blob: 0713d7ee2be076a5045bd51559d7e4e64176bf43 [file] [log] [blame]
[Created by: ./generate-chains.py]
Certificate chain of length 3 with requireExplicitPolicy=3 on the root,
meaning an explicit policy should not be required and the chain should verify
successfully regardless of if the root constraints are enforced.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:5b:49:46:e8:31:a6:8f:13:4f:5b:90:90:91:c8:28:8e:e0:5a:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b8:56:11:e6:4f:80:6b:56:9a:4c:11:bf:0c:6a:
42:ec:59:97:8a:29:4b:55:89:7b:28:f1:80:4e:9f:
fe:01:9b:72:d2:35:96:89:54:ad:db:9e:ae:23:da:
da:9e:1e:5f:7b:4d:a3:f9:c2:93:bd:cb:6a:8a:97:
92:41:62:bd:f5:16:c0:4d:c4:59:98:7c:52:32:62:
45:52:70:4e:48:f7:ac:b7:0e:4c:51:89:04:c3:d6:
ce:12:c7:be:8f:a1:fd:d0:4d:81:86:a5:c2:11:84:
23:1f:de:76:84:d9:70:fb:d7:ad:5b:54:f7:09:fe:
ac:8b:de:4d:cf:a7:d9:dd:23:90:76:3a:de:c3:8b:
5e:b4:3d:6e:2d:87:64:da:0f:a4:f5:34:81:ee:c3:
9a:61:43:56:66:1f:c5:bf:f6:e5:a1:ed:80:49:48:
92:f1:15:b8:f4:07:5c:9d:92:6d:87:19:ca:5c:c8:
55:48:09:ce:f2:e0:af:1e:8b:d5:30:4f:92:b7:a7:
02:84:76:b3:85:81:17:f1:0e:9b:a4:a3:ca:07:3a:
d8:a2:f5:15:40:07:5f:a7:97:27:ca:1d:2c:b8:ff:
c4:0b:43:c1:9e:18:91:fd:01:e7:20:a5:11:b2:db:
71:c2:c9:60:f8:bc:d3:a8:f3:0b:fb:1f:eb:6a:94:
d2:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:C7:83:51:99:8A:EC:AA:F1:4A:2C:1C:04:C0:37:BD:64:8A:43:47
X509v3 Authority Key Identifier:
CB:C6:A8:3A:83:0E:5B:41:0C:3E:C3:20:48:BF:37:69:DB:5A:DC:87
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
3a:ae:fd:b2:ff:a8:4e:1f:f8:82:90:3d:d3:9e:db:9b:d8:2e:
af:72:cf:7e:f8:19:07:96:a6:64:00:e8:c2:96:38:48:d3:7d:
0a:ee:ff:bb:e7:81:9e:84:4a:a3:b1:8b:4b:92:6c:54:b7:74:
24:64:0b:4a:50:bf:dd:03:68:58:bf:7c:3d:e3:cc:e6:c8:29:
5b:ab:ac:9d:9e:41:35:8f:83:18:fd:2d:82:34:4c:44:f6:25:
aa:42:50:b4:bc:4b:b2:9f:f5:39:9c:ab:90:02:ec:35:a1:f5:
36:98:8e:fa:e3:ed:37:9e:59:62:b6:6e:61:8e:8a:fa:5c:22:
ec:ec:7b:c2:15:82:f8:35:29:e3:b4:d7:24:7e:6b:68:76:a8:
c1:44:c1:33:0c:aa:3f:78:46:84:86:df:a6:e7:33:f6:93:83:
ea:23:30:24:5a:ec:ff:3f:08:ab:28:fb:38:a5:e6:dc:65:c6:
0a:d5:5d:fe:cd:3b:82:be:d4:d8:ac:4b:e8:27:ed:7f:9b:7e:
36:0a:1e:a5:79:f4:48:5d:ee:8f:22:de:b2:9f:14:cd:27:5a:
d2:ad:3f:99:a4:8b:58:79:f3:b7:a3:97:65:b9:ea:50:3d:ee:
1d:c0:a0:7a:ff:0c:bf:8a:98:f5:bd:87:97:8c:15:1b:9d:9f:
69:b5:dc:7a
