:da:51:60:7a:93:aa:28:92:d5:81:89:09: |
| b7:22:e7:4b:4f:82:0e:fb:2f:62:19:b4:ea:f5:47:34:fd:60: |
| 7e:4c:e6:be:08:8e:f8:fd:89:62:ff:97:89:27:69:37:7f:e3: |
| 76:ea:72:30:ca:de:73:bb:c7:65:1c:6d:5e:ab:f8:ba:da:57: |
| 7d:28:1f:6a:64:76:aa:89:6b:ac:57:a3:e9:e2:c1:ca:f8:4b: |
| 7c:0b:21:57:cc:71:c8:9b:7f:25:8f:09:61:6e:5c:a8:9b:0b: |
| 79:98:7a:1e:82:95:22:fd:9e:9c:cd:20:73:0d:0e:d9:21:cb: |
| 67:3d:e9:1e:24:ae:4f:84:1f:de:3e:27:ee:54:41:66:71:9c: |
| b6:6b:08:7a:16:e7:c1:c7:7a:71:24:ed:c0:2a:d9:fd:2b:ff: |
| e6:41:c9:63:93:90:52:35:21:4a:72:be:f9:9c:27:49:0d:b7: |
| 01:af:cb:5f:53:ee:ef:58:69:16:ba:e6:5b:12:45:e0:d4:3d: |
| ea:58:fe:a5 |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi9KNI |
| eVmHCE3BhLSXZ132JCt08fAaE+ClKDAfxgT8zptzSpUfVqCdJgeXj3wGx6L7X4VB |
| 071Qg2FyXqD54TnGrncFjPeOb65dFGmXEkrHQN7nq3qDm7PoFZCrUjruxDabWOtR |
| wx3FyOv3ZekVVpPkVTeXKfGI2vwcU18kB/k+FIazUMaUBo6xsasy1POY7vhC7WVD |
| NrtPWaBNd6WeqcJAQN/MPNfcVr3ULP61INaodM2ZT7/rcQsglfLDIZJC1+b/W4cL |
| wolc59Ywd82Nx5INdG+I1oFJ6PYl3m1RPtvN5JGZmFr/emFG2nrsmyKlXxZuzXrs |
| O7CqG69lpjqF/KbpAgMBAAGjgekwgeYwHQYDVR0OBBYEFILs4IfCoirvS+C1+HVq |
| GDJRtA1UMB8GA1UdIwQYMBaAFGC9mDjOwwFAyoYUx/Tk1XK67YAxMD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAiR5kjGG1h6p2bfbvh7bK |
| Ow9HqbuakX962GXpx7Ea6hP7nHle3zP12bzx+Im8WTEnwi0+R+kTJ2XIy7rh2lFg |
| epOqKJLVgYkJtyLnS0+CDvsvYhm06vVHNP1gfkzmvgiO+P2JYv+XiSdpN3/jdupy |
| MMrec7vHZRxtXqv4utpXfSgfamR2qolrrFej6eLByvhLfAshV8xxyJt/JY8JYW5c |
| qJsLeZh6HoKVIv2enM0gcw0O2SHLZz3pHiSuT4Qf3j4n7lRBZnGctmsIehbnwcd6 |
| cSTtwCrZ/Sv/5kHJY5OQUjUhSnK++ZwnSQ23Aa/LX1Pu71hpFrrmWxJF4NQ96lj+ |
| pQ== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediary |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:de:7c:cd:1c:92:c3:9a:ff:be:f3:03:37:c7:6a: |
| 3a:d4:ac:56:50:3a:b1:17:0d:73:09:ef:d9:16:4b: |
| 38:de:a4:82:46:61:a8:ed:f8:b9:a0:21:7e:3c:26: |
| f6:a8:c5:d3:34:99:9c:58:c6:e1:de:f6:1c:eb:49: |
| a3:34:65:71:29:95:3a:2e:b4:5f:33:dd:2a:0b:5f: |
| 7a:e0:47:3f:bc:00:15:a1:24:26:9f:c6:c7:d7:eb: |
