blob: 11dddad4fe45c4d0b93db1d904dc3dc4e4b0a948 [file] [log] [blame]
[Created by: ./generate-non-self-signed-root.py]
Certificate chain with 1 intermediary and a trusted root. The trusted root
is NOT self signed, however its issuer is not included in the chain or root
store. Verification is expected to succeed since the root is trusted.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediary
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c2:27:87:8d:77:16:37:79:6a:b5:5d:e7:ee:9f:
a4:5e:f6:f3:9e:a0:f9:9c:05:1a:5f:67:d8:72:c7:
89:73:a5:21:d5:d6:df:39:0d:f7:e7:cb:1e:82:ec:
ae:15:ee:5a:bf:57:12:29:b2:44:8b:40:4b:d6:ea:
a5:34:05:34:5f:37:2e:32:c0:ed:6a:0c:21:ac:c5:
16:80:61:96:e1:82:e3:15:62:34:23:0a:de:ca:ee:
43:f8:3a:e7:42:5f:3a:79:f4:bc:cf:e7:da:c4:3a:
d6:d0:5f:bf:13:58:e7:69:0f:bc:38:7c:05:82:a9:
92:b8:eb:f5:fb:2a:53:ef:5d:12:5e:dc:55:12:b1:
66:67:3f:7c:00:89:b9:50:ea:9c:7f:90:48:02:40:
b3:f5:98:0d:73:ca:d8:f7:3d:0b:48:fe:99:12:90:
92:37:93:34:5b:75:60:1c:16:c2:98:ec:2f:9a:f8:
e3:1f:8d:56:ea:c6:35:14:67:66:21:e5:83:69:59:
ce:c3:a6:f5:1e:94:e8:14:ce:73:83:52:af:ed:df:
63:58:d2:45:07:87:18:ec:7c:11:85:c8:22:b8:ff:
b2:6d:05:2c:70:86:d1:5b:f9:8a:94:22:73:58:f1:
9e:b2:4f:ea:50:7e:7c:db:2e:6a:ab:bc:b5:73:b5:
49:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:2F:1A:F2:F7:59:E8:BE:B9:20:D5:71:5F:D3:A1:CA:FB:88:4B:65
X509v3 Authority Key Identifier:
keyid:A5:03:4B:C2:60:A5:9F:86:00:2A:8E:36:33:89:B2:7B:17:24:C2:BC
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediary.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediary.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
12:45:9a:a3:e1:5b:0d:8f:1c:b7:39:60:63:7a:e0:fd:34:46:
7e:44:1b:32:44:c7:7f:03:fb:94:68:a2:6b:a1:7f:06:c2:60:
8d:be:65:fc:a3:45:f9:15:2c:17:16:25:98:03:a2:85:88:b6:
4b:4d:86:26:ae:8a:0b:43:46:cd:cc:a3:28:5f:44:3c:92:8a:
ae:f3:de:02:93:1b:b7:a3:8e:6e:79:d5:a0:09:d2:c4:65:ff:
1b:f5:80:16:66:20:c7:1d:0c:af:32:ff:ec:f6:a4:0f:53:79:
41:0c:b6:57:9f:b9:1b:81:9c:56:29:3e:62:f6:f5:75:9f:97:
ff:0a:9f:5c:c8:58:f5:d0:e7:ad:c1:4b:ba:62:c1:a3:c6:59:
9a:01:11:46:40:c1:54:b6:23:ae:33:58:f9:05:6b:f2:32:0d:
09:2e:5f:ff:74:c5:7d:ce:c9:96:a5:8d:ba:4c:d7:49:3c:8b:
13:73:36:05:12:56:bf:f8:ad:b5:7a:0a:82:ca:bc:b4:00:d2:
9f:39:88:2b:b8:d0:c0:49:8a:f6:3a:e3:3e:3e:fe:b4:4e:20:
1e:60:e8:cb:4d:18:80:94:26:47:bf:be:49:8a:2d:e2:41:4a:
cd:c3:7e:23:82:90:ba:43:a6:8b:7e:b3:57:f8:ec:59:3c:97:
38:52:a0:0d
