| [Created by: generate-chains.py] |
| |
| Certificate chain where the intermediate restricts the extended key usage to |
| clientAuth, and the target asserts serverAuth + clientAuth. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 56:4a:78:5b:dc:c1:19:20:fe:f3:13:be:99:46:f9:53:d1:a4:40:a1 |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Mar 10 12:00:00 2018 GMT |
| Not After : Jan 1 12:00:00 2021 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:bb:d3:3c:f5:4c:df:73:61:c9:d0:be:56:b8:7f: |
| e6:52:56:9c:3b:84:83:23:d8:ea:30:cb:cc:01:ba: |
| 1d:36:70:d3:4c:58:62:74:2f:96:57:7c:e5:b0:27: |
| 6f:fa:72:c0:5b:0b:0c:f6:ec:1e:3b:c7:04:45:b8: |
| 89:97:be:fa:49:27:b6:c2:0a:29:b8:98:cd:a4:a4: |
| 54:29:ce:55:c5:91:ff:89:d3:51:87:88:d0:c3:ef: |
| 0c:de:43:b0:e0:b9:d9:23:92:f0:04:42:b6:50:06: |
| 2b:1a:7b:97:3e:67:a4:ed:77:23:e5:83:76:76:63: |
| 09:6d:be:05:6e:fc:aa:a0:c8:91:97:97:2d:85:02: |
| 95:c2:fc:dd:dc:f4:4b:08:c3:be:3b:43:76:96:cc: |
| ec:55:7a:0f:00:fe:29:4b:87:ca:df:50:ba:5c:60: |
| e5:6f:8c:f0:56:7b:5b:20:3d:87:fd:81:7f:61:51: |
| 6c:44:61:55:3a:52:28:cf:49:4d:72:3f:34:b0:a3: |
| 04:18:e6:47:50:c7:f0:e1:a5:4f:8c:59:e3:73:ca: |
| b6:a6:0d:34:a3:40:fb:41:97:8c:66:93:64:29:20: |
| 13:1b:f5:ab:69:74:11:88:13:8d:dc:15:c8:22:a2: |
| 2b:16:74:f2:f1:8b:27:c1:5a:9c:c5:0e:95:78:ba: |
| fe:9f |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 6D:1B:79:D9:7C:01:F2:1D:99:D4:DD:54:90:BF:32:03:0F:28:4D:38 |
| X509v3 Authority Key Identifier: |
| keyid:3A:B9:4C:96:D7:3D:14:A8:24:C8:DE:55:0A:54:05:5D:5C:A2:C9:99 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| af:3f:9a:2d:ff:1d:e6:6f:e6:4c:75:c3:27:8f:c7:86:15:20: |
| 70:e8:a5:94:88:96:e5:7f:06:c8:de:cf:69:92:5c:0c:16:9f: |
| 71:ee:c7:7e:dd:d0:a3:b7:63:e0:a8:66:67:c1:d9:16:e8:b2: |
| 0c:10:52:b1:e6:c0:02:43:74:ff:03:3b:18:dc:1c:0a:e8:95: |
| 60:74:54:ce:62:ad:2e:30:ca:6b:4f:36:5d:fa:bf:03:c8:40: |
| aa:f1:4d:e8:47:30:60:70:51:a9:40:00:b7:d0:8a:1e:2d:13: |
| 9d:a6:0c:62:4d:3d:fb:7b:ad:6e:86:fc:f5:0c:f4:ab:aa:12: |
| a5:6d:4b:56:be:ac:a7:d8:d4:47:ad:ab:71:44:aa:dc:1a:dc: |
| 0a:ea:6f:ba:1a:3e:06:01:2c:22:8c:ab:d1:ed:60:07:6b:f5: |
| dd:b3:16:5e:36:ac:a5:dc:53:a3:55:a2:9c:97:c7:4b:fb:4e: |
| 03:1d:e9:f5:99:e7:43:df:6e:95:bc:01:2e:d4:2e:84:05:2b: |