| e3:f3:37:19:d5:30:48:f2:7d:c5:77:11:cc:cc:17: |
| 7e:91:c4:20:f8:a6:c3:28:00:ec:23:53:40:7b:0e: |
| dc:14:6e:57:a5:ca:52:9f:2b:3b:34:ea:e4:ae:5c: |
| ed:b4:8d:25:9a:08:00:26:d0:e4:34:d2:94:36:8c: |
| e1:df:ef:31:f8:18:5b:ed:80:57:44:77:94:a2:fa: |
| ae:5c:e0:ea:e1:30:e3:24:03:da:7c:5b:66:90:c7: |
| 01:f1:f8:8d:ca:bc:d7:e3:25:35:28:3c:f6:f4:83: |
| 13:2a:73:d0:f7:c2:69:11:b1:ed:43:6d:71:28:7e: |
| 43:8d:f5:f0:78:e2:5a:31:39:38:ae:92:05:29:e0: |
| 1f:04:6f:9d:a0:a1:b4:29:80:af:87:1c:0c:e5:7d: |
| 6d:11:59:63:43:af:7f:a4:32:fa:0a:d1:7e:88:86: |
| cd:61 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 60:BD:98:38:CE:C3:01:40:CA:86:14:C7:F4:E4:D5:72:BA:ED:80:31 |
| X509v3 Authority Key Identifier: |
| keyid:B2:41:26:7A:EF:3A:C9:BF:FE:6A:E7:7F:04:60:B0:34:62:08:E3:93 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| 1.2.3.4: |
| .... |
| Signature Algorithm: sha256WithRSAEncryption |
| 68:5c:74:6c:fd:93:14:86:9f:d9:3a:4b:67:1d:6e:2b:78:2f: |
| 89:b4:b0:76:ac:3f:aa:ea:4a:ea:42:04:40:96:09:1a:b7:b7: |
| 01:93:fb:55:0d:44:30:0e:16:b3:e8:bb:b2:77:17:79:93:37: |
| 17:b5:62:c9:5b:15:76:90:2d:74:3d:1f:7e:59:61:59:e2:61: |
| 81:18:46:6b:94:42:be:be:d3:1e:37:16:68:49:db:9e:f0:f1: |
| 24:bb:e0:00:e0:57:e0:27:3f:59:e9:a8:92:31:80:2a:7a:cc: |
| b1:47:5b:8d:3b:55:f5:5a:f0:9a:56:90:1a:8e:d2:ab:51:e2: |
| 15:ca:9f:cb:a9:ec:10:f1:5d:58:72:84:75:63:bd:a7:7c:bf: |
| 5b:80:65:d6:97:77:e2:8a:89:8a:ea:5b:1f:da:55:5e:7b:33: |
| 37:e2:60:09:02:13:89:a3:ca:0f:bf:17:8e:47:fb:c1:8d:a8: |
| fb:9f:20:64:a6:a4:a0:86:da:fa:7f:6a:e1:50:10:41:9b:21: |
| e6:8e:9f:29:9c:cc:0b:83:a3:65:47:2a:15:8b:47:6a:48:89: |
| e4:2c:97:d7:81:51:bb:bb:e0:db:22:e2:be:bf:53:63:26:77: |
| 08:c3:b6:04:c7:9b:9c:03:91:00:63:bd:70:cb:e2:6c:c8:a7: |
| 2c:5b:f6:28 |
| -----BEGIN CERTIFICATE----- |
| MIIDejCCAmKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nzNHJLD |
| mv++8wM3x2o61KxWUDqxFw1zCe/ZFks43qSCRmGo7fi5oCF+PCb2qMXTNJmcWMbh |
| 3vYc60mjNGVxKZU6LrRfM90qC1964Ec/vAAVoSQmn8bH1+vj8zcZ1TBI8n3FdxHM |
