| [Created by: generate-chains.py] |
| |
| Certificate chain where the root has a smaller validity range than the other |
| certificates, making it easy to violate just its validity. |
| |
| Root: 2015/03/01 -> 2015/09/01 |
| Intermediate: 2015/01/01 -> 2016/01/01 |
| Target: 2015/01/01 -> 2016/01/01 |
| |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 3c:f7:2e:2d:8f:c5:f0:b0:65:49:87:7e:d7:10:b9:ab:3b:56:ba:be |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:c8:7c:97:b3:0d:f9:56:4b:f9:6c:a3:4b:05:f3: |
| d6:34:aa:f9:3b:b9:59:7f:02:7b:89:b5:d0:9b:be: |
| 38:c9:e6:62:0e:79:38:c7:aa:bc:2c:0b:6b:3e:b5: |
| 22:ba:8a:23:2f:ee:c4:8b:5a:59:a7:9e:4d:a0:bb: |
| a2:13:61:9e:d6:b0:1f:34:74:b6:bc:ff:fd:ee:95: |
| 00:5b:3a:71:e1:c1:5c:89:5f:f4:70:60:f1:ca:1c: |
| 2d:33:49:03:a2:78:a1:b4:96:f1:ef:6a:ba:03:77: |
| 89:bc:64:34:99:b1:20:54:18:78:5b:d7:98:c9:c2: |
| d2:f1:c6:64:2f:18:2f:b8:e7:e7:25:78:91:7a:59: |
| 34:ca:2f:e2:c9:47:62:b6:ff:0d:39:11:03:f5:97: |
| e5:fd:33:14:52:4f:cc:46:6e:b1:8c:52:00:fb:dd: |
| be:e7:dd:fe:93:49:15:ae:98:86:bf:ea:13:ca:2b: |
| 29:4a:16:ab:83:4f:26:e5:bd:e8:23:40:55:a9:a3: |
| aa:f4:0c:56:54:13:a0:f1:dd:3b:6b:d1:7b:2b:a8: |
| 46:37:3a:fa:6b:2c:94:0e:17:0a:1b:f0:fa:37:1f: |
| e1:14:74:d8:50:43:f6:86:9c:99:bb:03:6e:46:1e: |
| e4:64:f5:4f:4f:67:b8:f6:8c:c2:5e:9d:ef:c1:0f: |
| ac:c3 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| CA:78:A4:F1:F5:90:DF:91:0F:99:E9:68:EC:EA:37:23:7B:83:C1:6D |
| X509v3 Authority Key Identifier: |
| keyid:56:44:1D:0C:BA:47:5A:7D:24:AB:AC:13:96:25:FF:86:D0:08:85:8C |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 63:36:d1:99:49:b6:e8:c3:28:ee:2b:1d:ab:32:ac:94:27:2e: |
| 48:45:19:19:8a:82:f7:f3:47:e4:07:e6:26:95:3b:6b:c4:ab: |
| d7:b3:1b:3a:6e:3a:ee:bf:84:47:cf:d9:6b:a7:67:e6:ba:d5: |
| 4c:a8:3d:6f:ce:25:c1:ea:44:e6:15:ae:95:f3:e7:9b:3f:9b: |
| cb:53:e7:ce:e8:94:ee:fd:cd:b5:a4:e2:0a:e2:eb:b3:a0:90: |
| f0:c7:1e:59:e9:53:78:9c:57:45:a3:6d:a3:2a:ff:fa:77:a1: |
| 4c:d4:31:5e:df:0e:cc:4a:24:23:4b:0a:ec:8c:31:ca:cc:6a: |
| 67:74:34:be:d2:5b:78:75:5a:bb:b5:30:2c:b2:63:08:4c:ff: |
| 3e:ac:ad:1d:22:9b:67:87:0c:66:0e:6b:25:34:0d:7d:31:de: |