| 21:c1:c9:6e:6b:ea:1e:ab:67:26:24:23:69:72:6b:dc:af:d1: |
| 88:bb:9a:09:4f:81:dd:cb:c2:bd:56:c6:d2:90:b5:53:a3:d4: |
| 8f:c8:eb:39:db:e8:8a:f2:8d:75:84:cf:84:c4:3e:72:6e:63: |
| 3a:6f:cb:cc |
| -----BEGIN CERTIFICATE----- |
| MIIDoDCCAoigAwIBAgIUVkp4W9zBGSD+8xO+mUb5U9GkQKEwDQYJKoZIhvcNAQEL |
| BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE4MDMxMDEyMDAwMFoXDTIx |
| MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF |
| AAOCAQ8AMIIBCgKCAQEAu9M89Uzfc2HJ0L5WuH/mUlacO4SDI9jqMMvMAbodNnDT |
| TFhidC+WV3zlsCdv+nLAWwsM9uweO8cERbiJl776SSe2wgopuJjNpKRUKc5VxZH/ |
| idNRh4jQw+8M3kOw4LnZI5LwBEK2UAYrGnuXPmek7Xcj5YN2dmMJbb4FbvyqoMiR |
| l5cthQKVwvzd3PRLCMO+O0N2lszsVXoPAP4pS4fK31C6XGDlb4zwVntbID2H/YF/ |
| YVFsRGFVOlIoz0lNcj80sKMEGOZHUMfw4aVPjFnjc8q2pg00o0D7QZeMZpNkKSAT |
| G/WraXQRiBON3BXIIqIrFnTy8YsnwVqcxQ6VeLr+nwIDAQABo4HpMIHmMB0GA1Ud |
| DgQWBBRtG3nZfAHyHZnU3VSQvzIDDyhNODAfBgNVHSMEGDAWgBQ6uUyW1z0UqCTI |
| 3lUKVAVdXKLJmTA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 |
| cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 |
| dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF |
| oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD |
| ggEBAK8/mi3/HeZv5kx1wyePx4YVIHDopZSIluV/Bsjez2mSXAwWn3Hux37d0KO3 |
| Y+CoZmfB2RbosgwQUrHmwAJDdP8DOxjcHArolWB0VM5irS4wymtPNl36vwPIQKrx |
| TehHMGBwUalAALfQih4tE52mDGJNPft7rW6G/PUM9KuqEqVtS1a+rKfY1Eetq3FE |
| qtwa3Arqb7oaPgYBLCKMq9HtYAdr9d2zFl42rKXcU6NVopyXx0v7TgMd6fWZ50Pf |
| bpW8AS7ULoQFKyHByW5r6h6rZyYkI2lya9yv0Yi7mglPgd3Lwr1WxtKQtVOj1I/I |
| 6znb6IryjXWEz4TEPnJuYzpvy8w= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 6b:b7:9e:0a:83:55:83:77:1b:db:10:18:94:12:3f:c4:67:6e:66:e1 |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Mar 10 12:00:00 2018 GMT |
| Not After : Jan 1 12:00:00 2021 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:bd:9a:08:67:72:a5:4d:ba:39:c4:0a:d5:a9:42: |
| 46:7a:a0:f3:f2:2b:1f:83:91:58:a7:00:3b:b3:17: |
| 51:e5:1f:83:13:44:10:14:7f:84:6d:97:57:de:32: |
| 00:bd:15:18:e4:c7:89:8b:6e:5b:41:51:ad:d3:c9: |
| f7:3e:75:51:74:5c:71:40:2e:9b:95:be:8f:3b:17: |
| 33:a5:3a:33:17:97:05:d7:30:0c:40:94:c1:8d:e7: |
| 80:5f:f3:d4:3e:e4:46:8c:e3:80:ec:95:91:87:e0: |
