| [Created by: generate-chains.py] |
| |
| Certificate chain where the intermediate has a smaller validity range |
| than the other certificates, making it easy to violate just its validity. |
| |
| Root: 2015/01/01 -> 2016/01/01 |
| Intermediate: 2015/03/01 -> 2015/09/01 |
| Target: 2015/01/01 -> 2016/01/01 |
| |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 73:60:af:38:91:cf:45:20:b2:11:f8:2c:36:b2:3d:e8:ed:26:6b:7c |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| RSA Public-Key: (2048 bit) |
| Modulus: |
| 00:e5:5d:52:78:e5:9d:90:f8:e6:89:33:f2:76:2f: |
| 04:9f:a8:f1:db:92:f1:b3:43:19:a3:7c:1f:a1:46: |
| 2f:aa:b4:48:fe:f2:35:cd:2d:61:76:e7:5c:52:c9: |
| 7b:d6:90:3a:91:11:44:a8:bd:39:d4:5d:10:e0:17: |
| 71:03:b9:e2:a5:fb:08:15:d2:50:dd:4d:67:ed:9c: |
| a9:9b:3e:bd:3a:91:57:49:53:73:8b:2b:3e:c0:e4: |
| aa:c9:c2:68:31:82:b4:0e:40:a9:e7:d1:c4:f6:5b: |
| 48:3d:88:74:1f:43:2e:f8:b3:66:d8:41:b4:0b:6a: |
| 21:38:05:65:05:99:8f:84:75:07:57:3a:1b:7b:2d: |
| 21:0a:fc:7a:22:d9:d3:89:43:0c:1a:18:f9:92:d9: |
| 42:0f:86:d8:28:d2:b4:ca:28:9a:85:29:1b:0a:d7: |
| 01:3b:bd:cb:83:36:a0:d3:d3:4c:5a:54:06:a0:a0: |
| c6:51:12:33:00:5f:85:2e:0a:b5:63:2e:e0:f3:95: |
| 03:f9:d8:17:24:19:85:a1:23:cc:45:ea:2f:2e:89: |
| 3c:05:52:f0:69:95:0e:fc:71:1a:8f:2c:90:54:6f: |
| 14:46:33:99:bd:8b:a7:5e:0b:ad:ad:00:4f:78:8b: |
| 69:36:a5:38:43:63:f4:6f:f1:a8:f6:21:22:38:56: |
| 9f:7b |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 6E:07:CA:2E:D6:33:0C:B0:73:89:52:A6:81:9F:EA:5A:7D:58:36:E5 |
| X509v3 Authority Key Identifier: |
| keyid:72:43:36:2F:89:32:3C:1F:45:05:00:D1:48:B6:8F:03:7A:01:52:38 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| Signature Algorithm: sha256WithRSAEncryption |
| 14:34:ce:62:08:64:36:8e:3c:83:a8:5a:e9:42:34:8a:bf:29: |
| c6:98:10:f5:11:cb:e6:dd:09:a9:61:77:ef:62:d3:35:ba:3d: |
| 7b:f1:77:1a:c0:c2:05:b8:05:6a:f0:2d:82:a4:a5:58:ae:e4: |
| bc:86:d4:19:68:9b:61:1a:2b:3b:d8:f1:c4:fa:ce:75:ea:0e: |
| f8:79:00:0d:1c:42:28:de:2b:fb:d6:2c:55:25:d1:f9:91:ce: |
| fd:3b:8e:20:03:c1:46:a8:3f:06:c2:f6:31:70:f4:0e:ac:e5: |
| d3:7e:35:2a:33:b7:85:49:b5:90:34:86:fb:91:f8:a2:f9:96: |
| cb:6e:0b:22:7f:0e:10:d1:6b:ef:f8:50:51:6e:1b:4a:cd:ea: |