| 52:af:3d:a1:9c:ad:74:da:45:6c:f2:80:c3:1f:0d:31:c9:40: |
| 57:d1:d3:34:b9:b9:d2:50:31:55:43:bb:d1:d2:89:7e:35:27: |
| a5:99:5b:b5:d9:e8:4f:a6:67:e3:62:4a:70:f6:85:98:5a:2f: |
| e6:3e:10:e5:09:e4:15:d2:e8:64:2b:db:5c:64:08:6b:aa:a0: |
| c4:8b:fc:ba:4f:df:a1:49:a7:7d:e9:e8:91:de:1b:f8:8b:82: |
| d4:68:e0:75 |
| -----BEGIN CERTIFICATE----- |
| MIIDoDCCAoigAwIBAgIUPPcuLY/F8LBlSYd+1xC5qztWur4wDQYJKoZIhvcNAQEL |
| BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2 |
| MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF |
| AAOCAQ8AMIIBCgKCAQEAyHyXsw35Vkv5bKNLBfPWNKr5O7lZfwJ7ibXQm744yeZi |
| Dnk4x6q8LAtrPrUiuoojL+7Ei1pZp55NoLuiE2Ge1rAfNHS2vP/97pUAWzpx4cFc |
| iV/0cGDxyhwtM0kDonihtJbx72q6A3eJvGQ0mbEgVBh4W9eYycLS8cZkLxgvuOfn |
| JXiRelk0yi/iyUditv8NORED9Zfl/TMUUk/MRm6xjFIA+92+593+k0kVrpiGv+oT |
| yispSharg08m5b3oI0BVqaOq9AxWVBOg8d07a9F7K6hGNzr6ayyUDhcKG/D6Nx/h |
| FHTYUEP2hpyZuwNuRh7kZPVPT2e49ozCXp3vwQ+swwIDAQABo4HpMIHmMB0GA1Ud |
| DgQWBBTKeKTx9ZDfkQ+Z6Wjs6jcje4PBbTAfBgNVHSMEGDAWgBRWRB0MukdafSSr |
| rBOWJf+G0AiFjDA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 |
| cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 |
| dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF |
| oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD |
| ggEBAGM20ZlJtujDKO4rHasyrJQnLkhFGRmKgvfzR+QH5iaVO2vEq9ezGzpuOu6/ |
| hEfP2WunZ+a61UyoPW/OJcHqROYVrpXz55s/m8tT587olO79zbWk4gri67OgkPDH |
| HlnpU3icV0WjbaMq//p3oUzUMV7fDsxKJCNLCuyMMcrMamd0NL7SW3h1Wru1MCyy |
| YwhM/z6srR0im2eHDGYOayU0DX0x3lKvPaGcrXTaRWzygMMfDTHJQFfR0zS5udJQ |
| MVVDu9HSiX41J6WZW7XZ6E+mZ+NiSnD2hZhaL+Y+EOUJ5BXS6GQr21xkCGuqoMSL |
| /LpP36FJp33p6JHeG/iLgtRo4HU= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 60:94:d2:f0:61:1b:d8:58:84:ab:f1:64:de:71:09:ef:28:1e:23:d7 |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:b8:ea:dc:cf:e7:81:3c:c1:99:70:bd:71:4c:93: |
| 94:33:49:be:87:bf:28:2b:d0:6c:38:90:66:7d:37: |
| d5:a3:f1:5c:a1:a5:41:35:0b:5c:a7:bc:8f:ac:b3: |
| 09:ef:62:68:9f:60:3e:9e:4c:cb:7f:a4:bf:4a:0f: |
| a7:b2:5a:93:ec:b8:14:30:3f:d9:86:b8:ad:31:8a: |
| bf:20:ab:c7:40:dc:28:5b:3e:dc:39:b2:00:44:34: |
