| [Created by: ./generate-non-self-signed-root.py] |
| |
| Certificate chain with 1 intermediary and a trusted root. The trusted root |
| is NOT self signed, however its issuer is not included in the chain or root |
| store. Verification is expected to succeed since the root is trusted. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediary |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:c2:27:87:8d:77:16:37:79:6a:b5:5d:e7:ee:9f: |
| a4:5e:f6:f3:9e:a0:f9:9c:05:1a:5f:67:d8:72:c7: |
| 89:73:a5:21:d5:d6:df:39:0d:f7:e7:cb:1e:82:ec: |
| ae:15:ee:5a:bf:57:12:29:b2:44:8b:40:4b:d6:ea: |
| a5:34:05:34:5f:37:2e:32:c0:ed:6a:0c:21:ac:c5: |
| 16:80:61:96:e1:82:e3:15:62:34:23:0a:de:ca:ee: |
| 43:f8:3a:e7:42:5f:3a:79:f4:bc:cf:e7:da:c4:3a: |
| d6:d0:5f:bf:13:58:e7:69:0f:bc:38:7c:05:82:a9: |
| 92:b8:eb:f5:fb:2a:53:ef:5d:12:5e:dc:55:12:b1: |
| 66:67:3f:7c:00:89:b9:50:ea:9c:7f:90:48:02:40: |
| b3:f5:98:0d:73:ca:d8:f7:3d:0b:48:fe:99:12:90: |
| 92:37:93:34:5b:75:60:1c:16:c2:98:ec:2f:9a:f8: |
| e3:1f:8d:56:ea:c6:35:14:67:66:21:e5:83:69:59: |
| ce:c3:a6:f5:1e:94:e8:14:ce:73:83:52:af:ed:df: |
| 63:58:d2:45:07:87:18:ec:7c:11:85:c8:22:b8:ff: |
| b2:6d:05:2c:70:86:d1:5b:f9:8a:94:22:73:58:f1: |
| 9e:b2:4f:ea:50:7e:7c:db:2e:6a:ab:bc:b5:73:b5: |
| 49:3f |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 0B:2F:1A:F2:F7:59:E8:BE:B9:20:D5:71:5F:D3:A1:CA:FB:88:4B:65 |
| X509v3 Authority Key Identifier: |
| keyid:A5:03:4B:C2:60:A5:9F:86:00:2A:8E:36:33:89:B2:7B:17:24:C2:BC |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediary.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediary.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 12:45:9a:a3:e1:5b:0d:8f:1c:b7:39:60:63:7a:e0:fd:34:46: |
| 7e:44:1b:32:44:c7:7f:03:fb:94:68:a2:6b:a1:7f:06:c2:60: |
| 8d:be:65:fc:a3:45:f9:15:2c:17:16:25:98:03:a2:85:88:b6: |
| 4b:4d:86:26:ae:8a:0b:43:46:cd:cc:a3:28:5f:44:3c:92:8a: |
| ae:f3:de:02:93:1b:b7:a3:8e:6e:79:d5:a0:09:d2:c4:65:ff: |
| 1b:f5:80:16:66:20:c7:1d:0c:af:32:ff:ec:f6:a4:0f:53:79: |
| 41:0c:b6:57:9f:b9:1b:81:9c:56:29:3e:62:f6:f5:75:9f:97: |
| ff:0a:9f:5c:c8:58:f5:d0:e7:ad:c1:4b:ba:62:c1:a3:c6:59: |
| 9a:01:11:46:40:c1:54:b6:23:ae:33:58:f9:05:6b:f2:32:0d: |
| 09:2e:5f:ff:74:c5:7d:ce:c9:96:a5:8d:ba:4c:d7:49:3c:8b: |
| 13:73:36:05:12:56:bf:f8:ad:b5:7a:0a:82:ca:bc:b4:00:d2: |
| 9f:39:88:2b:b8:d0:c0:49:8a:f6:3a:e3:3e:3e:fe:b4:4e:20: |
| 1e:60:e8:cb:4d:18:80:94:26:47:bf:be:49:8a:2d:e2:41:4a: |
| cd:c3:7e:23:82:90:ba:43:a6:8b:7e:b3:57:f8:ec:59:3c:97: |
| 38:52:a0:0d |
| -----BEGIN CERTIFICATE----- |
| MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCJ4eN |