| a2:13:6c:f6:31:3e:fb:53:7a:33:b4:1b:22:83:c7:0a:b1:e4: |
| ab:7e:46:38:31:4e:59:c7:63:6a:61:a4:b1:b6:9d:76:10:b6: |
| 70:fa:4b:1c:a8:41:9e:7f:1b:c0:1c:c5:c3:77:94:3d:36:b8: |
| 2e:38:7a:cb:ac:10:91:ac:13:33:93:77:ca:ec:96:e1:45:ee: |
| 40:45:0a:11:af:b7:59:be:86:ba:1a:fd:03:ec:4b:5e:7f:0f: |
| 24:9f:8e:5a:a4:6e:11:da:68:56:b5:af:51:87:99:52:e7:09: |
| 48:6e:ee:61 |
| -----BEGIN CERTIFICATE----- |
| MIIDoDCCAoigAwIBAgIUc2CvOJHPRSCyEfgsNrI96O0ma3wwDQYJKoZIhvcNAQEL |
| BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2 |
| MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF |
| AAOCAQ8AMIIBCgKCAQEA5V1SeOWdkPjmiTPydi8En6jx25Lxs0MZo3wfoUYvqrRI |
| /vI1zS1hdudcUsl71pA6kRFEqL051F0Q4BdxA7nipfsIFdJQ3U1n7Zypmz69OpFX |
| SVNziys+wOSqycJoMYK0DkCp59HE9ltIPYh0H0Mu+LNm2EG0C2ohOAVlBZmPhHUH |
| Vzobey0hCvx6ItnTiUMMGhj5ktlCD4bYKNK0yiiahSkbCtcBO73Lgzag09NMWlQG |
| oKDGURIzAF+FLgq1Yy7g85UD+dgXJBmFoSPMReovLok8BVLwaZUO/HEajyyQVG8U |
| RjOZvYunXgutrQBPeItpNqU4Q2P0b/Go9iEiOFafewIDAQABo4HpMIHmMB0GA1Ud |
| DgQWBBRuB8ou1jMMsHOJUqaBn+pafVg25TAfBgNVHSMEGDAWgBRyQzYviTI8H0UF |
| ANFIto8DegFSODA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 |
| cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 |
| dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF |
| oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD |
| ggEBABQ0zmIIZDaOPIOoWulCNIq/KcaYEPURy+bdCalhd+9i0zW6PXvxdxrAwgW4 |
| BWrwLYKkpViu5LyG1Blom2EaKzvY8cT6znXqDvh5AA0cQijeK/vWLFUl0fmRzv07 |
| jiADwUaoPwbC9jFw9A6s5dN+NSozt4VJtZA0hvuR+KL5lstuCyJ/DhDRa+/4UFFu |
| G0rN6qITbPYxPvtTejO0GyKDxwqx5Kt+RjgxTlnHY2phpLG2nXYQtnD6SxyoQZ5/ |
| G8AcxcN3lD02uC44esusEJGsEzOTd8rsluFF7kBFChGvt1m+hroa/QPsS15/DySf |
| jlqkbhHaaFa1r1GHmVLnCUhu7mE= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 38:57:36:7e:2c:71:3a:58:d9:58:83:7f:8c:1f:66:21:38:9d:41:83 |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Mar 1 12:00:00 2015 GMT |
| Not After : Sep 1 12:00:00 2015 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| RSA Public-Key: (2048 bit) |
| Modulus: |
| 00:c2:f3:7c:09:dc:05:78:96:43:d9:a5:90:a3:1d: |
| a4:d8:2e:f6:2d:c4:4e:8d:ee:37:1d:30:28:44:f6: |
