blob: bd36d6338a7377cbb6748fd480348dc8abf4283a [file] [log] [blame]
[Created by: generate-chains.py]
Certificate chain where the intermediate has a smaller validity range
than the other certificates, making it easy to violate just its validity.
Root: 2015/01/01 -> 2016/01/01
Intermediate: 2015/03/01 -> 2015/09/01
Target: 2015/01/01 -> 2016/01/01
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
73:60:af:38:91:cf:45:20:b2:11:f8:2c:36:b2:3d:e8:ed:26:6b:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:5d:52:78:e5:9d:90:f8:e6:89:33:f2:76:2f:
04:9f:a8:f1:db:92:f1:b3:43:19:a3:7c:1f:a1:46:
2f:aa:b4:48:fe:f2:35:cd:2d:61:76:e7:5c:52:c9:
7b:d6:90:3a:91:11:44:a8:bd:39:d4:5d:10:e0:17:
71:03:b9:e2:a5:fb:08:15:d2:50:dd:4d:67:ed:9c:
a9:9b:3e:bd:3a:91:57:49:53:73:8b:2b:3e:c0:e4:
aa:c9:c2:68:31:82:b4:0e:40:a9:e7:d1:c4:f6:5b:
48:3d:88:74:1f:43:2e:f8:b3:66:d8:41:b4:0b:6a:
21:38:05:65:05:99:8f:84:75:07:57:3a:1b:7b:2d:
21:0a:fc:7a:22:d9:d3:89:43:0c:1a:18:f9:92:d9:
42:0f:86:d8:28:d2:b4:ca:28:9a:85:29:1b:0a:d7:
01:3b:bd:cb:83:36:a0:d3:d3:4c:5a:54:06:a0:a0:
c6:51:12:33:00:5f:85:2e:0a:b5:63:2e:e0:f3:95:
03:f9:d8:17:24:19:85:a1:23:cc:45:ea:2f:2e:89:
3c:05:52:f0:69:95:0e:fc:71:1a:8f:2c:90:54:6f:
14:46:33:99:bd:8b:a7:5e:0b:ad:ad:00:4f:78:8b:
69:36:a5:38:43:63:f4:6f:f1:a8:f6:21:22:38:56:
9f:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:07:CA:2E:D6:33:0C:B0:73:89:52:A6:81:9F:EA:5A:7D:58:36:E5
X509v3 Authority Key Identifier:
keyid:72:43:36:2F:89:32:3C:1F:45:05:00:D1:48:B6:8F:03:7A:01:52:38
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
14:34:ce:62:08:64:36:8e:3c:83:a8:5a:e9:42:34:8a:bf:29:
c6:98:10:f5:11:cb:e6:dd:09:a9:61:77:ef:62:d3:35:ba:3d:
7b:f1:77:1a:c0:c2:05:b8:05:6a:f0:2d:82:a4:a5:58:ae:e4:
bc:86:d4:19:68:9b:61:1a:2b:3b:d8:f1:c4:fa:ce:75:ea:0e:
f8:79:00:0d:1c:42:28:de:2b:fb:d6:2c:55:25:d1:f9:91:ce:
fd:3b:8e:20:03:c1:46:a8:3f:06:c2:f6:31:70:f4:0e:ac:e5:
d3:7e:35:2a:33:b7:85:49:b5:90:34:86:fb:91:f8:a2:f9:96:
cb:6e:0b:22:7f:0e:10:d1:6b:ef:f8:50:51:6e:1b:4a:cd:ea:
a2:13:6c:f6:31:3e:fb:53:7a:33:b4:1b:22:83:c7:0a:b1:e4:
ab:7e:46:38:31:4e:59:c7:63:6a:61:a4:b1:b6:9d:76:10:b6:
70:fa:4b:1c:a8:41:9e:7f:1b:c0:1c:c5:c3:77:94:3d:36:b8:
2e:38:7a:cb:ac:10:91:ac:13:33:93:77:ca:ec:96:e1:45:ee:
40:45:0a:11:af:b7:59:be:86:ba:1a:fd:03:ec:4b:5e:7f:0f:
24:9f:8e:5a:a4:6e:11:da:68:56:b5:af:51:87:99:52:e7:09:
48:6e:ee:61