| zBd+kcQg+KbDKADsI1NAew7cFG5XpcpSnys7NOrkrlzttI0lmggAJtDkNNKUNozh |
| 3+8x+Bhb7YBXRHeUovquXODq4TDjJAPafFtmkMcB8fiNyrzX4yU1KDz29IMTKnPQ |
| 98JpEbHtQ21xKH5DjfXweOJaMTk4rpIFKeAfBG+doKG0KYCvhxwM5X1tEVljQ69/ |
| pDL6CtF+iIbNYQIDAQABo4HYMIHVMB0GA1UdDgQWBBRgvZg4zsMBQMqGFMf05NVy |
| uu2AMTAfBgNVHSMEGDAWgBSyQSZ67zrJv/5q538EYLA0YgjjkzA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCwYDKgMEBAQBAgMEMA0GCSqG |
| SIb3DQEBCwUAA4IBAQBoXHRs/ZMUhp/ZOktnHW4reC+JtLB2rD+q6krqQgRAlgka |
| t7cBk/tVDUQwDhaz6Luydxd5kzcXtWLJWxV2kC10PR9+WWFZ4mGBGEZrlEK+vtMe |
| NxZoSdue8PEku+AA4FfgJz9Z6aiSMYAqesyxR1uNO1X1WvCaVpAajtKrUeIVyp/L |
| qewQ8V1YcoR1Y72nfL9bgGXWl3fiiomK6lsf2lVeezM34mAJAhOJo8oPvxeOR/vB |
| jaj7nyBkpqSghtr6f2rhUBBBmyHmjp8pnMwLg6NlRyoVi0dqSInkLJfXgVG7u+Db |
| IuK+v1NjJncIw7YEx5ucA5EAY71wy+JsyKcsW/Yo |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:a8:e9:07:4a:9e:20:9a:c5:14:9a:16:49:17:bf: |
| 0b:c1:7d:b6:91:54:cd:60:e6:df:bf:81:e1:bb:24: |
| 47:df:ea:c8:27:93:bb:49:b7:b7:e6:48:ff:11:43: |
| c1:8d:cb:54:f8:0d:49:05:e7:4b:a9:0d:cb:79:b8: |
| 49:26:6b:1c:ad:7d:2c:e5:a3:0a:1b:ad:99:9c:d4: |
| c2:d6:2c:de:ae:74:42:b7:06:ca:e0:57:06:e6:46: |
| 5a:80:70:6f:f7:0c:76:c5:8f:de:cc:35:85:bf:f5: |
| 79:29:63:79:22:fd:c0:48:1e:a0:4f:86:6b:2f:07: |
| 72:55:1f:96:dc:81:c7:19:8d:bf:7f:56:21:fc:05: |
| 6e:1a:3d:6d:f2:a7:37:6f:8d:c9:f5:5e:79:3a:89: |
| 6b:b5:6b:d4:14:eb:c4:de:3d:68:8c:e6:f8:96:e3: |
| b3:cb:73:09:6a:d1:8d:46:9e:c6:9f:1d:01:30:69: |
| ea:a4:2a:3c:90:fe:40:92:9d:61:81:88:96:67:cb: |
| ae:4c:f5:3d:31:37:8b:31:0a:a0:cf:87:80:f7:50: |
| eb:93:32:bf:64:13:3e:0a:d8:98:80:4b:b7:b1:a9: |
| 87:fe:b8:d3:d2:3b:a2:7d:20:cb:ff:6b:4e:67:88: |
| 52:03:4c:a2:2a:81:0d:63:4e:d0:f8:2e:f6:38:c9: |
| 9b:03 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| B2:41:26:7A:EF:3A:C9:BF:FE:6A:E7:7F:04:60:B0:34:62:08:E3:93 |
| X509v3 Authority Key Identifier: |
| keyid:B2:41:26:7A:EF:3A:C9:BF:FE:6A:E7:7F:04:60:B0:34:62:08:E3:93 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 91:be:af:fa:3e:50:a9:b4:7e:d5:c6:a9:91:2f:d3:63:11:bc: |