| a0:a3:32:73:6c:44:c2:9c:12:a5:d3:6b:91:e0:60: |
| 3d:a1:61:9d:09:6f:5f:7b:b1:c5:98:6a:3a:cc:85: |
| 76:45:f2:44:0e:3f:cf:b9:56:5a:23:55:68:31:4b: |
| 17:30:ad:a0:e2:b1:85:3f:6e:2e:7e:a7:38:b9:dd: |
| cd:3d:fb:74:1a:83:87:c2:ec:ec:6a:63:0b:5e:c8: |
| 75:07:b5:4f:3f:93:58:a5:fe:3e:76:18:ee:16:df: |
| b1:52:b8:1a:f0:77:65:a3:b7:2d:16:a3:e6:c8:11: |
| 67:e1:20:ea:2f:ed:0b:93:e6:c8:2a:a0:fc:34:b7: |
| fa:4b:21:33:60:02:86:cf:b4:bd:f0:c7:ec:f5:7a: |
| b4:ff:84:18:f4:73:a1:28:7a:31:de:08:b6:fd:be: |
| 0a:7d |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 3A:B9:4C:96:D7:3D:14:A8:24:C8:DE:55:0A:54:05:5D:5C:A2:C9:99 |
| X509v3 Authority Key Identifier: |
| keyid:AE:89:01:94:41:77:67:BD:EF:7F:98:4F:29:E7:1B:3A:18:B9:DD:51 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| X509v3 Extended Key Usage: |
| TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 11:c4:87:48:f4:9f:82:01:08:5e:f3:a8:4e:cc:0a:c1:44:72: |
| 78:32:66:79:7e:13:6d:21:2e:95:59:7f:45:5c:08:f5:7c:0c: |
| ca:45:a5:f7:fb:c2:c6:61:81:db:58:f8:c3:1b:b7:49:7b:57: |
| a1:3a:66:43:83:c3:cc:fc:16:f0:04:b3:f8:61:a8:0c:79:95: |
| a4:8b:8d:14:37:68:92:ab:b0:a7:ad:1b:9e:98:92:7d:70:4a: |
| 64:35:18:b8:38:a3:71:b4:14:e9:d6:ee:a9:d2:37:55:eb:21: |
| 59:87:75:0a:78:02:0a:3d:6b:b0:1d:cc:9b:95:dd:9d:6c:fc: |
| 19:ea:5e:ce:7f:2c:78:cb:bb:be:97:f0:99:90:ca:b3:80:64: |
| 6d:14:da:58:9f:ff:3c:29:40:af:a0:79:c7:5b:40:5a:ae:29: |
| 76:92:52:78:ba:4b:d5:8d:d7:7d:7e:86:cb:e6:2b:5b:f6:07: |
| 45:32:22:60:04:68:f2:b9:ef:8b:59:2f:71:7b:68:59:3d:63: |
| 4c:ce:b5:7c:3a:4b:dd:d1:6d:04:46:77:62:28:c4:e6:21:0d: |
| 89:fc:b6:f1:27:d5:75:68:f3:18:08:4c:97:a4:5a:47:47:15: |
| c4:5d:2a:ee:b0:bb:5b:75:82:5a:88:a9:e1:67:40:f4:3a:a6: |
| c8:98:c9:a2 |
| -----BEGIN CERTIFICATE----- |
| MIIDlTCCAn2gAwIBAgIUa7eeCoNVg3cb2xAYlBI/xGduZuEwDQYJKoZIhvcNAQEL |
| BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xODAzMTAxMjAwMDBaFw0yMTAxMDExMjAw |
| MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD |
| ggEPADCCAQoCggEBAL2aCGdypU26OcQK1alCRnqg8/IrH4ORWKcAO7MXUeUfgxNE |
| EBR/hG2XV94yAL0VGOTHiYtuW0FRrdPJ9z51UXRccUAum5W+jzsXM6U6MxeXBdcw |
| DECUwY3ngF/z1D7kRozjgOyVkYfgoKMyc2xEwpwSpdNrkeBgPaFhnQlvX3uxxZhq |
| OsyFdkXyRA4/z7lWWiNVaDFLFzCtoOKxhT9uLn6nOLndzT37dBqDh8Ls7GpjC17I |