| 01:d6:81:13:a7:e6:d1:d8:d3:68:22:95:ee:bf:bd: |
| e4:d1:9f:08:dd:a9:ff:65:ff:81:6a:68:1d:ee:d3: |
| d5:c4:76:85:54:43:73:bf:f0:3c:c1:66:bb:a4:eb: |
| 22:1e:81:29:dd:4f:41:c2:a4:73:63:43:24:60:ef: |
| e2:f0:ae:e6:a6:25:c8:a9:ee:1b:7f:ab:be:71:cb: |
| f7:15:cb:2d:b4:a7:56:4b:2b:35:08:9b:12:70:15: |
| 33:53:ca:a7:b4:97:37:34:d3:f7:d5:f8:19:54:03: |
| 50:b4:f5:47:1a:f1:10:03:b5:54:64:c1:9c:b5:6d: |
| 14:0a:5a:28:24:4b:11:b6:fe:70:c2:0f:80:82:cd: |
| 94:59:16:ff:75:8b:da:91:3d:5f:16:95:4d:61:77: |
| 67:28:37:3b:6e:a6:a4:88:33:01:12:a0:10:fc:59: |
| 49:d3 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 56:44:1D:0C:BA:47:5A:7D:24:AB:AC:13:96:25:FF:86:D0:08:85:8C |
| X509v3 Authority Key Identifier: |
| keyid:07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 14:86:d2:95:9b:c1:98:21:6d:4e:a8:ac:96:32:e2:52:08:9d: |
| f3:bf:2c:9c:83:9a:71:aa:39:f0:ee:89:b9:41:a3:23:c3:2a: |
| 84:1d:d0:07:65:4b:ce:42:66:eb:a6:3b:c7:23:83:31:f0:b4: |
| d4:b5:e4:cd:89:13:58:35:43:de:05:64:84:4b:ed:84:6f:ac: |
| dc:57:29:ae:5f:0b:81:56:9b:b2:60:c2:89:68:0c:18:ee:f2: |
| d2:42:6f:e3:61:ff:b8:02:f9:61:f7:20:41:dc:91:66:52:ee: |
| ba:a3:bc:66:84:fd:89:cd:38:25:5b:53:cf:f1:6e:f9:d2:95: |
| 9a:7f:61:39:d5:1c:28:16:4a:c2:12:0e:f4:4a:94:ef:85:db: |
| ee:4f:18:7f:92:ef:de:4f:fb:9f:f5:0a:d9:ea:be:55:80:2c: |
| 85:b5:09:fc:3e:c0:32:39:68:ae:00:20:95:25:78:ba:98:f0: |
| 85:ef:ad:1c:b1:9c:7a:47:49:09:ae:ec:e0:90:71:3c:55:b4: |
| 41:c4:5d:d0:65:58:30:2d:87:1b:90:27:f8:f6:ce:de:fd:8e: |
| ec:a0:c6:25:b8:7f:f8:d0:11:90:26:a6:6a:69:2d:bf:fe:6d: |
| d9:66:d8:97:79:5a:70:96:b0:49:e5:e2:17:2f:2c:8b:63:77: |
| 88:6c:ff:e5 |
| -----BEGIN CERTIFICATE----- |
| MIIDgDCCAmigAwIBAgIUYJTS8GEb2FiEq/Fk3nEJ7ygeI9cwDQYJKoZIhvcNAQEL |
| BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw |
| MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD |
| ggEPADCCAQoCggEBALjq3M/ngTzBmXC9cUyTlDNJvoe/KCvQbDiQZn031aPxXKGl |
| QTULXKe8j6yzCe9iaJ9gPp5My3+kv0oPp7Jak+y4FDA/2Ya4rTGKvyCrx0DcKFs+ |
| 3DmyAEQ0AdaBE6fm0djTaCKV7r+95NGfCN2p/2X/gWpoHe7T1cR2hVRDc7/wPMFm |
| u6TrIh6BKd1PQcKkc2NDJGDv4vCu5qYlyKnuG3+rvnHL9xXLLbSnVksrNQibEnAV |