| dxY3eWq1Xefun6Re9vOeoPmcBRpfZ9hyx4lzpSHV1t85Dffnyx6C7K4V7lq/VxIp |
| skSLQEvW6qU0BTRfNy4ywO1qDCGsxRaAYZbhguMVYjQjCt7K7kP4OudCXzp59LzP |
| 59rEOtbQX78TWOdpD7w4fAWCqZK46/X7KlPvXRJe3FUSsWZnP3wAiblQ6px/kEgC |
| QLP1mA1zytj3PQtI/pkSkJI3kzRbdWAcFsKY7C+a+OMfjVbqxjUUZ2Yh5YNpWc7D |
| pvUelOgUznODUq/t32NY0kUHhxjsfBGFyCK4/7JtBSxwhtFb+YqUInNY8Z6yT+pQ |
| fnzbLmqrvLVztUk/AgMBAAGjgekwgeYwHQYDVR0OBBYEFAsvGvL3Wei+uSDVcV/T |
| ocr7iEtlMB8GA1UdIwQYMBaAFKUDS8JgpZ+GACqONjOJsnsXJMK8MD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAEkWao+FbDY8ctzlgY3rg |
| /TRGfkQbMkTHfwP7lGiia6F/BsJgjb5l/KNF+RUsFxYlmAOihYi2S02GJq6KC0NG |
| zcyjKF9EPJKKrvPeApMbt6OObnnVoAnSxGX/G/WAFmYgxx0MrzL/7PakD1N5QQy2 |
| V5+5G4GcVik+Yvb1dZ+X/wqfXMhY9dDnrcFLumLBo8ZZmgERRkDBVLYjrjNY+QVr |
| 8jINCS5f/3TFfc7JlqWNukzXSTyLE3M2BRJWv/ittXoKgsq8tADSnzmIK7jQwEmK |
| 9jrjPj7+tE4gHmDoy00YgJQmR7++SYot4kFKzcN+I4KQukOmi36zV/jsWTyXOFKg |
| DQ== |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediary |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:b0:65:a4:4b:a6:56:90:82:42:cf:e8:65:86:d1: |
| 96:7f:13:8d:b9:46:5a:16:ce:c2:fa:0d:52:ae:93: |
| 62:dc:72:05:a2:31:b7:29:88:77:31:c3:2e:3f:4d: |
| 17:16:08:3a:96:d2:49:1b:bf:0f:a0:56:ac:d2:5a: |
| b8:ff:e3:46:f1:56:83:c3:72:32:8a:7d:f6:55:a5: |
| 05:8a:68:ca:2e:9b:2a:80:63:4d:fd:46:f2:9f:c9: |
| 95:43:06:79:c4:88:78:b3:73:fb:05:0c:4f:57:75: |
| 9c:ef:eb:9f:b3:5e:65:b6:b3:b1:b7:8d:1c:c4:d9: |
| 03:76:72:4f:b8:4f:dc:36:19:4c:62:d8:0c:e4:c1: |
| 9b:9f:0c:3e:e2:54:69:f5:a6:53:a1:16:88:be:ee: |
| a8:3e:20:28:3d:a9:3c:12:41:cc:91:ca:b7:fc:d7: |
| 15:d3:1c:63:9e:7b:1d:c4:b4:08:65:2e:bc:b5:61: |
| b8:84:de:3b:69:05:9c:52:6e:60:d1:79:17:36:69: |
| 06:21:ed:43:07:bf:21:28:0a:6b:48:79:53:21:da: |
| 02:07:79:b6:30:4c:f2:6f:9f:30:55:a2:20:ae:cf: |
| 8c:ac:c6:b0:30:b0:01:80:83:ed:b0:5a:9b:92:35: |
| d9:7d:51:c5:f5:76:1e:c5:53:c1:33:71:41:35:40: |
| 55:d7 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| A5:03:4B:C2:60:A5:9F:86:00:2A:8E:36:33:89:B2:7B:17:24:C2:BC |
| X509v3 Authority Key Identifier: |
| keyid:D4:83:FC:D5:EF:E0:C4:8E:32:6D:A2:30:65:12:B4:CD:3A:B2:95:88 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 67:ed:d6:55:16:b2:0d:af:79:6e:53:48:70:4c:93:be:5e:ed: |
| 50:ea:d7:92:e4:7c:6c:78:05:0c:00:90:15:de:10:18:e5:cc: |
| 50:24:23:e6:3e:5f:b0:f4:6f:f9:74:44:db:38:d1:45:c5:84: |
| 59:58:cc:b6:f9:e9:1f:ed:41:e8:b9:aa:4b:d8:6e:88:76:d9: |
| 2f:44:bf:5d:4f:6e:72:8f:b8:35:d3:e6:a3:a2:ef:3d:e6:f3: |
| be:90:73:a8:80:ed:72:bb:ac:20:96:38:c6:3f:d1:fe:64:3e: |
| 1a:ce:21:65:cd:1f:28:54:4a:fb:44:dc:43:cc:b4:61:dd:58: |
