blob: dd92e8517f6d966c2843251569e0f74afceeebe1 [file] [log] [blame]
[Created by: generate-chains.py]
Certificate chain where the intermediate restricts the extended key usage to
clientAuth + any, and the target sets serverAuth + clientAuth.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:19:5d:e8:71:6f:db:08:2d:79:97:74:46:0c:ac:d5:3d:49:b8:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:2e:8b:18:8d:f7:76:2c:94:0c:3f:a0:b6:ea:
70:1f:5e:c8:48:c5:aa:ad:55:6b:bd:55:68:0d:8e:
ce:e5:99:27:c5:2c:b2:9a:29:a9:8f:8e:c3:c6:97:
89:6d:31:d7:a4:8f:d8:36:37:4f:33:c7:d6:42:03:
11:08:c4:7f:35:8c:ee:0f:1b:7a:31:74:04:aa:01:
d3:1e:8b:5b:01:9d:60:4b:9c:d1:8f:1e:ab:e5:dc:
8f:17:77:49:e3:f6:d5:82:a5:2f:0a:e8:dc:9f:96:
1e:2a:a1:41:d1:67:2c:9e:f3:7f:94:0c:6e:cf:5f:
55:52:37:05:d0:39:37:1a:6e:11:ed:db:fa:aa:92:
a7:4f:50:29:07:69:af:1d:a7:99:fa:e1:56:f0:03:
38:b0:ae:6b:e7:19:0b:dd:c3:07:31:8e:84:04:a5:
b4:eb:b8:bc:23:f3:40:b0:17:b4:ab:9e:3f:05:96:
89:fc:84:23:cc:d1:06:c2:e4:8b:c6:65:f5:24:eb:
72:31:bc:41:7d:3a:c9:55:08:0c:ee:a6:ae:1f:78:
17:f8:a7:9d:7b:b1:82:f5:ce:82:6b:a8:b2:c6:8a:
b9:be:a5:d8:39:f4:49:e2:4c:53:32:85:26:53:4d:
44:ce:d5:3b:a0:6b:e7:d9:02:a1:5a:ef:e1:a5:81:
a7:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:B0:1C:BD:B7:68:B8:D1:B9:8A:C2:9F:5D:CF:DD:AF:F2:62:70:8A
X509v3 Authority Key Identifier:
keyid:EE:C6:9A:65:CC:FB:CE:A0:3E:17:02:F9:68:12:86:B6:22:09:60:B4
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
7d:52:94:c4:f5:ef:51:88:eb:38:95:e1:ca:72:b3:12:9f:3f:
92:8f:32:0d:cb:45:0d:13:f1:7b:72:27:36:e3:d8:e8:d0:1b:
bf:47:f0:d9:81:83:bf:ea:14:b2:b3:58:91:c1:71:b8:00:d2:
1b:28:90:a3:8e:d0:9f:0e:01:7e:0a:f9:17:a2:14:ea:cc:8f:
2e:bd:28:7d:1f:1a:91:1e:36:f9:6f:01:5c:c9:3b:e8:83:76:
46:db:7a:f9:81:3c:85:cb:50:40:f1:f8:cb:c1:f8:cb:be:4f:
84:3c:76:fa:1d:92:4a:b6:72:d2:ef:e0:4e:d9:13:be:8c:c8:
3f:e5:0f:33:de:94:65:f7:2f:bc:57:86:0b:dc:a3:83:1d:7a:
41:70:fa:7b:57:b7:d9:63:f9:14:9b:8d:c2:65:71:e6:27:94:
06:6a:68:7a:88:69:13:34:ae:29:46:61:dc:64:44:de:f8:a2:
ad:fb:69:7d:e3:bc:5c:2f:45:c1:68:ff:8d:d8:b9:51:91:f3:
12:6f:fd:2a:1f:90:05:21:08:19:5e:79:06:9d:2c:d7:ea:86:
08:fd:94:70:e4:cc:1d:b9:ef:6d:fc:bd:9b:21:42:e6:84:9f:
c2:3e:6b:18:36:8c:ea:ff:8e:24:1b:e0:b1:05:09:d5:e8:93:
cd:fd:b0:51
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIUDxld6HFv2wgteZd0Rgys1T1JuLIwDQYJKoZIhvcNAQEL
BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAri6LGI33diyUDD+gtupwH17ISMWqrVVrvVVoDY7O5Zkn
xSyymimpj47DxpeJbTHXpI/YNjdPM8fWQgMRCMR/NYzuDxt6MXQEqgHTHotbAZ1g
S5zRjx6r5dyPF3dJ4/bVgqUvCujcn5YeKqFB0WcsnvN/lAxuz19VUjcF0Dk3Gm4R
7dv6qpKnT1ApB2mvHaeZ+uFW8AM4sK5r5xkL3cMHMY6EBKW067i8I/NAsBe0q54/
BZaJ/IQjzNEGwuSLxmX1JOtyMbxBfTrJVQgM7qauH3gX+Kede7GC9c6Ca6iyxoq5
vqXYOfRJ4kxTMoUmU01EztU7oGvn2QKhWu/hpYGn+wIDAQABo4HpMIHmMB0GA1Ud
DgQWBBTrsBy9t2i40bmKwp9dz92v8mJwijAfBgNVHSMEGDAWgBTuxpplzPvOoD4X
AvloEoa2IglgtDA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD
ggEBAH1SlMT171GI6ziV4cpysxKfP5KPMg3LRQ0T8XtyJzbj2OjQG79H8NmBg7/q
FLKzWJHBcbgA0hsokKOO0J8OAX4K+ReiFOrMjy69KH0fGpEeNvlvAVzJO+iDdkbb
evmBPIXLUEDx+MvB+Mu+T4Q8dvodkkq2ctLv4E7ZE76MyD/lDzPelGX3L7xXhgvc
o4MdekFw+ntXt9lj+RSbjcJlceYnlAZqaHqIaRM0rilGYdxkRN74oq37aX3jvFwv
RcFo/43YuVGR8xJv/SofkAUhCBleeQadLNfqhgj9lHDkzB257238vZshQuaEn8I+
axg2jOr/jiQb4LEFCdXok839sFE=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:f0:bc:f5:46:4d:72:4b:8a:5f:7a:8d:54:e1:d7:60:ae:dd:08:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:41:40:6f:cb:25:05:d9:29:d0:a3:c7:fe:2f:
f0:53:ad:46:36:19:aa:b1:1f:3f:7a:a2:e0:fb:03:
2b:77:65:6a:79:eb:f3:a3:16:13:34:83:3b:42:de:
a2:bb:e2:bf:d8:d2:75:3d:48:38:86:bb:2a:7d:14:
a3:88:f7:7c:00:f4:0a:6b:6b:aa:9b:44:24:62:fe:
db:a3:42:55:15:67:2a:32:ff:b2:4d:80:93:d0:84:
ef:1b:dc:7c:ac:56:2d:54:08:02:f6:18:6e:b5:80:
a8:77:52:1f:b8:2c:09:6d:cc:f8:1c:04:91:62:6e:
1e:dd:1d:89:b2:f1:23:0b:4d:4c:6c:da:49:3d:61:
83:72:0f:66:36:12:3f:f3:ff:53:52:73:53:a1:ca:
38:bd:c3:48:bf:7a:2f:13:19:d7:c2:28:e1:6f:32:
00:5e:64:ac:4b:05:7a:77:62:57:55:a9:59:83:d5:
ed:a3:2e:28:34:71:79:2f:b9:c3:9e:df:b3:2a:b1:
59:cd:04:00:1d:8b:11:56:ae:c6:67:f6:4f:1d:58:
07:65:e0:b0:2f:ef:57:6d:de:c1:a0:7c:6e:38:a8:
45:26:21:96:e0:f6:ef:0e:28:cf:01:70:57:dc:20:
15:08:ad:e8:e3:98:74:8c:54:32:c1:28:17:e0:de:
a1:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:C6:9A:65:CC:FB:CE:A0:3E:17:02:F9:68:12:86:B6:22:09:60:B4
X509v3 Authority Key Identifier:
keyid:42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Extended Key Usage:
TLS Web Client Authentication, Any Extended Key Usage
Signature Algorithm: sha256WithRSAEncryption
b8:a7:e9:54:83:94:a0:c7:37:16:41:dc:31:79:23:f9:84:53:
05:28:be:08:e0:f4:de:d9:bd:67:70:da:b3:7e:00:30:80:d9:
2c:7f:3d:1e:5f:16:75:40:a0:85:d8:4b:99:63:d7:ca:ac:b6:
88:07:4b:21:9c:97:85:0d:e5:d5:4e:2c:4c:ca:2f:04:fd:39:
52:b9:b7:eb:90:48:d1:2a:ed:a5:fc:e5:0d:d6:e3:8d:30:69:
99:79:cc:8f:17:89:61:d2:6d:d8:58:21:ec:49:80:74:d2:64:
98:97:04:bc:c8:61:ce:13:6a:b7:d7:ac:58:3a:27:3e:d8:c1:
46:d0:f8:ee:e3:1b:0b:2f:ef:6f:e2:8f:34:ab:08:09:69:d2:
62:58:70:84:dd:6c:e1:23:29:38:10:b4:8d:b4:e0:27:34:ad:
12:72:8c:f0:8f:53:6e:c2:ea:b0:7c:29:59:16:39:1a:9e:b7:
10:2d:64:45:9e:8f:79:ec:92:c7:cd:3b:c4:fe:7b:ff:5b:d8:
41:22:e7:e6:23:7d:2f:44:04:57:82:ee:de:ce:5b:20:45:68:
94:08:0b:83:5d:ef:e2:06:6f:3e:8a:d7:ab:58:3f:a6:16:6d:
84:da:f7:dc:a1:ad:a6:24:7e:7e:cf:aa:13:32:f0:92:73:b0:
d9:d6:49:15
-----BEGIN CERTIFICATE-----
MIIDmzCCAoOgAwIBAgIUIvC89UZNckuKX3qNVOHXYK7dCOowDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANFBQG/LJQXZKdCjx/4v8FOtRjYZqrEfP3qi4PsDK3dlannr
86MWEzSDO0Leorviv9jSdT1IOIa7Kn0Uo4j3fAD0CmtrqptEJGL+26NCVRVnKjL/
sk2Ak9CE7xvcfKxWLVQIAvYYbrWAqHdSH7gsCW3M+BwEkWJuHt0dibLxIwtNTGza
ST1hg3IPZjYSP/P/U1JzU6HKOL3DSL96LxMZ18Io4W8yAF5krEsFendiV1WpWYPV
7aMuKDRxeS+5w57fsyqxWc0EAB2LEVauxmf2Tx1YB2XgsC/vV23ewaB8bjioRSYh
luD27w4ozwFwV9wgFQit6OOYdIxUMsEoF+DeoYsCAwEAAaOB5jCB4zAdBgNVHQ4E
FgQU7saaZcz7zqA+FwL5aBKGtiIJYLQwHwYDVR0jBBgwFoAUQnVBNMVZn5mjmxwM
V9tcx8FIt5EwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
MBkGA1UdJQQSMBAGCCsGAQUFBwMCBgRVHSUAMA0GCSqGSIb3DQEBCwUAA4IBAQC4
p+lUg5SgxzcWQdwxeSP5hFMFKL4I4PTe2b1ncNqzfgAwgNksfz0eXxZ1QKCF2EuZ
Y9fKrLaIB0shnJeFDeXVTixMyi8E/TlSubfrkEjRKu2l/OUN1uONMGmZecyPF4lh
0m3YWCHsSYB00mSYlwS8yGHOE2q316xYOic+2MFG0Pju4xsLL+9v4o80qwgJadJi
WHCE3WzhIyk4ELSNtOAnNK0Scozwj1NuwuqwfClZFjkanrcQLWRFno957JLHzTvE
/nv/W9hBIufmI30vRARXgu7ezlsgRWiUCAuDXe/iBm8+iterWD+mFm2E2vfcoa2m
JH5+z6oTMvCSc7DZ1kkV
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:f0:bc:f5:46:4d:72:4b:8a:5f:7a:8d:54:e1:d7:60:ae:dd:08:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:96:66:c7:e7:fd:21:14:ec:df:4a:05:1a:8c:
22:da:8f:3e:b7:8e:ca:a2:de:d7:e3:08:05:cd:28:
1c:da:d4:99:ba:ad:de:92:07:44:18:55:e7:b5:41:
6b:38:64:18:06:ab:6c:b8:ad:3d:b8:4e:c8:fa:8c:
fc:58:2c:2c:a8:42:08:28:b4:85:2a:aa:57:e2:a8:
76:4a:6e:fe:38:2f:d1:14:c6:52:6f:05:a4:89:54:
c2:0f:f0:93:83:09:b7:55:56:94:7b:57:65:87:09:
dd:61:ea:1a:02:3c:24:a5:cc:2d:d3:7c:0a:dc:2e:
67:a2:7f:91:ad:b4:76:76:02:ac:7f:85:5f:61:86:
0c:60:15:a0:82:7f:85:16:f4:10:8d:49:27:e4:33:
58:75:55:6b:5a:ab:c7:d1:bd:3d:a8:3b:68:1b:b4:
de:68:89:c4:87:fe:87:04:d4:52:f3:8f:fa:2e:44:
79:c1:62:46:b7:88:4c:bb:75:61:fd:e6:c5:6a:fb:
a8:3b:ef:a7:e6:1a:1e:44:2d:61:a7:4e:63:5e:66:
b8:f7:85:60:74:8b:ea:20:82:84:84:71:f5:1d:c6:
0c:c2:ee:11:78:01:ae:44:5a:e3:7b:97:2e:01:d0:
18:91:77:01:23:7f:d2:21:73:f4:f3:9a:94:ad:93:
2e:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91
X509v3 Authority Key Identifier:
keyid:42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
24:0b:85:25:5f:aa:41:4f:92:5b:42:99:84:9d:49:cd:6f:0b:
e0:a9:e5:0f:58:f5:9c:77:3c:73:57:76:9f:e5:15:99:44:e6:
3b:b9:33:f6:fd:dd:b9:b5:d7:a0:63:3e:b7:b3:89:52:01:1e:
76:af:d3:c6:86:44:5b:0a:ea:bd:54:25:82:1a:72:f8:48:af:
d6:cd:fe:dd:b0:7c:1b:cf:0b:c3:40:66:32:61:19:98:aa:2f:
64:02:6a:32:f0:eb:eb:f3:ff:1c:fd:2f:94:ae:a5:af:cf:bd:
bf:17:f7:d3:2c:63:ad:99:3b:38:51:ae:d6:c7:4c:07:3c:a6:
a0:8c:ed:79:1d:d8:fe:90:79:53:3e:49:8f:9a:33:89:cb:c2:
44:87:23:43:6f:4e:13:fc:f8:01:6d:11:c5:71:31:36:f8:bf:
d3:ab:9c:7b:21:a5:9a:14:e4:51:c9:53:f8:27:1d:5b:14:91:
d3:76:f8:8b:37:2f:ab:d8:fc:0a:5d:40:28:24:07:f4:53:05:
fa:cd:ae:6c:8f:b7:14:e1:3c:33:70:8e:9d:ff:dc:2b:42:b8:
b2:2d:66:33:c3:f5:05:29:4c:d9:67:cf:7c:68:72:9d:21:54:
9f:75:d0:00:aa:83:20:cb:72:60:0b:28:8e:0c:aa:c0:d4:90:
13:a7:f9:28
-----BEGIN CERTIFICATE-----
MIIDeDCCAmCgAwIBAgIUIvC89UZNckuKX3qNVOHXYK7dCOkwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDDlmbH5/0hFOzfSgUajCLajz63jsqi3tfjCAXNKBza1Jm6rd6SB0QYVee1
QWs4ZBgGq2y4rT24Tsj6jPxYLCyoQggotIUqqlfiqHZKbv44L9EUxlJvBaSJVMIP
8JODCbdVVpR7V2WHCd1h6hoCPCSlzC3TfArcLmeif5GttHZ2Aqx/hV9hhgxgFaCC
f4UW9BCNSSfkM1h1VWtaq8fRvT2oO2gbtN5oicSH/ocE1FLzj/ouRHnBYka3iEy7
dWH95sVq+6g776fmGh5ELWGnTmNeZrj3hWB0i+oggoSEcfUdxgzC7hF4Aa5EWuN7
ly4B0BiRdwEjf9Ihc/TzmpStky6hAgMBAAGjgcswgcgwHQYDVR0OBBYEFEJ1QTTF
WZ+Zo5scDFfbXMfBSLeRMB8GA1UdIwQYMBaAFEJ1QTTFWZ+Zo5scDFfbXMfBSLeR
MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
9w0BAQsFAAOCAQEAJAuFJV+qQU+SW0KZhJ1JzW8L4KnlD1j1nHc8c1d2n+UVmUTm
O7kz9v3dubXXoGM+t7OJUgEedq/TxoZEWwrqvVQlghpy+Eiv1s3+3bB8G88Lw0Bm
MmEZmKovZAJqMvDr6/P/HP0vlK6lr8+9vxf30yxjrZk7OFGu1sdMBzymoIzteR3Y
/pB5Uz5Jj5ozicvCRIcjQ29OE/z4AW0RxXExNvi/06uceyGlmhTkUclT+CcdWxSR
03b4izcvq9j8Cl1AKCQH9FMF+s2ubI+3FOE8M3COnf/cK0K4si1mM8P1BSlM2WfP
fGhynSFUn3XQAKqDIMtyYAsojgyqwNSQE6f5KA==
-----END CERTIFICATE-----