| dQe1Tz+TWKX+PnYY7hbfsVK4GvB3ZaO3LRaj5sgRZ+Eg6i/tC5PmyCqg/DS3+ksh |
| M2AChs+0vfDH7PV6tP+EGPRzoSh6Md4Itv2+Cn0CAwEAAaOB4DCB3TAdBgNVHQ4E |
| FgQUOrlMltc9FKgkyN5VClQFXVyiyZkwHwYDVR0jBBgwFoAUrokBlEF3Z73vf5hP |
| KecbOhi53VEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs |
| LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m |
| b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ |
| MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQARxIdI9J+C |
| AQhe86hOzArBRHJ4MmZ5fhNtIS6VWX9FXAj1fAzKRaX3+8LGYYHbWPjDG7dJe1eh |
| OmZDg8PM/BbwBLP4YagMeZWki40UN2iSq7CnrRuemJJ9cEpkNRi4OKNxtBTp1u6p |
| 0jdV6yFZh3UKeAIKPWuwHcybld2dbPwZ6l7Ofyx4y7u+l/CZkMqzgGRtFNpYn/88 |
| KUCvoHnHW0Baril2klJ4ukvVjdd9fobL5itb9gdFMiJgBGjyue+LWS9xe2hZPWNM |
| zrV8Okvd0W0ERndiKMTmIQ2J/LbxJ9V1aPMYCEyXpFpHRxXEXSrusLtbdYJaiKnh |
| Z0D0OqbImMmi |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 6b:b7:9e:0a:83:55:83:77:1b:db:10:18:94:12:3f:c4:67:6e:66:e0 |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Mar 10 12:00:00 2018 GMT |
| Not After : Jan 1 12:00:00 2021 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:b6:30:63:d8:b0:11:71:5f:03:38:e5:24:a7:88: |
| 9c:fe:f5:a6:2a:59:63:7b:18:39:d5:34:2f:27:4c: |
| fe:18:27:eb:7e:71:25:4d:af:71:97:7f:f0:18:b0: |
| 19:a7:fd:ab:52:d9:01:aa:13:ff:3f:c9:c8:d4:87: |
| fa:69:53:28:b7:52:4f:91:ac:55:cb:38:7f:61:32: |
| b6:d9:20:f4:58:6f:c3:4c:4f:64:d7:14:34:8c:d3: |
| ac:f5:97:8a:9d:f6:d0:0b:64:b4:3a:55:71:0b:92: |
| b1:8e:df:2e:77:8a:fe:36:f6:0f:be:49:03:3d:42: |
| fc:4c:e4:50:f6:3e:86:d0:e4:0b:15:cd:27:49:ae: |
| 7a:be:d7:05:28:68:f7:e7:35:1b:fc:2a:50:c1:66: |
| f3:31:11:f3:f9:40:80:51:3a:60:9a:87:47:fc:46: |
| 99:e3:1a:c9:5c:76:d9:34:45:b0:82:d6:06:d7:ea: |
| 5d:13:ce:ca:4e:9d:2e:80:cd:b3:5c:47:11:dd:f1: |
| 8a:97:c7:8d:37:6a:1a:c7:97:13:ad:bf:9c:85:32: |
| df:20:0a:a9:27:3b:e6:26:c6:9d:98:d3:d1:d7:a0: |
| 16:4d:b1:a3:3b:1f:19:c3:c5:81:dd:35:25:3c:86: |
| 8e:8b:76:69:f2:e5:35:5e:3c:6c:3f:7e:47:57:7f: |
| eb:0d |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| AE:89:01:94:41:77:67:BD:EF:7F:98:4F:29:E7:1B:3A:18:B9:DD:51 |
| X509v3 Authority Key Identifier: |