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIUA1tJRugxpo8TT1uQkJHIKI7gWtgwDQYJKoZIhvcNAQEL
BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAuFYR5k+Aa1aaTBG/DGpC7FmXiilLVYl7KPGATp/+AZty
0jWWiVSt256uI9ranh5fe02j+cKTvctqipeSQWK99RbATcRZmHxSMmJFUnBOSPes
tw5MUYkEw9bOEse+j6H90E2BhqXCEYQjH952hNlw+9etW1T3Cf6si95Nz6fZ3SOQ
djrew4tetD1uLYdk2g+k9TSB7sOaYUNWZh/Fv/bloe2ASUiS8RW49AdcnZJthxnK
XMhVSAnO8uCvHovVME+St6cChHazhYEX8Q6bpKPKBzrYovUVQAdfp5cnyh0suP/E
C0PBnhiR/QHnIKURsttxwslg+LzTqPML+x/rapTS+wIDAQABo4HpMIHmMB0GA1Ud
DgQWBBQVx4NRmYrsqvFKLBwEwDe9ZIpDRzAfBgNVHSMEGDAWgBTLxqg6gw5bQQw+
wyBIvzdp21rchzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD
ggEBADqu/bL/qE4f+IKQPdOe25vYLq9yz374GQeWpmQA6MKWOEjTfQru/7vngZ6E
SqOxi0uSbFS3dCRkC0pQv90DaFi/fD3jzObIKVurrJ2eQTWPgxj9LYI0TET2JapC
ULS8S7Kf9Tmcq5AC7DWh9TaYjvrj7TeeWWK2bmGOivpcIuzse8IVgvg1KeO01yR+
a2h2qMFEwTMMqj94RoSG36bnM/aTg+ojMCRa7P8/CKso+zil5txlxgrVXf7NO4K+
1NisS+gn7X+bfjYKHqV59Ehd7o8i3rKfFM0nWtKtP5mki1h587ejl2W56lA97h3A
oHr/DL+KmPW9h5eMFRudn2m13Ho=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:3e:c4:86:ac:54:59:35:82:3f:d6:88:60:c9:83:73:e4:29:0c:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:0c:ea:12:ab:57:9d:4a:f2:58:74:68:94:60:
14:1e:5f:ff:fc:9d:62:f6:0d:34:6e:e9:2f:ca:d5:
53:29:e6:a3:2f:c0:6b:6e:62:82:b1:5f:26:3d:2d:
98:99:93:7d:6f:f5:1c:cf:54:d3:c4:4b:81:cb:b3:
a5:98:57:bd:fe:7f:19:76:af:99:ef:cc:62:cf:c0:
1c:df:5e:f9:b6:94:49:33:6f:db:ba:bf:5b:e2:20:
87:9d:3f:7e:c2:e7:94:76:3d:8b:7f:a0:49:f1:2d:
30:77:7b:8b:2c:b6:ec:cd:1e:5e:bf:e5:1b:86:dd:
d8:c1:e1:0d:b4:57:f0:aa:0a:58:d4:c3:4d:5b:cb:
bf:0e:f9:c7:23:61:f8:a3:0e:ab:2d:0f:87:1a:4f:
1d:0b:e6:39:0a:0a:35:be:f3:f9:55:f7:87:cd:f7:
7a:d7:18:7d:b7:0c:1f:6a:7a:67:52:55:6d:b8:ed:
87:28:a9:fe:eb:c3:c8:a8:66:bc:33:93:db:9e:20:
44:6b:31:36:b8:15:1b:cf:37:c2:be:9d:45:7c:3d:
d2:13:36:a0:1d:d7:74:52:67:a3:b7:3b:4a:54:01:
c5:6e:72:71:9d:47:39:44:58:27:08:a2:54:15:b5:
27:df:7b:3f:c9:f1:cb:23:be:cf:bd:8e:37:be:f2:
8d:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:C6:A8:3A:83:0E:5B:41:0C:3E:C3:20:48:BF:37:69:DB:5A:DC:87
X509v3 Authority Key Identifier:
04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
7e:a0:5a:59:73:39:3f:56:aa:ad:33:92:7e:da:68:0f:30:65:
b8:4b:ec:6a:7c:e1:de:f6:c4:5e:96:15:6d:dc:87:35:1b:60:
52:e6:0c:3c:c6:38:fc:75:f5:10:9a:6b:59:dd:53:7d:3e:26:
74:b7:68:89:27:9a:4e:4c:c2:95:5c:ed:ba:4e:20:29:7d:a6:
38:81:1c:b4:58:11:c4:d8:02:b2:76:34:23:bf:c5:43:82:6f:
65:95:23:1c:cc:86:9a:d2:85:e0:a9:c8:61:74:97:9c:6e:90:
c0:47:d0:b2:ce:df:0f:b2:4d:40:1f:b0:70:a0:db:94:97:1a:
e6:c4:a0:ff:46:a6:9c:83:28:c2:fc:69:af:42:e6:ce:11:18:
ff:05:cb:54:c3:d5:35:3f:a0:1e:2d:76:67:83:b5:b8:79:70:
4e:bd:36:cd:e7:82:d5:97:da:10:3f:b4:92:65:dd:c7:c1:d0:
6f:30:91:a3:6d:be:22:0c:71:e9:b7:b3:a7:24:c1:28:d2:ac:
93:ef:ed:3b:bc:51:b2:64:4d:f7:02:f1:04:80:9d:3f:f8:f7:
55:62:d4:6e:62:1e:15:b9:a5:80:c6:30:e6:c4:e2:5d:d5:af:
7f:69:5b:38:81:4a:8e:27:58:04:6e:f3:34:7f:7d:e8:c8:90:
a6:91:78:a6
-----BEGIN CERTIFICATE-----
MIIDgDCCAmigAwIBAgIUcT7EhqxUWTWCP9aIYMmDc+QpDCcwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALkM6hKrV51K8lh0aJRgFB5f//ydYvYNNG7pL8rVUynmoy/A
a25igrFfJj0tmJmTfW/1HM9U08RLgcuzpZhXvf5/GXavme/MYs/AHN9e+baUSTNv
27q/W+Igh50/fsLnlHY9i3+gSfEtMHd7iyy27M0eXr/lG4bd2MHhDbRX8KoKWNTD
TVvLvw75xyNh+KMOqy0PhxpPHQvmOQoKNb7z+VX3h833etcYfbcMH2p6Z1JVbbjt
hyip/uvDyKhmvDOT254gRGsxNrgVG883wr6dRXw90hM2oB3XdFJno7c7SlQBxW5y
cZ1HOURYJwiiVBW1J997P8nxyyO+z72ON77yjY8CAwEAAaOByzCByDAdBgNVHQ4E
FgQUy8aoOoMOW0EMPsMgSL83adta3IcwHwYDVR0jBBgwFoAUBMzuhRcsN0zS0wha
lGbuWv+oeTQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
MA0GCSqGSIb3DQEBCwUAA4IBAQB+oFpZczk/VqqtM5J+2mgPMGW4S+xqfOHe9sRe
lhVt3Ic1G2BS5gw8xjj8dfUQmmtZ3VN9PiZ0t2iJJ5pOTMKVXO26TiApfaY4gRy0
WBHE2AKydjQjv8VDgm9llSMczIaa0oXgqchhdJecbpDAR9Cyzt8Psk1AH7BwoNuU
lxrmxKD/RqacgyjC/GmvQubOERj/BctUw9U1P6AeLXZng7W4eXBOvTbN54LVl9oQ
P7SSZd3HwdBvMJGjbb4iDHHpt7OnJMEo0qyT7+07vFGyZE33AvEEgJ0/+PdVYtRu
Yh4VuaWAxjDmxOJd1a9/aVs4gUqOJ1gEbvM0f33oyJCmkXim
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:3e:c4:86:ac:54:59:35:82:3f:d6:88:60:c9:83:73:e4:29:0c:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:ae:84:aa:34:ef:4a:a7:14:8c:a4:e3:d7:7d:
ef:7e:3a:25:72:c0:9c:be:13:87:cd:a0:ae:fc:96:
cb:f7:80:6d:4f:d0:2b:c6:5e:b2:9a:0a:b6:af:ae:
0a:92:93:99:f1:44:d1:ea:bd:01:54:11:4e:04:5f:
00:16:85:81:26:4d:47:44:6b:e2:b7:92:e5:c8:41:
a5:7a:5f:23:c5:4e:7f:db:12:f4:8d:a2:2f:5c:83:
64:b3:6a:fc:f1:36:53:0e:c2:90:88:18:f5:c3:d8:
3d:e7:a6:7f:a0:c7:66:f1:24:aa:80:52:0a:50:96:
c3:14:ae:48:ba:ee:ee:34:9f:7e:99:d4:ee:00:c1:
41:d8:6c:93:ab:2d:11:65:2b:17:cd:6b:f6:80:f2:
66:5b:27:89:7f:92:1c:a6:d0:e1:f4:33:11:b6:7f:
a9:f6:4b:46:eb:2d:3c:8d:7f:7a:fd:cf:dd:43:64:
b0:14:b8:58:05:dc:f7:59:de:1f:c2:af:d6:89:4e:
0e:98:68:21:30:3a:8b:23:00:6c:29:0f:91:fe:99:
d3:ac:fa:76:be:f7:f3:2c:87:e8:44:1b:1f:59:fe:
81:db:70:88:2d:e3:84:65:e8:33:49:03:c3:f0:a1:
39:a5:85:df:58:8d:6d:70:0f:8c:3d:20:fe:f0:ba:
22:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34
X509v3 Authority Key Identifier:
04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Policy Constraints: critical
Require Explicit Policy:3
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
77:0f:1b:33:10:e7:d2:36:f1:7d:fb:68:33:9e:53:4a:08:c5:
b1:66:5c:8f:9f:ed:b0:2f:6a:4a:e7:b3:1e:33:94:66:17:59:
86:47:32:e7:27:7f:34:1b:f8:7d:dd:93:40:9f:89:d0:7a:4c:
cc:8c:31:5a:23:3f:1d:41:4e:5b:40:c5:d2:c5:a5:7e:a6:8e:
75:07:3a:db:6c:80:08:f0:a0:74:fa:94:b1:dc:9a:cc:f3:13:
e8:8d:af:7a:95:5b:4e:8c:2b:ce:42:bc:a1:65:bd:a0:1b:74:
0f:28:1d:7e:05:8d:10:0f:b9:e6:dd:3b:4f:b8:a5:84:dd:1d:
3d:4e:69:58:c1:5c:12:6f:c4:e5:8a:88:3b:9d:0f:c8:ef:f6:
36:27:74:b5:e9:a4:b0:dc:3e:2c:eb:6a:74:af:4b:c7:c3:0d:
60:f1:ef:ef:58:36:cd:74:c8:f1:f1:73:1c:fa:3d:a1:86:80:
90:ee:25:f4:39:b1:08:a3:17:a2:d2:92:84:ff:4a:4a:ca:19:
76:d4:91:23:56:e4:74:94:e9:21:e5:3b:bb:22:fe:95:18:a4:
ad:80:85:b6:f3:97:fe:1a:11:87:b7:c7:9a:f8:48:55:5a:a5:
78:0e:55:70:4d:2d:20:b2:82:e1:51:f0:c5:1d:08:13:b7:26:
a7:81:e7:d5
-----BEGIN CERTIFICATE-----
MIIDiTCCAnGgAwIBAgIUcT7EhqxUWTWCP9aIYMmDc+QpDCYwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCoroSqNO9KpxSMpOPXfe9+OiVywJy+E4fNoK78lsv3gG1P0CvGXrKaCrav
rgqSk5nxRNHqvQFUEU4EXwAWhYEmTUdEa+K3kuXIQaV6XyPFTn/bEvSNoi9cg2Sz
avzxNlMOwpCIGPXD2D3npn+gx2bxJKqAUgpQlsMUrki67u40n36Z1O4AwUHYbJOr
LRFlKxfNa/aA8mZbJ4l/khym0OH0MxG2f6n2S0brLTyNf3r9z91DZLAUuFgF3PdZ
3h/Cr9aJTg6YaCEwOosjAGwpD5H+mdOs+na+9/Msh+hEGx9Z/oHbcIgt44Rl6DNJ
A8PwoTmlhd9YjW1wD4w9IP7wuiIZAgMBAAGjgdwwgdkwHQYDVR0OBBYEFATM7oUX
LDdM0tMIWpRm7lr/qHk0MB8GA1UdIwQYMBaAFATM7oUXLDdM0tMIWpRm7lr/qHk0
MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQB
Af8EBTADgAEDMA0GCSqGSIb3DQEBCwUAA4IBAQB3DxszEOfSNvF9+2gznlNKCMWx
ZlyPn+2wL2pK57MeM5RmF1mGRzLnJ380G/h93ZNAn4nQekzMjDFaIz8dQU5bQMXS
xaV+po51BzrbbIAI8KB0+pSx3JrM8xPoja96lVtOjCvOQryhZb2gG3QPKB1+BY0Q
D7nm3TtPuKWE3R09TmlYwVwSb8Tliog7nQ/I7/Y2J3S16aSw3D4s62p0r0vHww1g
8e/vWDbNdMjx8XMc+j2hhoCQ7iX0ObEIoxei0pKE/0pKyhl21JEjVuR0lOkh5Tu7
Iv6VGKStgIW285f+GhGHt8ea+EhVWqV4DlVwTS0gsoLhUfDFHQgTtyangefV
-----END CERTIFICATE-----