| 50:f9:99:12:c4:b6:be:44:0f:07:48:22:67:d1:60: |
| 42:60:2a:27:62:15:d2:d1:2e:9a:16:02:4e:fb:44: |
| 37:8c:ba:7a:7d:72:af:55:cf:d6:f5:7c:1f:b3:dd: |
| fa:b8:57:e4:78:72:72:90:f5:85:cb:c3:7e:8d:1f: |
| 89:1f:50:43:ff:53:e4:a7:ff:65:b7:af:da:bd:b1: |
| 80:77:0d:d5:a2:e3:59:35:97:d0:fc:39:26:b5:9a: |
| af:3c:7c:ac:5a:05:af:ca:98:40:3f:20:1c:ae:3c: |
| b2:35:e7:52:ff:01:aa:83:1a:67:aa:77:83:67:2e: |
| 95:6e:79:49:e8:28:dd:74:82:b2:c0:17:81:9e:f7: |
| 2a:1d:c2:14:7c:2a:10:b4:16:19:e1:59:10:48:36: |
| 35:c8:f9:bc:35:36:91:2d:c9:81:a4:18:b4:2f:ff: |
| 79:6d:32:ca:23:52:c0:d3:39:2c:7e:c2:a1:99:53: |
| 9d:ee:1e:50:4b:5d:af:f3:ca:df:39:6b:dc:54:24: |
| 0c:14:7b:3e:f7:f8:5e:b8:af:ea:67:68:4b:08:1f: |
| 25:5b:14:ff:31:e7:7d:50:c7:15:b2:53:2a:a3:5a: |
| a5:c3 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 72:43:36:2F:89:32:3C:1F:45:05:00:D1:48:B6:8F:03:7A:01:52:38 |
| X509v3 Authority Key Identifier: |
| keyid:5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| b0:33:01:a0:4a:ee:23:13:a3:e6:93:bc:54:f6:18:0d:e9:1f: |
| 71:f9:0d:3a:c0:8a:63:9b:66:d0:35:34:97:38:a9:32:fa:ef: |
| b0:c5:6b:b5:ea:6c:2e:db:bb:2d:2d:d1:5b:74:71:e3:17:a5: |
| ef:a3:4d:64:8f:98:b4:f4:e0:9e:3e:ad:f2:ac:a7:5d:1a:b4: |
| 09:68:54:4b:ef:c7:a1:3a:8f:3e:5f:13:21:04:f9:ed:8d:31: |
| 43:f2:1f:f2:87:d4:22:c9:70:9d:f4:a6:0c:ad:f5:27:49:59: |
| e9:95:41:d9:58:38:4c:c4:f9:6a:77:e0:15:a6:4c:6b:17:1e: |
| 25:b3:10:c3:0b:cd:47:d0:db:86:62:7b:50:e4:d5:54:e7:d3: |
| 89:82:8e:f2:c7:a5:57:00:7d:b3:1d:b4:ed:c7:4c:50:dd:a3: |
| 56:74:cc:15:30:fc:a9:c9:39:18:39:75:3a:ec:1f:28:1e:e3: |
| ba:01:de:98:e8:e9:fe:8b:16:99:c7:67:93:c9:c2:40:48:0f: |
| c6:e2:ba:51:0b:03:18:21:41:56:cc:ea:40:0e:b5:9d:8e:d6: |
| f8:01:df:0d:97:f2:8b:cc:54:e5:eb:46:59:19:4d:a3:f3:3a: |
| ce:3e:c7:f5:46:77:d7:41:c7:1b:4d:fd:58:27:4d:c7:32:ed: |
| 33:88:44:b3 |
| -----BEGIN CERTIFICATE----- |
| MIIDgDCCAmigAwIBAgIUOFc2fixxOljZWIN/jB9mITidQYMwDQYJKoZIhvcNAQEL |
| BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAzMDExMjAwMDBaFw0xNTA5MDExMjAw |
| MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD |
| ggEPADCCAQoCggEBAMLzfAncBXiWQ9mlkKMdpNgu9i3ETo3uNx0wKET2UPmZEsS2 |
| vkQPB0giZ9FgQmAqJ2IV0tEumhYCTvtEN4y6en1yr1XP1vV8H7Pd+rhX5HhycpD1 |