| keyid:AE:89:01:94:41:77:67:BD:EF:7F:98:4F:29:E7:1B:3A:18:B9:DD:51 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 06:0c:a1:2a:b8:b8:65:8d:8f:58:f4:71:a3:26:41:ed:c1:7d: |
| ac:b1:ca:c9:a6:dd:1d:05:88:df:c6:65:fc:be:0a:94:9c:06: |
| 5a:42:02:d4:9b:32:69:2c:13:2b:0a:c3:3f:ab:9a:68:10:44: |
| 19:8c:f2:56:1f:1d:8d:1b:8a:ec:c7:bf:b9:3b:b9:79:91:80: |
| 30:d0:cf:d2:0f:1f:33:22:64:16:01:b2:b6:97:b3:76:3a:bd: |
| d0:1f:6d:a8:ce:ad:ca:5c:dd:5c:19:61:9b:bd:1a:ad:54:11: |
| 82:27:49:99:54:8d:49:a5:aa:9e:74:15:57:e4:52:66:88:94: |
| 90:ba:28:b4:0f:00:93:80:db:36:79:00:b0:ad:f9:91:28:ff: |
| 55:87:99:11:d8:40:23:11:19:20:2f:d5:a7:12:27:6d:4d:8f: |
| e1:7a:98:e3:59:0d:26:66:1b:85:18:0c:3b:6a:eb:1d:dd:1b: |
| c4:0d:5a:82:b8:a2:5c:63:76:f0:55:66:44:c9:c7:63:59:b5: |
| 3b:60:1d:41:f7:ad:4b:69:b5:ac:35:cc:cd:9e:31:be:ed:91: |
| 16:d3:7e:85:66:b5:95:c8:e1:56:cc:52:79:b0:d4:c9:77:c1: |
| 5e:4f:1b:ae:02:76:52:07:e5:e4:6c:13:3f:ab:c5:c8:45:38: |
| e5:7e:b4:60 |
| -----BEGIN CERTIFICATE----- |
| MIIDeDCCAmCgAwIBAgIUa7eeCoNVg3cb2xAYlBI/xGduZuAwDQYJKoZIhvcNAQEL |
| BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xODAzMTAxMjAwMDBaFw0yMTAxMDExMjAw |
| MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK |
| AoIBAQC2MGPYsBFxXwM45SSniJz+9aYqWWN7GDnVNC8nTP4YJ+t+cSVNr3GXf/AY |
| sBmn/atS2QGqE/8/ycjUh/ppUyi3Uk+RrFXLOH9hMrbZIPRYb8NMT2TXFDSM06z1 |
| l4qd9tALZLQ6VXELkrGO3y53iv429g++SQM9QvxM5FD2PobQ5AsVzSdJrnq+1wUo |
| aPfnNRv8KlDBZvMxEfP5QIBROmCah0f8RpnjGslcdtk0RbCC1gbX6l0TzspOnS6A |
| zbNcRxHd8YqXx403ahrHlxOtv5yFMt8gCqknO+Ymxp2Y09HXoBZNsaM7HxnDxYHd |
| NSU8ho6Ldmny5TVePGw/fkdXf+sNAgMBAAGjgcswgcgwHQYDVR0OBBYEFK6JAZRB |
| d2e973+YTynnGzoYud1RMB8GA1UdIwQYMBaAFK6JAZRBd2e973+YTynnGzoYud1R |
| MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh |
| L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S |
| b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG |
| 9w0BAQsFAAOCAQEABgyhKri4ZY2PWPRxoyZB7cF9rLHKyabdHQWI38Zl/L4KlJwG |
| WkIC1JsyaSwTKwrDP6uaaBBEGYzyVh8djRuK7Me/uTu5eZGAMNDP0g8fMyJkFgGy |
| tpezdjq90B9tqM6tylzdXBlhm70arVQRgidJmVSNSaWqnnQVV+RSZoiUkLootA8A |
| k4DbNnkAsK35kSj/VYeZEdhAIxEZIC/VpxInbU2P4XqY41kNJmYbhRgMO2rrHd0b |
| xA1agriiXGN28FVmRMnHY1m1O2AdQfetS2m1rDXMzZ4xvu2RFtN+hWa1lcjhVsxS |
| ebDUyXfBXk8brgJ2Ugfl5GwTP6vFyEU45X60YA== |
| -----END CERTIFICATE----- |