| Signed through an intermediate without the correct key usage |
| |
| $ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) |
| OCSP Response Data: |
| OCSP Response Status: successful (0x0) |
| Response Type: Basic OCSP Response |
| Version: 1 (0x0) |
| Responder Id: CN = Test False OCSP Signer |
| Produced At: Mar 2 00:00:00 2017 GMT |
| Responses: |
| Certificate ID: |
| Hash Algorithm: sha1 |
| Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A |
| Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 |
| Serial Number: 04 |
| Cert Status: good |
| This Update: Mar 1 00:00:00 2017 GMT |
| |
| Signature Algorithm: sha1WithRSAEncryption |
| 99:5b:54:5b:da:7b:f5:e1:1d:50:73:1d:0c:5b:d8:f2:2c:e2: |
| da:91:7d:c6:16:fb:0d:aa:cd:cf:c1:94:7e:1e:42:38:49:5f: |
| d5:26:7c:9a:30:b7:4e:5f:fb:14:2e:a8:f3:67:03:17:5f:c1: |
| c2:ca:af:6b:bf:2a:32:99:3b:51:50:5f:6d:b0:ad:e3:e7:b5: |
| c5:e4:41:73:11:7f:ef:85:35:78:24:91:a3:2c:c0:4e:41:fe: |
| bc:4c:c6:ef:05:ac:22:81:9a:bd:93:89:9f:c5:54:94:db:08: |
| 0f:55:8f:88:13:f9:7d:ac:ae:e8:56:0b:ea:d9:04:25:db:de: |
| 4c:96 |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 3 (0x3) |
| Signature Algorithm: sha1WithRSAEncryption |
| Issuer: CN=Test Intermediate CA |
| Validity |
| Not Before: Jan 1 00:00:00 2017 GMT |
| Not After : Jan 1 00:00:00 2018 GMT |
| Subject: CN=Test False OCSP Signer |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| RSA Public-Key: (1024 bit) |
| Modulus: |
| 00:9d:a4:70:41:77:2a:fa:11:c5:10:ea:13:ef:e4: |
| 1d:9f:7a:ff:89:38:6a:79:61:21:ba:87:65:95:27: |
| 8a:cc:6e:d8:56:e6:a1:e2:2f:61:2f:d1:d0:da:1d: |
| b7:c0:ac:83:b1:a5:e0:45:30:eb:0d:50:ea:55:21: |
| a6:ac:cc:6b:e0:b1:5d:3a:d8:55:b3:fe:4b:a1:2a: |
| 19:c0:e6:b5:24:93:7c:8d:8f:fc:60:4b:fc:90:4c: |
| 40:47:67:51:3d:9f:a5:9d:74:89:40:c7:6a:ec:16: |
| 49:bd:77:71:64:db:40:d2:3b:e3:6f:86:90:33:d1: |
| 60:98:12:29:e1:07:5f:d0:03 |
| Exponent: 65537 (0x10001) |
| Signature Algorithm: sha1WithRSAEncryption |
| 60:5d:f1:ba:17:d5:98:98:99:54:ca:d3:57:b6:2f:01:32:aa: |
| e5:dc:5a:43:1a:48:b6:9c:26:cb:fd:b1:b5:bb:01:17:c5:2e: |
| 62:c1:98:f5:b3:19:8f:5e:1c:b6:7e:d0:d4:f2:d5:6d:75:5c: |
| b1:bb:c1:36:ae:be:37:73:58:72:30:3e:62:96:aa:cf:f1:bc: |
| 3a:12:bf:6c:d8:dc:49:24:80:8a:7c:f0:67:0a:c3:e1:cc:24: |
| 60:92:21:59:3b:7e:ab:87:ba:83:b8:0e:31:e9:23:4c:a4:23: |
| 41:5c:b5:78:60:d5:72:f5:e7:4d:f5:f3:0f:bf:01:ab:1e:83: |
| 86:41 |
| ~~~~~BEGIN CERTIFICATE~~~~~ |
| MIIBuDCCASGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0 |
| IEludGVybWVkaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAw |
| MDAwWjAhMR8wHQYDVQQDDBZUZXN0IEZhbHNlIE9DU1AgU2lnbmVyMIGfMA0GCSqG |
| SIb3DQEBAQUAA4GNADCBiQKBgQCdpHBBdyr6EcUQ6hPv5B2fev+JOGp5YSG6h2WV |
| J4rMbthW5qHiL2Ev0dDaHbfArIOxpeBFMOsNUOpVIaaszGvgsV062FWz/kuhKhnA |
| 5rUkk3yNj/xgS/yQTEBHZ1E9n6WddIlAx2rsFkm9d3Fk20DSO+NvhpAz0WCYEinh |
| B1/QAwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAGBd8boX1ZiYmVTK01e2LwEyquXc |
| WkMaSLacJsv9sbW7ARfFLmLBmPWzGY9eHLZ+0NTy1W11XLG7wTauvjdzWHIwPmKW |
| qs/xvDoSv2zY3EkkgIp88GcKw+HMJGCSIVk7fquHuoO4DjHpI0ykI0FctXhg1XL1 |
| 50318w+/Aaseg4ZB |
| ~~~~~END CERTIFICATE~~~~~ |
| -----BEGIN OCSP RESPONSE----- |
| MIIC/QoBAKCCAvYwggLyBgkrBgEFBQcwAQEEggLjMIIC3zCBh6EjMCExHzAdBgNVBAMMFlRlc3Q |
| gRmFsc2UgT0NTUCBTaWduZXIYDzIwMTcwMzAyMDAwMDAwWjBPME0wODAHBgUrDgMCGgQURJscWz |
| HG6ZkJZlI+ScP3c8AkGQoEFH92WRBlO7VwQSTEHpSu/PlAQxpmAgEEgAAYDzIwMTcwMzAxMDAwM |
| DAwWjALBgkqhkiG9w0BAQUDgYEAmVtUW9p79eEdUHMdDFvY8izi2pF9xhb7DarNz8GUfh5COElf |
| 1SZ8mjC3Tl/7FC6o82cDF1/Bwsqva78qMpk7UVBfbbCt4+e1xeRBcxF/74U1eCSRoyzATkH+vEz |
| G7wWsIoGavZOJn8VUlNsID1WPiBP5fayu6FYL6tkEJdveTJagggHAMIIBvDCCAbgwggEhoAMCAQ |
| ICAQMwDQYJKoZIhvcNAQEFBQAwHzEdMBsGA1UEAwwUVGVzdCBJbnRlcm1lZGlhdGUgQ0EwIhgPM |
| jAxNzAxMDEwMDAwMDBaGA8yMDE4MDEwMTAwMDAwMFowITEfMB0GA1UEAwwWVGVzdCBGYWxzZSBP |
| Q1NQIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnaRwQXcq+hHFEOoT7+Qdn3r |
| /iThqeWEhuodllSeKzG7YVuah4i9hL9HQ2h23wKyDsaXgRTDrDVDqVSGmrMxr4LFdOthVs/5LoS |
| oZwOa1JJN8jY/8YEv8kExAR2dRPZ+lnXSJQMdq7BZJvXdxZNtA0jvjb4aQM9FgmBIp4Qdf0AMCA |
| wEAATANBgkqhkiG9w0BAQUFAAOBgQBgXfG6F9WYmJlUytNXti8BMqrl3FpDGki2nCbL/bG1uwEX |
| xS5iwZj1sxmPXhy2ftDU8tVtdVyxu8E2rr43c1hyMD5ilqrP8bw6Er9s2NxJJICKfPBnCsPhzCR |
| gkiFZO36rh7qDuA4x6SNMpCNBXLV4YNVy9edN9fMPvwGrHoOGQQ== |
| -----END OCSP RESPONSE----- |
| |
| $ openssl x509 -text < [CA CERTIFICATE] |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha1WithRSAEncryption |