| hcvDfo0fiR9QQ/9T5Kf/Zbev2r2xgHcN1aLjWTWX0Pw5JrWarzx8rFoFr8qYQD8g |
| HK48sjXnUv8BqoMaZ6p3g2culW55Sego3XSCssAXgZ73Kh3CFHwqELQWGeFZEEg2 |
| Ncj5vDU2kS3JgaQYtC//eW0yyiNSwNM5LH7CoZlTne4eUEtdr/PK3zlr3FQkDBR7 |
| Pvf4Xriv6mdoSwgfJVsU/zHnfVDHFbJTKqNapcMCAwEAAaOByzCByDAdBgNVHQ4E |
| FgQUckM2L4kyPB9FBQDRSLaPA3oBUjgwHwYDVR0jBBgwFoAUWivrfHsUq387WOzs |
| IV6l6+H0T18wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs |
| LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m |
| b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ |
| MA0GCSqGSIb3DQEBCwUAA4IBAQCwMwGgSu4jE6Pmk7xU9hgN6R9x+Q06wIpjm2bQ |
| NTSXOKky+u+wxWu16mwu27stLdFbdHHjF6Xvo01kj5i09OCePq3yrKddGrQJaFRL |
| 78ehOo8+XxMhBPntjTFD8h/yh9QiyXCd9KYMrfUnSVnplUHZWDhMxPlqd+AVpkxr |
| Fx4lsxDDC81H0NuGYntQ5NVU59OJgo7yx6VXAH2zHbTtx0xQ3aNWdMwVMPypyTkY |
| OXU67B8oHuO6Ad6Y6On+ixaZx2eTycJASA/G4rpRCwMYIUFWzOpADrWdjtb4Ad8N |
| l/KLzFTl60ZZGU2j8zrOPsf1RnfXQccbTf1YJ03HMu0ziESz |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: |
| 38:57:36:7e:2c:71:3a:58:d9:58:83:7f:8c:1f:66:21:38:9d:41:82 |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| RSA Public-Key: (2048 bit) |
| Modulus: |
| 00:c5:99:c3:5a:ac:ee:dd:88:55:9e:e4:3b:02:e9: |
| 99:bf:7e:7c:20:2e:ad:35:96:06:74:f8:06:62:6c: |
| 30:55:b5:16:f9:e2:db:99:65:f8:b7:58:00:01:70: |
| 3f:7c:23:ff:a7:39:4b:3a:d8:f7:72:65:3e:fd:66: |
| c0:69:43:cc:85:22:3b:d7:22:5d:1f:aa:d4:39:83: |
| 58:08:cd:e3:c1:8b:f1:77:4a:92:6a:5c:83:df:1b: |
| 59:dd:b5:92:fd:b0:6a:b0:29:a6:13:7e:2b:0e:cb: |
| a7:0e:30:c4:b6:2f:f7:1b:e3:ce:3c:38:2c:18:bd: |
| 0c:21:dd:e1:dd:2a:18:77:94:31:12:89:0a:ee:80: |
| 30:98:2f:3a:fc:72:75:9c:f1:fb:39:31:c7:ac:63: |
| 24:d4:11:40:86:49:e4:72:ce:b9:df:f3:51:bd:d7: |
| f2:7b:49:cd:97:65:4a:8f:65:c0:87:61:99:9c:86: |
| c9:96:95:fc:bc:d2:c4:c2:cc:82:c4:1b:3d:18:ba: |
| dd:13:1c:80:cf:9a:34:e7:44:90:29:c5:e5:f9:53: |
| 2f:20:e2:1c:95:ff:01:bb:ea:89:d1:47:59:fd:5a: |
| 44:75:58:df:42:29:bc:50:89:bc:1d:6c:e3:35:f8: |
| 85:ce:57:c4:c5:47:58:37:5d:1f:1b:03:66:61:0d: |
| 2f:79 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F |
| X509v3 Authority Key Identifier: |