| M1PKp7SXNzTT99X4GVQDULT1RxrxEAO1VGTBnLVtFApaKCRLEbb+cMIPgILNlFkW |
| /3WL2pE9XxaVTWF3Zyg3O26mpIgzARKgEPxZSdMCAwEAAaOByzCByDAdBgNVHQ4E |
| FgQUVkQdDLpHWn0kq6wTliX/htAIhYwwHwYDVR0jBBgwFoAUB3Ue42T5ygZHtGi5 |
| 2DQ5RoeNJ6EwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs |
| LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m |
| b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ |
| MA0GCSqGSIb3DQEBCwUAA4IBAQAUhtKVm8GYIW1OqKyWMuJSCJ3zvyycg5pxqjnw |
| 7om5QaMjwyqEHdAHZUvOQmbrpjvHI4Mx8LTUteTNiRNYNUPeBWSES+2Eb6zcVymu |
| XwuBVpuyYMKJaAwY7vLSQm/jYf+4Avlh9yBB3JFmUu66o7xmhP2JzTglW1PP8W75 |
| 0pWaf2E51RwoFkrCEg70SpTvhdvuTxh/ku/eT/uf9QrZ6r5VgCyFtQn8PsAyOWiu |
| ACCVJXi6mPCF760csZx6R0kJruzgkHE8VbRBxF3QZVgwLYcbkCf49s7e/Y7soMYl |
| uH/40BGQJqZqaS2//m3ZZtiXeVpwlrBJ5eIXLyyLY3eIbP/l |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 60:94:d2:f0:61:1b:d8:58:84:ab:f1:64:de:71:09:ef:28:1e:23:d6 |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Mar 1 12:00:00 2015 GMT |
| Not After : Sep 1 12:00:00 2015 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:a9:91:e0:b0:cc:ae:f4:2a:c1:32:17:cf:cf:c8: |
| f1:19:d8:82:d0:ae:e4:22:4b:3b:94:af:4a:ee:7a: |
| 36:29:60:18:39:8f:f2:51:d7:1c:a0:18:29:f1:98: |
| cb:8d:fa:e0:09:d6:0d:7f:74:08:cb:58:2e:0f:8b: |
| 1c:9d:05:31:8a:e2:41:b6:18:0f:98:ee:70:78:d3: |
| 2b:50:d4:87:a7:f6:36:6b:71:40:37:97:a9:34:3f: |
| a1:40:37:f7:e3:5b:bc:4f:21:b6:80:ef:c9:cb:e8: |
| 94:da:fa:d0:23:33:e6:e1:7f:57:72:59:c6:ca:7f: |
| 93:2f:5c:5e:d9:a8:55:8e:f2:a0:45:77:03:29:6b: |
| 55:f6:38:c2:fa:42:bc:9a:73:4a:5b:2a:27:5a:dd: |
| ab:c0:68:d0:b3:51:5b:e7:b8:4e:02:8f:09:35:31: |
| 36:93:52:a3:bd:69:5f:58:f4:de:3f:44:4a:8d:ea: |
| 9a:08:8f:1e:f6:5c:b1:db:21:0b:07:0a:8f:9b:d1: |
| d4:7f:cb:05:96:d5:04:b1:d2:5e:d9:13:6a:33:5b: |
| d4:98:05:1c:c0:33:07:a7:84:7c:6a:ca:5d:65:5e: |
| ea:18:6c:ef:4c:d6:65:a6:c1:07:bb:11:78:c3:fb: |
| 91:be:36:09:08:98:42:9b:6f:eb:ad:80:e0:14:13: |
| 11:85 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 |
| X509v3 Authority Key Identifier: |
| keyid:07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 4a:c7:5d:18:0f:b3:5f:d3:48:b3:8a:a5:74:4f:1b:f6:79:4e: |