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIUc2CvOJHPRSCyEfgsNrI96O0ma3wwDQYJKoZIhvcNAQEL
BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2
MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA5V1SeOWdkPjmiTPydi8En6jx25Lxs0MZo3wfoUYvqrRI
/vI1zS1hdudcUsl71pA6kRFEqL051F0Q4BdxA7nipfsIFdJQ3U1n7Zypmz69OpFX
SVNziys+wOSqycJoMYK0DkCp59HE9ltIPYh0H0Mu+LNm2EG0C2ohOAVlBZmPhHUH
Vzobey0hCvx6ItnTiUMMGhj5ktlCD4bYKNK0yiiahSkbCtcBO73Lgzag09NMWlQG
oKDGURIzAF+FLgq1Yy7g85UD+dgXJBmFoSPMReovLok8BVLwaZUO/HEajyyQVG8U
RjOZvYunXgutrQBPeItpNqU4Q2P0b/Go9iEiOFafewIDAQABo4HpMIHmMB0GA1Ud
DgQWBBRuB8ou1jMMsHOJUqaBn+pafVg25TAfBgNVHSMEGDAWgBRyQzYviTI8H0UF
ANFIto8DegFSODA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD
ggEBABQ0zmIIZDaOPIOoWulCNIq/KcaYEPURy+bdCalhd+9i0zW6PXvxdxrAwgW4
BWrwLYKkpViu5LyG1Blom2EaKzvY8cT6znXqDvh5AA0cQijeK/vWLFUl0fmRzv07
jiADwUaoPwbC9jFw9A6s5dN+NSozt4VJtZA0hvuR+KL5lstuCyJ/DhDRa+/4UFFu
G0rN6qITbPYxPvtTejO0GyKDxwqx5Kt+RjgxTlnHY2phpLG2nXYQtnD6SxyoQZ5/
G8AcxcN3lD02uC44esusEJGsEzOTd8rsluFF7kBFChGvt1m+hroa/QPsS15/DySf
jlqkbhHaaFa1r1GHmVLnCUhu7mE=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:57:36:7e:2c:71:3a:58:d9:58:83:7f:8c:1f:66:21:38:9d:41:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Mar 1 12:00:00 2015 GMT
Not After : Sep 1 12:00:00 2015 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:f3:7c:09:dc:05:78:96:43:d9:a5:90:a3:1d:
a4:d8:2e:f6:2d:c4:4e:8d:ee:37:1d:30:28:44:f6:
50:f9:99:12:c4:b6:be:44:0f:07:48:22:67:d1:60:
42:60:2a:27:62:15:d2:d1:2e:9a:16:02:4e:fb:44:
37:8c:ba:7a:7d:72:af:55:cf:d6:f5:7c:1f:b3:dd:
fa:b8:57:e4:78:72:72:90:f5:85:cb:c3:7e:8d:1f:
89:1f:50:43:ff:53:e4:a7:ff:65:b7:af:da:bd:b1:
80:77:0d:d5:a2:e3:59:35:97:d0:fc:39:26:b5:9a:
af:3c:7c:ac:5a:05:af:ca:98:40:3f:20:1c:ae:3c:
b2:35:e7:52:ff:01:aa:83:1a:67:aa:77:83:67:2e:
95:6e:79:49:e8:28:dd:74:82:b2:c0:17:81:9e:f7:
2a:1d:c2:14:7c:2a:10:b4:16:19:e1:59:10:48:36:
35:c8:f9:bc:35:36:91:2d:c9:81:a4:18:b4:2f:ff:
79:6d:32:ca:23:52:c0:d3:39:2c:7e:c2:a1:99:53:
9d:ee:1e:50:4b:5d:af:f3:ca:df:39:6b:dc:54:24:
0c:14:7b:3e:f7:f8:5e:b8:af:ea:67:68:4b:08:1f:
25:5b:14:ff:31:e7:7d:50:c7:15:b2:53:2a:a3:5a:
a5:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:43:36:2F:89:32:3C:1F:45:05:00:D1:48:B6:8F:03:7A:01:52:38
X509v3 Authority Key Identifier:
keyid:5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
b0:33:01:a0:4a:ee:23:13:a3:e6:93:bc:54:f6:18:0d:e9:1f:
71:f9:0d:3a:c0:8a:63:9b:66:d0:35:34:97:38:a9:32:fa:ef:
b0:c5:6b:b5:ea:6c:2e:db:bb:2d:2d:d1:5b:74:71:e3:17:a5:
ef:a3:4d:64:8f:98:b4:f4:e0:9e:3e:ad:f2:ac:a7:5d:1a:b4:
09:68:54:4b:ef:c7:a1:3a:8f:3e:5f:13:21:04:f9:ed:8d:31:
43:f2:1f:f2:87:d4:22:c9:70:9d:f4:a6:0c:ad:f5:27:49:59:
e9:95:41:d9:58:38:4c:c4:f9:6a:77:e0:15:a6:4c:6b:17:1e:
25:b3:10:c3:0b:cd:47:d0:db:86:62:7b:50:e4:d5:54:e7:d3:
89:82:8e:f2:c7:a5:57:00:7d:b3:1d:b4:ed:c7:4c:50:dd:a3:
56:74:cc:15:30:fc:a9:c9:39:18:39:75:3a:ec:1f:28:1e:e3:
ba:01:de:98:e8:e9:fe:8b:16:99:c7:67:93:c9:c2:40:48:0f:
c6:e2:ba:51:0b:03:18:21:41:56:cc:ea:40:0e:b5:9d:8e:d6:
f8:01:df:0d:97:f2:8b:cc:54:e5:eb:46:59:19:4d:a3:f3:3a:
ce:3e:c7:f5:46:77:d7:41:c7:1b:4d:fd:58:27:4d:c7:32:ed:
33:88:44:b3
-----BEGIN CERTIFICATE-----
MIIDgDCCAmigAwIBAgIUOFc2fixxOljZWIN/jB9mITidQYMwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAzMDExMjAwMDBaFw0xNTA5MDExMjAw
MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMLzfAncBXiWQ9mlkKMdpNgu9i3ETo3uNx0wKET2UPmZEsS2
vkQPB0giZ9FgQmAqJ2IV0tEumhYCTvtEN4y6en1yr1XP1vV8H7Pd+rhX5HhycpD1
hcvDfo0fiR9QQ/9T5Kf/Zbev2r2xgHcN1aLjWTWX0Pw5JrWarzx8rFoFr8qYQD8g
HK48sjXnUv8BqoMaZ6p3g2culW55Sego3XSCssAXgZ73Kh3CFHwqELQWGeFZEEg2
Ncj5vDU2kS3JgaQYtC//eW0yyiNSwNM5LH7CoZlTne4eUEtdr/PK3zlr3FQkDBR7
Pvf4Xriv6mdoSwgfJVsU/zHnfVDHFbJTKqNapcMCAwEAAaOByzCByDAdBgNVHQ4E
FgQUckM2L4kyPB9FBQDRSLaPA3oBUjgwHwYDVR0jBBgwFoAUWivrfHsUq387WOzs
IV6l6+H0T18wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
MA0GCSqGSIb3DQEBCwUAA4IBAQCwMwGgSu4jE6Pmk7xU9hgN6R9x+Q06wIpjm2bQ
NTSXOKky+u+wxWu16mwu27stLdFbdHHjF6Xvo01kj5i09OCePq3yrKddGrQJaFRL
78ehOo8+XxMhBPntjTFD8h/yh9QiyXCd9KYMrfUnSVnplUHZWDhMxPlqd+AVpkxr
Fx4lsxDDC81H0NuGYntQ5NVU59OJgo7yx6VXAH2zHbTtx0xQ3aNWdMwVMPypyTkY
OXU67B8oHuO6Ad6Y6On+ixaZx2eTycJASA/G4rpRCwMYIUFWzOpADrWdjtb4Ad8N
l/KLzFTl60ZZGU2j8zrOPsf1RnfXQccbTf1YJ03HMu0ziESz
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:57:36:7e:2c:71:3a:58:d9:58:83:7f:8c:1f:66:21:38:9d:41:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:99:c3:5a:ac:ee:dd:88:55:9e:e4:3b:02:e9:
99:bf:7e:7c:20:2e:ad:35:96:06:74:f8:06:62:6c:
30:55:b5:16:f9:e2:db:99:65:f8:b7:58:00:01:70:
3f:7c:23:ff:a7:39:4b:3a:d8:f7:72:65:3e:fd:66:
c0:69:43:cc:85:22:3b:d7:22:5d:1f:aa:d4:39:83:
58:08:cd:e3:c1:8b:f1:77:4a:92:6a:5c:83:df:1b:
59:dd:b5:92:fd:b0:6a:b0:29:a6:13:7e:2b:0e:cb:
a7:0e:30:c4:b6:2f:f7:1b:e3:ce:3c:38:2c:18:bd:
0c:21:dd:e1:dd:2a:18:77:94:31:12:89:0a:ee:80:
30:98:2f:3a:fc:72:75:9c:f1:fb:39:31:c7:ac:63:
24:d4:11:40:86:49:e4:72:ce:b9:df:f3:51:bd:d7:
f2:7b:49:cd:97:65:4a:8f:65:c0:87:61:99:9c:86:
c9:96:95:fc:bc:d2:c4:c2:cc:82:c4:1b:3d:18:ba:
dd:13:1c:80:cf:9a:34:e7:44:90:29:c5:e5:f9:53:
2f:20:e2:1c:95:ff:01:bb:ea:89:d1:47:59:fd:5a:
44:75:58:df:42:29:bc:50:89:bc:1d:6c:e3:35:f8:
85:ce:57:c4:c5:47:58:37:5d:1f:1b:03:66:61:0d:
2f:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F
X509v3 Authority Key Identifier:
keyid:5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
26:d5:ba:c9:fb:e4:0d:75:44:79:16:26:33:6c:08:5d:67:60:
19:ef:e0:6d:49:72:30:4a:f1:88:b9:51:bc:c5:e4:e6:10:6c:
ce:0c:6b:37:b7:a7:d3:d9:03:41:7f:4e:e7:a0:4a:ec:52:af:
35:10:03:90:a2:84:4f:9a:b7:c3:d3:f4:f0:14:f8:23:f5:b2:
1c:55:b8:8f:6a:fd:9b:05:60:b8:48:95:e3:9b:15:99:f8:98:
2f:1d:cd:89:ae:91:b5:3b:4b:22:29:44:d2:76:0d:1c:0a:e5:
9d:98:8f:6e:c1:d4:8b:fb:b3:aa:9d:7f:56:cb:a4:9a:27:9a:
e3:52:50:82:01:fe:8f:ba:dc:fb:f5:7e:d0:ce:07:4b:5e:91:
fa:41:21:9f:a6:15:e0:01:0d:7b:c5:53:07:f5:3d:63:89:87:
b4:a9:a2:9a:49:f7:26:64:6e:1b:9a:ce:95:e9:51:98:31:25:
ea:cb:c8:dd:6a:3f:af:32:78:22:27:32:b7:61:64:c5:6c:b7:
96:77:1c:ec:14:93:2d:14:e5:53:9d:d9:db:09:61:bf:7f:bf:
cd:d4:d3:09:03:8a:20:0a:b6:19:40:a2:58:8d:e9:65:54:56:
ca:6a:13:f3:e1:cf:da:e3:f9:eb:49:52:cf:89:2e:52:1d:ee:
64:1e:40:91
-----BEGIN CERTIFICATE-----
MIIDeDCCAmCgAwIBAgIUOFc2fixxOljZWIN/jB9mITidQYIwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw
MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDFmcNarO7diFWe5DsC6Zm/fnwgLq01lgZ0+AZibDBVtRb54tuZZfi3WAAB
cD98I/+nOUs62PdyZT79ZsBpQ8yFIjvXIl0fqtQ5g1gIzePBi/F3SpJqXIPfG1nd
tZL9sGqwKaYTfisOy6cOMMS2L/cb4848OCwYvQwh3eHdKhh3lDESiQrugDCYLzr8
cnWc8fs5McesYyTUEUCGSeRyzrnf81G91/J7Sc2XZUqPZcCHYZmchsmWlfy80sTC
zILEGz0Yut0THIDPmjTnRJApxeX5Uy8g4hyV/wG76onRR1n9WkR1WN9CKbxQibwd
bOM1+IXOV8TFR1g3XR8bA2ZhDS95AgMBAAGjgcswgcgwHQYDVR0OBBYEFFor63x7
FKt/O1js7CFepevh9E9fMB8GA1UdIwQYMBaAFFor63x7FKt/O1js7CFepevh9E9f
MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
9w0BAQsFAAOCAQEAJtW6yfvkDXVEeRYmM2wIXWdgGe/gbUlyMErxiLlRvMXk5hBs
zgxrN7en09kDQX9O56BK7FKvNRADkKKET5q3w9P08BT4I/WyHFW4j2r9mwVguEiV
45sVmfiYLx3Nia6RtTtLIilE0nYNHArlnZiPbsHUi/uzqp1/Vsukmiea41JQggH+
j7rc+/V+0M4HS16R+kEhn6YV4AENe8VTB/U9Y4mHtKmimkn3JmRuG5rOlelRmDEl
6svI3Wo/rzJ4Iicyt2FkxWy3lncc7BSTLRTlU53Z2wlhv3+/zdTTCQOKIAq2GUCi
WI3pZVRWymoT8+HP2uP560lSz4kuUh3uZB5AkQ==
-----END CERTIFICATE-----