| 07:35:35:31:76:8e:69:e4:39:7d:82:65:be:6b:b0:9e:42:ce: |
| 0c:02:5a:0d:73:93:ce:89:c1:c7:27:cb:19:26:a0:77:85:53: |
| b5:1e:a8:60:9f:0c:b9:b4:fa:34:9f:4f:3a:0e:d6:ab:d3:a6: |
| 47:32:d8:ec:c9:80:90:2e:7c:fa:5f:16:96:f6:ba:fd:13:10: |
| 73:ec:3e:b0:3c:f5:7a:e1:8f:e3:32:59:d2:f1:3c:36:8c:92: |
| 21:a1:29:21:39:1c:08:b1:f6:85:35:ab:36:97:56:fc:4c:85: |
| 11:bc:69:72:05:f6:21:b8:85:bb:1e:cf:69:1a:3c:98:dd:93: |
| 58:53:e0:f1:ce:d0:2a:68:d9:b3:b9:26:71:d9:61:01:a8:cd: |
| bb:53:48:06:a5:c4:3f:d6:3b:aa:01:4d:01:fc:f2:79:96:a9: |
| 13:d3:ba:25:2c:2a:3d:e5:bd:e1:f7:ae:f9:3a:ea:59:77:8c: |
| 27:3c:f5:a4:01:f8:08:97:1b:28:1a:81:cb:ce:36:6b:2f:1e: |
| 41:05:f6:d6:d9:4d:84:87:16:61:e4:34:4c:06:7e:a8:2b:2b: |
| b5:a1:93:de:ca:52:f7:74:d9:ce:f7:f7:2b:0f:5d:f8:b6:9f: |
| 93:34:b2:00 |
| -----BEGIN TRUSTED_CERTIFICATE----- |
| MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjpB0qeIJrFFJoWSRe/ |
| C8F9tpFUzWDm37+B4bskR9/qyCeTu0m3t+ZI/xFDwY3LVPgNSQXnS6kNy3m4SSZr |
| HK19LOWjChutmZzUwtYs3q50QrcGyuBXBuZGWoBwb/cMdsWP3sw1hb/1eSljeSL9 |
| wEgeoE+Gay8HclUfltyBxxmNv39WIfwFbho9bfKnN2+NyfVeeTqJa7Vr1BTrxN49 |
| aIzm+Jbjs8tzCWrRjUaexp8dATBp6qQqPJD+QJKdYYGIlmfLrkz1PTE3izEKoM+H |
| gPdQ65Myv2QTPgrYmIBLt7Gph/6409I7on0gy/9rTmeIUgNMoiqBDWNO0Pgu9jjJ |
| mwMCAwEAAaOByzCByDAdBgNVHQ4EFgQUskEmeu86yb/+aud/BGCwNGII45MwHwYD |
| VR0jBBgwFoAUskEmeu86yb/+aud/BGCwNGII45MwNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCRvq/6PlCp |
| tH7VxqmRL9NjEbwHNTUxdo5p5Dl9gmW+a7CeQs4MAloNc5POicHHJ8sZJqB3hVO1 |
| Hqhgnwy5tPo0n086Dtar06ZHMtjsyYCQLnz6XxaW9rr9ExBz7D6wPPV64Y/jMlnS |
| 8Tw2jJIhoSkhORwIsfaFNas2l1b8TIURvGlyBfYhuIW7Hs9pGjyY3ZNYU+DxztAq |
| aNmzuSZx2WEBqM27U0gGpcQ/1juqAU0B/PJ5lqkT07olLCo95b3h9675OupZd4wn |
| PPWkAfgIlxsoGoHLzjZrLx5BBfbW2U2EhxZh5DRMBn6oKyu1oZPeylL3dNnO9/cr |
| D134tp+TNLIA |
| -----END TRUSTED_CERTIFICATE----- |
| |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| -----BEGIN VERIFY_RESULT----- |
| U1VDQ0VTUw== |
| -----END VERIFY_RESULT----- |