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCJ4eN
dxY3eWq1Xefun6Re9vOeoPmcBRpfZ9hyx4lzpSHV1t85Dffnyx6C7K4V7lq/VxIp
skSLQEvW6qU0BTRfNy4ywO1qDCGsxRaAYZbhguMVYjQjCt7K7kP4OudCXzp59LzP
59rEOtbQX78TWOdpD7w4fAWCqZK46/X7KlPvXRJe3FUSsWZnP3wAiblQ6px/kEgC
QLP1mA1zytj3PQtI/pkSkJI3kzRbdWAcFsKY7C+a+OMfjVbqxjUUZ2Yh5YNpWc7D
pvUelOgUznODUq/t32NY0kUHhxjsfBGFyCK4/7JtBSxwhtFb+YqUInNY8Z6yT+pQ
fnzbLmqrvLVztUk/AgMBAAGjgekwgeYwHQYDVR0OBBYEFAsvGvL3Wei+uSDVcV/T
ocr7iEtlMB8GA1UdIwQYMBaAFKUDS8JgpZ+GACqONjOJsnsXJMK8MD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAEkWao+FbDY8ctzlgY3rg
/TRGfkQbMkTHfwP7lGiia6F/BsJgjb5l/KNF+RUsFxYlmAOihYi2S02GJq6KC0NG
zcyjKF9EPJKKrvPeApMbt6OObnnVoAnSxGX/G/WAFmYgxx0MrzL/7PakD1N5QQy2
V5+5G4GcVik+Yvb1dZ+X/wqfXMhY9dDnrcFLumLBo8ZZmgERRkDBVLYjrjNY+QVr
8jINCS5f/3TFfc7JlqWNukzXSTyLE3M2BRJWv/ittXoKgsq8tADSnzmIK7jQwEmK
9jrjPj7+tE4gHmDoy00YgJQmR7++SYot4kFKzcN+I4KQukOmi36zV/jsWTyXOFKg
DQ==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediary
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b0:65:a4:4b:a6:56:90:82:42:cf:e8:65:86:d1:
96:7f:13:8d:b9:46:5a:16:ce:c2:fa:0d:52:ae:93:
62:dc:72:05:a2:31:b7:29:88:77:31:c3:2e:3f:4d:
17:16:08:3a:96:d2:49:1b:bf:0f:a0:56:ac:d2:5a:
b8:ff:e3:46:f1:56:83:c3:72:32:8a:7d:f6:55:a5:
05:8a:68:ca:2e:9b:2a:80:63:4d:fd:46:f2:9f:c9:
95:43:06:79:c4:88:78:b3:73:fb:05:0c:4f:57:75:
9c:ef:eb:9f:b3:5e:65:b6:b3:b1:b7:8d:1c:c4:d9:
03:76:72:4f:b8:4f:dc:36:19:4c:62:d8:0c:e4:c1:
9b:9f:0c:3e:e2:54:69:f5:a6:53:a1:16:88:be:ee:
a8:3e:20:28:3d:a9:3c:12:41:cc:91:ca:b7:fc:d7:
15:d3:1c:63:9e:7b:1d:c4:b4:08:65:2e:bc:b5:61:
b8:84:de:3b:69:05:9c:52:6e:60:d1:79:17:36:69:
06:21:ed:43:07:bf:21:28:0a:6b:48:79:53:21:da:
02:07:79:b6:30:4c:f2:6f:9f:30:55:a2:20:ae:cf:
8c:ac:c6:b0:30:b0:01:80:83:ed:b0:5a:9b:92:35:
d9:7d:51:c5:f5:76:1e:c5:53:c1:33:71:41:35:40:
55:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:03:4B:C2:60:A5:9F:86:00:2A:8E:36:33:89:B2:7B:17:24:C2:BC
X509v3 Authority Key Identifier:
keyid:D4:83:FC:D5:EF:E0:C4:8E:32:6D:A2:30:65:12:B4:CD:3A:B2:95:88
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
67:ed:d6:55:16:b2:0d:af:79:6e:53:48:70:4c:93:be:5e:ed:
50:ea:d7:92:e4:7c:6c:78:05:0c:00:90:15:de:10:18:e5:cc:
50:24:23:e6:3e:5f:b0:f4:6f:f9:74:44:db:38:d1:45:c5:84:
59:58:cc:b6:f9:e9:1f:ed:41:e8:b9:aa:4b:d8:6e:88:76:d9:
2f:44:bf:5d:4f:6e:72:8f:b8:35:d3:e6:a3:a2:ef:3d:e6:f3:
be:90:73:a8:80:ed:72:bb:ac:20:96:38:c6:3f:d1:fe:64:3e:
1a:ce:21:65:cd:1f:28:54:4a:fb:44:dc:43:cc:b4:61:dd:58:
83:1b:08:0c:31:f6:bc:bf:02:99:45:16:88:84:68:91:13:aa:
af:f6:6d:4e:8d:dd:26:1d:3a:35:ab:75:7e:f7:64:62:8c:b7:
34:f9:5b:73:9b:e9:40:12:1c:f2:32:b9:e0:8c:86:fc:f2:b0:
33:6d:56:f2:a0:f7:9c:ea:d7:45:41:8d:de:49:26:90:45:32:
35:cf:e2:ce:43:b0:af:28:35:6a:0f:86:87:2b:57:eb:88:92:
89:7a:9d:b5:f3:3c:46:11:56:2e:fc:73:32:56:a9:4b:c1:87:
f7:f8:46:d5:5d:ad:b2:e7:a2:88:5d:7d:b5:68:b4:ea:a7:1f:
35:1d:f9:a6
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGWkS6ZW
kIJCz+hlhtGWfxONuUZaFs7C+g1SrpNi3HIFojG3KYh3McMuP00XFgg6ltJJG78P
oFas0lq4/+NG8VaDw3Iyin32VaUFimjKLpsqgGNN/Ubyn8mVQwZ5xIh4s3P7BQxP
V3Wc7+ufs15ltrOxt40cxNkDdnJPuE/cNhlMYtgM5MGbnww+4lRp9aZToRaIvu6o
PiAoPak8EkHMkcq3/NcV0xxjnnsdxLQIZS68tWG4hN47aQWcUm5g0XkXNmkGIe1D
B78hKAprSHlTIdoCB3m2MEzyb58wVaIgrs+MrMawMLABgIPtsFqbkjXZfVHF9XYe
xVPBM3FBNUBV1wIDAQABo4HLMIHIMB0GA1UdDgQWBBSlA0vCYKWfhgAqjjYzibJ7
FyTCvDAfBgNVHSMEGDAWgBTUg/zV7+DEjjJtojBlErTNOrKViDA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AGft1lUWsg2veW5TSHBMk75e7VDq15LkfGx4BQwAkBXeEBjlzFAkI+Y+X7D0b/l0
RNs40UXFhFlYzLb56R/tQei5qkvYboh22S9Ev11PbnKPuDXT5qOi7z3m876Qc6iA
7XK7rCCWOMY/0f5kPhrOIWXNHyhUSvtE3EPMtGHdWIMbCAwx9ry/AplFFoiEaJET
qq/2bU6N3SYdOjWrdX73ZGKMtzT5W3Ob6UASHPIyueCMhvzysDNtVvKg95zq10VB
jd5JJpBFMjXP4s5DsK8oNWoPhocrV+uIkol6nbXzPEYRVi78czJWqUvBh/f4RtVd
rbLnoohdfbVotOqnHzUd+aY=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ShadowRoot
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a6:37:9c:ac:42:96:1c:fb:44:86:df:16:85:d2:
de:49:73:74:b8:5b:3e:8c:34:4b:42:57:7e:7a:9a:
fd:cf:7f:03:c7:39:22:02:3f:44:1b:62:4b:4a:1b:
9b:d8:8e:7b:a5:b5:92:39:a1:03:bc:3c:1a:1f:5f:
36:54:9d:b4:6d:98:c2:24:a9:fd:f7:6e:8e:41:18:
e1:9b:ae:ef:61:98:5f:91:53:f0:8a:8e:d4:18:cf:
4f:dd:ff:75:01:16:10:f1:76:10:28:ba:70:96:8b:
b7:ac:df:17:68:61:03:56:77:e5:bd:04:58:d8:44:
d6:65:21:97:28:46:5d:a3:62:6d:3d:a1:03:6d:da:
f7:46:f5:76:5c:1a:cd:19:b4:25:cd:17:d7:0e:ac:
6a:3c:d1:35:a0:20:cc:5e:62:7b:e1:11:d6:92:09:
34:3e:1d:d7:d5:27:b9:3b:5b:42:1e:11:f4:1a:2f:
de:93:81:2f:6b:d1:9f:40:9f:d7:8e:7c:9b:37:7b:
d8:3f:ba:e3:00:d7:f7:3c:20:0e:81:b4:df:cc:46:
3c:10:0d:04:8a:b5:ef:ba:e7:ec:7e:0b:98:a1:18:
fb:39:db:2c:76:ae:1b:91:94:22:f4:35:b0:1a:73:
4d:7b:eb:c5:b3:80:80:74:90:79:b9:2f:fd:35:39:
02:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:83:FC:D5:EF:E0:C4:8E:32:6D:A2:30:65:12:B4:CD:3A:B2:95:88
X509v3 Authority Key Identifier:
keyid:EE:5C:5F:80:3F:59:C4:A6:5B:70:C2:1C:BA:E4:5D:40:F9:E9:60:8D
Authority Information Access:
CA Issuers - URI:http://url-for-aia/ShadowRoot.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/ShadowRoot.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
8c:2a:1f:ee:90:15:b8:41:8b:cc:b4:45:2b:6f:5b:9e:49:f7:
a1:9f:9e:2a:ce:8a:c3:ae:57:95:62:b5:f2:c9:a4:6a:57:49:
39:00:32:c4:23:4c:b8:15:21:4a:8f:0a:83:98:d8:ba:83:dc:
da:88:4c:7e:60:21:1a:ed:75:6d:5e:5d:83:90:e0:71:23:13:
4f:2d:94:c0:fb:91:7f:b6:59:41:d6:b3:3e:42:ef:31:02:23:
18:a6:d2:9b:00:c6:8c:5a:3d:2c:cb:5e:dc:53:69:ac:71:b8:
68:90:62:5a:ba:2f:1f:20:9d:77:f3:b0:aa:2e:52:61:a5:60:
53:5b:5c:ab:c9:56:7e:01:4c:bf:26:ab:13:47:c1:28:72:13:
a5:d8:b8:4c:65:09:9f:7f:a1:67:93:fc:0d:71:a3:4c:1d:3f:
95:9c:4a:28:8d:52:0d:48:fe:34:04:c2:d2:80:61:86:1c:e6:
18:cd:bb:62:ca:d2:e6:76:a8:f3:14:e3:41:75:5d:3b:e7:5a:
29:6c:6e:2c:bc:53:6f:39:e8:82:ab:73:d1:d5:b9:d3:f8:30:
5c:d7:19:d3:49:11:25:7c:01:3a:2a:a6:7f:19:b3:08:bf:0f:
dc:4f:7b:fa:5b:20:b8:7e:eb:ea:8f:0a:56:c4:16:cd:e1:2b:
a2:bb:66:f0
-----BEGIN TRUSTED_CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApTaGFk
b3dSb290MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UE
AwwEUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKY3nKxClhz7
RIbfFoXS3klzdLhbPow0S0JXfnqa/c9/A8c5IgI/RBtiS0obm9iOe6W1kjmhA7w8
Gh9fNlSdtG2YwiSp/fdujkEY4Zuu72GYX5FT8IqO1BjPT93/dQEWEPF2ECi6cJaL
t6zfF2hhA1Z35b0EWNhE1mUhlyhGXaNibT2hA23a90b1dlwazRm0Jc0X1w6sajzR
NaAgzF5ie+ER1pIJND4d19UnuTtbQh4R9Bov3pOBL2vRn0Cf1458mzd72D+64wDX
9zwgDoG038xGPBANBIq177rn7H4LmKEY+znbLHauG5GUIvQ1sBpzTXvrxbOAgHSQ
ebkv/TU5Aq0CAwEAAaOB1zCB1DAdBgNVHQ4EFgQU1IP81e/gxI4ybaIwZRK0zTqy
lYgwHwYDVR0jBBgwFoAU7lxfgD9ZxKZbcMIcuuRdQPnpYI0wPQYIKwYBBQUHAQEE
MTAvMC0GCCsGAQUFBzAChiFodHRwOi8vdXJsLWZvci1haWEvU2hhZG93Um9vdC5j
ZXIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL3VybC1mb3ItY3JsL1NoYWRvd1Jv
b3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4IBAQCMKh/ukBW4QYvMtEUrb1ueSfehn54qzorDrleVYrXyyaRqV0k5
ADLEI0y4FSFKjwqDmNi6g9zaiEx+YCEa7XVtXl2DkOBxIxNPLZTA+5F/tllB1rM+
Qu8xAiMYptKbAMaMWj0sy17cU2mscbhokGJaui8fIJ1387CqLlJhpWBTW1yryVZ+
AUy/JqsTR8EochOl2LhMZQmff6Fnk/wNcaNMHT+VnEoojVINSP40BMLSgGGGHOYY
zbtiytLmdqjzFONBdV0751opbG4svFNvOeiCq3PR1bnT+DBc1xnTSRElfAE6KqZ/
GbMIvw/cT3v6WyC4fuvqjwpWxBbN4Suiu2bw
-----END TRUSTED_CERTIFICATE-----
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
-----BEGIN VERIFY_RESULT-----
U1VDQ0VTUw==
-----END VERIFY_RESULT-----