| Issuer: CN = Test CA |
| Validity |
| Not Before: Jan 1 00:00:00 2017 GMT |
| Not After : Jan 1 00:00:00 2018 GMT |
| Subject: CN = Test Intermediate CA |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| RSA Public-Key: (1024 bit) |
| Modulus: |
| 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: |
| 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: |
| 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: |
| 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: |
| c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: |
| a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: |
| ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: |
| e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: |
| 34:7c:d0:c6:99:6f:79:98:f9 |
| Exponent: 65537 (0x10001) |
| Signature Algorithm: sha1WithRSAEncryption |
| 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: |
| 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: |
| 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: |
| 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: |
| fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: |
| 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: |
| 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: |
| 30:01 |
| -----BEGIN CA CERTIFICATE----- |
| MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI |
| wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW |
| RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO |
| x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ |
| 8fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA |
| BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy |
| EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM |
| R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB |
| -----END CA CERTIFICATE----- |
| |
| $ openssl x509 -text < [CERTIFICATE] |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 4 (0x4) |
| Signature Algorithm: sha1WithRSAEncryption |
| Issuer: CN = Test Intermediate CA |
| Validity |
| Not Before: Jan 1 00:00:00 2017 GMT |
| Not After : Jan 1 00:00:00 2018 GMT |
| Subject: CN = Test Cert |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| RSA Public-Key: (1024 bit) |
| Modulus: |
| 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: |
| 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: |
| 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: |
| f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: |
| a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: |
| ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: |
| 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: |
| 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: |
| 95:c1:35:46:9e:db:9b:ce:9b |
| Exponent: 65537 (0x10001) |
| Signature Algorithm: sha1WithRSAEncryption |
| 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: |
| ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: |
| 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: |
| a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: |
| 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: |
| 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: |
| 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: |
| 0a:53 |
| -----BEGIN CERTIFICATE----- |
| MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV |
| kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA |
| lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu |
| sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j |
| 7l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM |
| BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 |
| yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL |
| odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= |
| -----END CERTIFICATE----- |
| |
| $ openssl asn1parse -i < [OCSP REQUEST] |
| 0:d=0 hl=2 l= 66 cons: SEQUENCE |
| 2:d=1 hl=2 l= 64 cons: SEQUENCE |
| 4:d=2 hl=2 l= 62 cons: SEQUENCE |
| 6:d=3 hl=2 l= 60 cons: SEQUENCE |
| 8:d=4 hl=2 l= 58 cons: SEQUENCE |
| 10:d=5 hl=2 l= 9 cons: SEQUENCE |
| 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 |
| 19:d=6 hl=2 l= 0 prim: NULL |
| 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A |
| 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 |
| 65:d=5 hl=2 l= 1 prim: INTEGER :04 |
| -----BEGIN OCSP REQUEST----- |
| MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ |
| elK78+UBDGmYCAQQ= |
| -----END OCSP REQUEST----- |