| 83:1b:08:0c:31:f6:bc:bf:02:99:45:16:88:84:68:91:13:aa: |
| af:f6:6d:4e:8d:dd:26:1d:3a:35:ab:75:7e:f7:64:62:8c:b7: |
| 34:f9:5b:73:9b:e9:40:12:1c:f2:32:b9:e0:8c:86:fc:f2:b0: |
| 33:6d:56:f2:a0:f7:9c:ea:d7:45:41:8d:de:49:26:90:45:32: |
| 35:cf:e2:ce:43:b0:af:28:35:6a:0f:86:87:2b:57:eb:88:92: |
| 89:7a:9d:b5:f3:3c:46:11:56:2e:fc:73:32:56:a9:4b:c1:87: |
| f7:f8:46:d5:5d:ad:b2:e7:a2:88:5d:7d:b5:68:b4:ea:a7:1f: |
| 35:1d:f9:a6 |
| -----BEGIN CERTIFICATE----- |
| MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGWkS6ZW |
| kIJCz+hlhtGWfxONuUZaFs7C+g1SrpNi3HIFojG3KYh3McMuP00XFgg6ltJJG78P |
| oFas0lq4/+NG8VaDw3Iyin32VaUFimjKLpsqgGNN/Ubyn8mVQwZ5xIh4s3P7BQxP |
| V3Wc7+ufs15ltrOxt40cxNkDdnJPuE/cNhlMYtgM5MGbnww+4lRp9aZToRaIvu6o |
| PiAoPak8EkHMkcq3/NcV0xxjnnsdxLQIZS68tWG4hN47aQWcUm5g0XkXNmkGIe1D |
| B78hKAprSHlTIdoCB3m2MEzyb58wVaIgrs+MrMawMLABgIPtsFqbkjXZfVHF9XYe |
| xVPBM3FBNUBV1wIDAQABo4HLMIHIMB0GA1UdDgQWBBSlA0vCYKWfhgAqjjYzibJ7 |
| FyTCvDAfBgNVHSMEGDAWgBTUg/zV7+DEjjJtojBlErTNOrKViDA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| AGft1lUWsg2veW5TSHBMk75e7VDq15LkfGx4BQwAkBXeEBjlzFAkI+Y+X7D0b/l0 |
| RNs40UXFhFlYzLb56R/tQei5qkvYboh22S9Ev11PbnKPuDXT5qOi7z3m876Qc6iA |
| 7XK7rCCWOMY/0f5kPhrOIWXNHyhUSvtE3EPMtGHdWIMbCAwx9ry/AplFFoiEaJET |
| qq/2bU6N3SYdOjWrdX73ZGKMtzT5W3Ob6UASHPIyueCMhvzysDNtVvKg95zq10VB |
| jd5JJpBFMjXP4s5DsK8oNWoPhocrV+uIkol6nbXzPEYRVi78czJWqUvBh/f4RtVd |
| rbLnoohdfbVotOqnHzUd+aY= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=ShadowRoot |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:a6:37:9c:ac:42:96:1c:fb:44:86:df:16:85:d2: |
| de:49:73:74:b8:5b:3e:8c:34:4b:42:57:7e:7a:9a: |
| fd:cf:7f:03:c7:39:22:02:3f:44:1b:62:4b:4a:1b: |
| 9b:d8:8e:7b:a5:b5:92:39:a1:03:bc:3c:1a:1f:5f: |
| 36:54:9d:b4:6d:98:c2:24:a9:fd:f7:6e:8e:41:18: |
| e1:9b:ae:ef:61:98:5f:91:53:f0:8a:8e:d4:18:cf: |
| 4f:dd:ff:75:01:16:10:f1:76:10:28:ba:70:96:8b: |
| b7:ac:df:17:68:61:03:56:77:e5:bd:04:58:d8:44: |
| d6:65:21:97:28:46:5d:a3:62:6d:3d:a1:03:6d:da: |
| f7:46:f5:76:5c:1a:cd:19:b4:25:cd:17:d7:0e:ac: |
| 6a:3c:d1:35:a0:20:cc:5e:62:7b:e1:11:d6:92:09: |
| 34:3e:1d:d7:d5:27:b9:3b:5b:42:1e:11:f4:1a:2f: |
| de:93:81:2f:6b:d1:9f:40:9f:d7:8e:7c:9b:37:7b: |
| d8:3f:ba:e3:00:d7:f7:3c:20:0e:81:b4:df:cc:46: |
| 3c:10:0d:04:8a:b5:ef:ba:e7:ec:7e:0b:98:a1:18: |
| fb:39:db:2c:76:ae:1b:91:94:22:f4:35:b0:1a:73: |
| 4d:7b:eb:c5:b3:80:80:74:90:79:b9:2f:fd:35:39: |
| 02:ad |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| D4:83:FC:D5:EF:E0:C4:8E:32:6D:A2:30:65:12:B4:CD:3A:B2:95:88 |
| X509v3 Authority Key Identifier: |