| keyid:5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 26:d5:ba:c9:fb:e4:0d:75:44:79:16:26:33:6c:08:5d:67:60: |
| 19:ef:e0:6d:49:72:30:4a:f1:88:b9:51:bc:c5:e4:e6:10:6c: |
| ce:0c:6b:37:b7:a7:d3:d9:03:41:7f:4e:e7:a0:4a:ec:52:af: |
| 35:10:03:90:a2:84:4f:9a:b7:c3:d3:f4:f0:14:f8:23:f5:b2: |
| 1c:55:b8:8f:6a:fd:9b:05:60:b8:48:95:e3:9b:15:99:f8:98: |
| 2f:1d:cd:89:ae:91:b5:3b:4b:22:29:44:d2:76:0d:1c:0a:e5: |
| 9d:98:8f:6e:c1:d4:8b:fb:b3:aa:9d:7f:56:cb:a4:9a:27:9a: |
| e3:52:50:82:01:fe:8f:ba:dc:fb:f5:7e:d0:ce:07:4b:5e:91: |
| fa:41:21:9f:a6:15:e0:01:0d:7b:c5:53:07:f5:3d:63:89:87: |
| b4:a9:a2:9a:49:f7:26:64:6e:1b:9a:ce:95:e9:51:98:31:25: |
| ea:cb:c8:dd:6a:3f:af:32:78:22:27:32:b7:61:64:c5:6c:b7: |
| 96:77:1c:ec:14:93:2d:14:e5:53:9d:d9:db:09:61:bf:7f:bf: |
| cd:d4:d3:09:03:8a:20:0a:b6:19:40:a2:58:8d:e9:65:54:56: |
| ca:6a:13:f3:e1:cf:da:e3:f9:eb:49:52:cf:89:2e:52:1d:ee: |
| 64:1e:40:91 |
| -----BEGIN CERTIFICATE----- |
| MIIDeDCCAmCgAwIBAgIUOFc2fixxOljZWIN/jB9mITidQYIwDQYJKoZIhvcNAQEL |
| BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw |
| MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK |
| AoIBAQDFmcNarO7diFWe5DsC6Zm/fnwgLq01lgZ0+AZibDBVtRb54tuZZfi3WAAB |
| cD98I/+nOUs62PdyZT79ZsBpQ8yFIjvXIl0fqtQ5g1gIzePBi/F3SpJqXIPfG1nd |
| tZL9sGqwKaYTfisOy6cOMMS2L/cb4848OCwYvQwh3eHdKhh3lDESiQrugDCYLzr8 |
| cnWc8fs5McesYyTUEUCGSeRyzrnf81G91/J7Sc2XZUqPZcCHYZmchsmWlfy80sTC |
| zILEGz0Yut0THIDPmjTnRJApxeX5Uy8g4hyV/wG76onRR1n9WkR1WN9CKbxQibwd |
| bOM1+IXOV8TFR1g3XR8bA2ZhDS95AgMBAAGjgcswgcgwHQYDVR0OBBYEFFor63x7 |
| FKt/O1js7CFepevh9E9fMB8GA1UdIwQYMBaAFFor63x7FKt/O1js7CFepevh9E9f |
| MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh |
| L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S |
| b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG |
| 9w0BAQsFAAOCAQEAJtW6yfvkDXVEeRYmM2wIXWdgGe/gbUlyMErxiLlRvMXk5hBs |
| zgxrN7en09kDQX9O56BK7FKvNRADkKKET5q3w9P08BT4I/WyHFW4j2r9mwVguEiV |
| 45sVmfiYLx3Nia6RtTtLIilE0nYNHArlnZiPbsHUi/uzqp1/Vsukmiea41JQggH+ |
| j7rc+/V+0M4HS16R+kEhn6YV4AENe8VTB/U9Y4mHtKmimkn3JmRuG5rOlelRmDEl |
| 6svI3Wo/rzJ4Iicyt2FkxWy3lncc7BSTLRTlU53Z2wlhv3+/zdTTCQOKIAq2GUCi |
| WI3pZVRWymoT8+HP2uP560lSz4kuUh3uZB5AkQ== |
| -----END CERTIFICATE----- |