| ac:b4:39:2d:aa:ae:62:72:ef:23:42:7d:dd:1f:64:0f:9e:5e: |
| f9:b9:80:13:fd:b8:a7:f6:f2:c5:53:ba:b4:42:d3:b7:6f:36: |
| 5a:83:f4:ca:84:f4:02:3e:8c:dc:81:10:1f:a9:4e:91:72:39: |
| 6c:ab:6d:cd:6a:a9:ac:c6:ae:ae:02:07:fd:80:64:bc:5f:7e: |
| 31:59:53:2c:b9:ae:0c:21:bd:f0:e2:e5:90:49:5e:18:3e:47: |
| 60:d3:38:fe:2b:8c:ac:f4:1b:20:12:a7:a9:13:c0:72:2f:b7: |
| 1a:1c:92:87:3f:8f:53:7a:b8:0e:db:8f:35:a0:fe:2a:d8:f4: |
| 63:c5:e4:ca:a2:a6:59:4f:c1:a5:b8:46:10:a9:cc:1c:fa:72: |
| f5:f7:63:07:d3:73:c4:21:10:cb:23:07:56:d7:df:6e:02:62: |
| ed:fc:50:3f:16:05:3e:16:07:ef:0d:f0:f9:fa:b7:59:21:d5: |
| c1:fe:1c:d5:54:18:68:51:d6:45:51:68:ef:99:d8:d4:e1:6a: |
| 2a:b7:a7:f7:5c:21:60:16:73:50:87:9c:dc:ff:f3:95:33:62: |
| 31:30:b9:65:f3:23:a6:ed:6d:18:c4:d8:57:08:93:31:35:2a: |
| 31:e8:0b:d1 |
| -----BEGIN CERTIFICATE----- |
| MIIDeDCCAmCgAwIBAgIUYJTS8GEb2FiEq/Fk3nEJ7ygeI9YwDQYJKoZIhvcNAQEL |
| BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAzMDExMjAwMDBaFw0xNTA5MDExMjAw |
| MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK |
| AoIBAQCpkeCwzK70KsEyF8/PyPEZ2ILQruQiSzuUr0ruejYpYBg5j/JR1xygGCnx |
| mMuN+uAJ1g1/dAjLWC4PixydBTGK4kG2GA+Y7nB40ytQ1Ien9jZrcUA3l6k0P6FA |
| N/fjW7xPIbaA78nL6JTa+tAjM+bhf1dyWcbKf5MvXF7ZqFWO8qBFdwMpa1X2OML6 |
| Qryac0pbKida3avAaNCzUVvnuE4Cjwk1MTaTUqO9aV9Y9N4/REqN6poIjx72XLHb |
| IQsHCo+b0dR/ywWW1QSx0l7ZE2ozW9SYBRzAMwenhHxqyl1lXuoYbO9M1mWmwQe7 |
| EXjD+5G+NgkImEKbb+utgOAUExGFAgMBAAGjgcswgcgwHQYDVR0OBBYEFAd1HuNk |
| +coGR7Roudg0OUaHjSehMB8GA1UdIwQYMBaAFAd1HuNk+coGR7Roudg0OUaHjSeh |
| MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh |
| L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S |
| b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG |
| 9w0BAQsFAAOCAQEASsddGA+zX9NIs4qldE8b9nlOrLQ5LaquYnLvI0J93R9kD55e |
| +bmAE/24p/byxVO6tELTt282WoP0yoT0Aj6M3IEQH6lOkXI5bKttzWqprMaurgIH |
| /YBkvF9+MVlTLLmuDCG98OLlkEleGD5HYNM4/iuMrPQbIBKnqRPAci+3GhyShz+P |
| U3q4DtuPNaD+Ktj0Y8XkyqKmWU/BpbhGEKnMHPpy9fdjB9NzxCEQyyMHVtffbgJi |
| 7fxQPxYFPhYH7w3w+fq3WSHVwf4c1VQYaFHWRVFo75nY1OFqKren91whYBZzUIec |
| 3P/zlTNiMTC5ZfMjpu1tGMTYVwiTMTUqMegL0Q== |
| -----END CERTIFICATE----- |