| keyid:EE:5C:5F:80:3F:59:C4:A6:5B:70:C2:1C:BA:E4:5D:40:F9:E9:60:8D |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/ShadowRoot.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/ShadowRoot.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 8c:2a:1f:ee:90:15:b8:41:8b:cc:b4:45:2b:6f:5b:9e:49:f7: |
| a1:9f:9e:2a:ce:8a:c3:ae:57:95:62:b5:f2:c9:a4:6a:57:49: |
| 39:00:32:c4:23:4c:b8:15:21:4a:8f:0a:83:98:d8:ba:83:dc: |
| da:88:4c:7e:60:21:1a:ed:75:6d:5e:5d:83:90:e0:71:23:13: |
| 4f:2d:94:c0:fb:91:7f:b6:59:41:d6:b3:3e:42:ef:31:02:23: |
| 18:a6:d2:9b:00:c6:8c:5a:3d:2c:cb:5e:dc:53:69:ac:71:b8: |
| 68:90:62:5a:ba:2f:1f:20:9d:77:f3:b0:aa:2e:52:61:a5:60: |
| 53:5b:5c:ab:c9:56:7e:01:4c:bf:26:ab:13:47:c1:28:72:13: |
| a5:d8:b8:4c:65:09:9f:7f:a1:67:93:fc:0d:71:a3:4c:1d:3f: |
| 95:9c:4a:28:8d:52:0d:48:fe:34:04:c2:d2:80:61:86:1c:e6: |
| 18:cd:bb:62:ca:d2:e6:76:a8:f3:14:e3:41:75:5d:3b:e7:5a: |
| 29:6c:6e:2c:bc:53:6f:39:e8:82:ab:73:d1:d5:b9:d3:f8:30: |
| 5c:d7:19:d3:49:11:25:7c:01:3a:2a:a6:7f:19:b3:08:bf:0f: |
| dc:4f:7b:fa:5b:20:b8:7e:eb:ea:8f:0a:56:c4:16:cd:e1:2b: |
| a2:bb:66:f0 |
| -----BEGIN TRUSTED_CERTIFICATE----- |
| MIIDdzCCAl+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApTaGFk |
| b3dSb290MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UE |
| AwwEUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKY3nKxClhz7 |
| RIbfFoXS3klzdLhbPow0S0JXfnqa/c9/A8c5IgI/RBtiS0obm9iOe6W1kjmhA7w8 |
| Gh9fNlSdtG2YwiSp/fdujkEY4Zuu72GYX5FT8IqO1BjPT93/dQEWEPF2ECi6cJaL |
| t6zfF2hhA1Z35b0EWNhE1mUhlyhGXaNibT2hA23a90b1dlwazRm0Jc0X1w6sajzR |
| NaAgzF5ie+ER1pIJND4d19UnuTtbQh4R9Bov3pOBL2vRn0Cf1458mzd72D+64wDX |
| 9zwgDoG038xGPBANBIq177rn7H4LmKEY+znbLHauG5GUIvQ1sBpzTXvrxbOAgHSQ |
| ebkv/TU5Aq0CAwEAAaOB1zCB1DAdBgNVHQ4EFgQU1IP81e/gxI4ybaIwZRK0zTqy |
| lYgwHwYDVR0jBBgwFoAU7lxfgD9ZxKZbcMIcuuRdQPnpYI0wPQYIKwYBBQUHAQEE |
| MTAvMC0GCCsGAQUFBzAChiFodHRwOi8vdXJsLWZvci1haWEvU2hhZG93Um9vdC5j |
| ZXIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL3VybC1mb3ItY3JsL1NoYWRvd1Jv |
| b3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 |
| DQEBCwUAA4IBAQCMKh/ukBW4QYvMtEUrb1ueSfehn54qzorDrleVYrXyyaRqV0k5 |
| ADLEI0y4FSFKjwqDmNi6g9zaiEx+YCEa7XVtXl2DkOBxIxNPLZTA+5F/tllB1rM+ |
| Qu8xAiMYptKbAMaMWj0sy17cU2mscbhokGJaui8fIJ1387CqLlJhpWBTW1yryVZ+ |
| AUy/JqsTR8EochOl2LhMZQmff6Fnk/wNcaNMHT+VnEoojVINSP40BMLSgGGGHOYY |
| zbtiytLmdqjzFONBdV0751opbG4svFNvOeiCq3PR1bnT+DBc1xnTSRElfAE6KqZ/ |
| GbMIvw/cT3v6WyC4fuvqjwpWxBbN4Suiu2bw |
| -----END TRUSTED_CERTIFICATE----- |
| |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| -----BEGIN VERIFY_RESULT----- |
| U1VDQ0VTUw== |
| -----END VERIFY_RESULT----- |