• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1[Created by: generate-chains.py]
2
3Certificate chain where the supposed root certificate is wrong:
4
5  * The intermediate's "issuer" does not match the root's "subject"
6  * The intermediate's signature was not generated using the root's key
7
8
9Certificate:
10    Data:
11        Version: 3 (0x2)
12        Serial Number:
13            6f:d4:ce:21:aa:ed:06:7b:56:9b:0b:40:d4:28:fb:ff:a9:d9:2b:9b
14        Signature Algorithm: sha256WithRSAEncryption
15        Issuer: CN=Intermediate
16        Validity
17            Not Before: Oct  5 12:00:00 2021 GMT
18            Not After : Oct  5 12:00:00 2022 GMT
19        Subject: CN=Target
20        Subject Public Key Info:
21            Public Key Algorithm: rsaEncryption
22                RSA Public-Key: (2048 bit)
23                Modulus:
24                    00:b3:d8:e1:c8:d6:ce:ed:3b:b7:8a:5b:17:c2:9e:
25                    0c:04:f4:4e:ba:ad:1b:cf:c0:63:b7:c9:01:e9:7a:
26                    28:d4:d8:0b:71:36:af:02:f6:44:fc:ce:5e:84:50:
27                    fb:5f:ef:a0:b8:b5:77:62:c0:6c:9f:8f:4f:64:52:
28                    67:04:0b:d3:92:31:a5:79:f3:8d:11:03:03:a2:c0:
29                    da:ef:8f:b5:68:f8:55:f0:ac:9b:05:3a:df:ea:7b:
30                    3b:06:f2:de:e3:b2:c5:27:3e:b9:39:90:c0:27:0d:
31                    de:6c:a2:8e:e4:2e:f9:95:13:37:df:20:12:28:ae:
32                    82:5e:91:3a:cb:75:ae:55:fb:07:d6:40:48:cd:6f:
33                    9c:3e:07:0f:48:d1:8f:ba:db:fa:b2:7c:ce:29:10:
34                    e0:6b:48:36:80:db:4c:10:19:a1:28:fb:e0:b5:4f:
35                    b2:89:40:b7:6b:9a:af:a1:9b:b0:52:03:23:16:fb:
36                    0f:5d:c6:c9:f2:98:08:c5:07:85:76:30:57:46:be:
37                    85:46:ed:14:74:60:00:61:ce:f7:88:62:6c:0b:a2:
38                    41:9c:5a:27:3f:e5:29:9c:36:73:a3:04:8b:ab:74:
39                    2d:1e:f5:96:f7:b4:c2:51:77:a9:9c:ef:ac:fd:bc:
40                    aa:cf:ba:98:cf:6c:1b:fc:e9:20:8c:dc:17:45:49:
41                    12:45
42                Exponent: 65537 (0x10001)
43        X509v3 extensions:
44            X509v3 Subject Key Identifier:
45                14:7E:08:D5:73:67:A9:9C:5B:C1:26:14:D1:96:8E:09:88:11:32:67
46            X509v3 Authority Key Identifier:
47                keyid:3F:EE:51:69:3A:24:09:D6:26:3C:A4:08:22:1F:0D:77:7D:D5:E7:3B
48
49            Authority Information Access:
50                CA Issuers - URI:http://url-for-aia/Intermediate.cer
51
52            X509v3 CRL Distribution Points:
53
54                Full Name:
55                  URI:http://url-for-crl/Intermediate.crl
56
57            X509v3 Key Usage: critical
58                Digital Signature, Key Encipherment
59            X509v3 Extended Key Usage:
60                TLS Web Server Authentication, TLS Web Client Authentication
61    Signature Algorithm: sha256WithRSAEncryption
62         33:6d:f9:bc:77:a5:f0:77:f8:8c:5e:18:52:45:93:6e:ed:01:
63         9f:9e:7d:4a:d0:d8:6b:6b:35:92:cb:64:2f:89:7d:ed:42:0d:
64         90:ad:d8:18:01:66:13:6c:4d:7c:6d:14:62:26:60:b4:37:94:
65         c1:24:c5:cb:a1:a2:ab:b2:28:0e:47:3e:2c:6d:2b:7c:ed:55:
66         3f:55:69:28:7f:97:a4:f6:b9:45:73:5d:3b:cf:b9:48:be:7c:
67         fe:40:0e:ac:08:4b:6b:e5:4f:31:14:3f:1b:04:48:85:d1:65:
68         65:76:6a:5f:3b:f2:04:48:c2:e1:20:7c:91:a8:bf:84:44:1a:
69         4f:28:52:e6:f9:cd:f2:5b:ad:5f:71:2e:69:57:cf:1e:c4:68:
70         5d:d3:4d:f8:0e:a7:7b:4d:c7:dd:ce:d8:eb:80:f1:a3:31:d3:
71         ac:52:0a:ff:4c:58:a9:d6:4c:91:8b:79:66:30:6b:7d:1f:05:
72         89:1b:dd:ba:16:58:1d:16:53:75:64:ef:2b:55:af:41:84:2a:
73         0c:3d:0e:41:52:5c:8f:03:e1:b6:bd:c5:ad:11:a0:93:dc:de:
74         8e:4b:e9:17:02:d9:3f:83:9b:4c:d7:b1:75:10:8c:ff:93:ca:
75         4c:40:bb:38:80:4c:83:64:f2:10:f1:04:5e:7b:45:40:04:6e:
76         64:76:a0:18
77-----BEGIN CERTIFICATE-----
78MIIDoDCCAoigAwIBAgIUb9TOIartBntWmwtA1Cj7/6nZK5swDQYJKoZIhvcNAQEL
79BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
80MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
81AAOCAQ8AMIIBCgKCAQEAs9jhyNbO7Tu3ilsXwp4MBPROuq0bz8Bjt8kB6Xoo1NgL
82cTavAvZE/M5ehFD7X++guLV3YsBsn49PZFJnBAvTkjGlefONEQMDosDa74+1aPhV
838KybBTrf6ns7BvLe47LFJz65OZDAJw3ebKKO5C75lRM33yASKK6CXpE6y3WuVfsH
841kBIzW+cPgcPSNGPutv6snzOKRDga0g2gNtMEBmhKPvgtU+yiUC3a5qvoZuwUgMj
85FvsPXcbJ8pgIxQeFdjBXRr6FRu0UdGAAYc73iGJsC6JBnFonP+UpnDZzowSLq3Qt
86HvWW97TCUXepnO+s/byqz7qYz2wb/OkgjNwXRUkSRQIDAQABo4HpMIHmMB0GA1Ud
87DgQWBBQUfgjVc2epnFvBJhTRlo4JiBEyZzAfBgNVHSMEGDAWgBQ/7lFpOiQJ1iY8
88pAgiHw13fdXnOzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
89cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
90dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
91oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD
92ggEBADNt+bx3pfB3+IxeGFJFk27tAZ+efUrQ2GtrNZLLZC+Jfe1CDZCt2BgBZhNs
93TXxtFGImYLQ3lMEkxcuhoquyKA5HPixtK3ztVT9VaSh/l6T2uUVzXTvPuUi+fP5A
94DqwIS2vlTzEUPxsESIXRZWV2al878gRIwuEgfJGov4REGk8oUub5zfJbrV9xLmlX
95zx7EaF3TTfgOp3tNx93O2OuA8aMx06xSCv9MWKnWTJGLeWYwa30fBYkb3boWWB0W
96U3Vk7ytVr0GEKgw9DkFSXI8D4ba9xa0RoJPc3o5L6RcC2T+Dm0zXsXUQjP+TykxA
97uziATINk8hDxBF57RUAEbmR2oBg=
98-----END CERTIFICATE-----
99
100Certificate:
101    Data:
102        Version: 3 (0x2)
103        Serial Number:
104            3e:47:c8:ca:0d:d0:ba:cc:83:24:aa:c4:09:b2:53:44:d2:da:f7:4b
105        Signature Algorithm: sha256WithRSAEncryption
106        Issuer: CN=Root
107        Validity
108            Not Before: Oct  5 12:00:00 2021 GMT
109            Not After : Oct  5 12:00:00 2022 GMT
110        Subject: CN=Intermediate
111        Subject Public Key Info:
112            Public Key Algorithm: rsaEncryption
113                RSA Public-Key: (2048 bit)
114                Modulus:
115                    00:e4:40:ac:b5:f3:c7:b0:dc:ca:07:85:b4:fa:5f:
116                    0d:28:a4:0d:88:12:cb:05:a3:4f:bb:7d:01:88:de:
117                    0c:b3:b9:0c:cc:3f:b4:6e:9f:d6:b6:a7:2a:6b:03:
118                    c5:bc:3b:10:17:69:fd:29:5c:d3:fd:38:fe:b6:5e:
119                    b2:04:8f:10:93:92:aa:db:76:07:a2:60:0f:3e:07:
120                    bb:8d:f1:ca:c8:f3:38:69:61:38:41:4e:69:2d:70:
121                    c2:ed:af:85:81:99:dc:8e:65:03:45:32:9b:01:95:
122                    7c:d5:c0:90:bd:f4:08:a5:44:4b:e5:a2:e7:fe:17:
123                    e4:f3:3d:59:35:8e:6d:3b:70:4d:b8:49:ac:63:ff:
124                    3e:d4:71:36:e9:2b:50:c9:5c:bc:bb:b0:c6:1b:c4:
125                    0a:01:ec:ae:3f:b7:bd:10:57:08:5e:ec:8a:07:ce:
126                    e5:da:46:25:e8:ca:0a:e0:c2:cc:0d:44:84:db:0c:
127                    88:d5:0f:65:bc:ea:69:10:ba:dc:93:ef:34:f9:2f:
128                    c7:9b:c5:49:27:72:9c:a3:fd:40:9c:49:e3:59:7c:
129                    24:cc:99:9a:01:b6:0d:fb:41:cb:36:80:41:88:c7:
130                    75:9f:d5:01:6f:63:d5:f5:75:85:cd:26:3e:a6:fe:
131                    8d:a9:ef:a8:b0:04:8b:7e:89:f3:5f:75:3a:56:69:
132                    c7:07
133                Exponent: 65537 (0x10001)
134        X509v3 extensions:
135            X509v3 Subject Key Identifier:
136                3F:EE:51:69:3A:24:09:D6:26:3C:A4:08:22:1F:0D:77:7D:D5:E7:3B
137            X509v3 Authority Key Identifier:
138                keyid:64:6F:C2:6E:64:18:20:24:F6:02:A9:AF:63:23:01:ED:CC:69:9B:E0
139
140            Authority Information Access:
141                CA Issuers - URI:http://url-for-aia/Root.cer
142
143            X509v3 CRL Distribution Points:
144
145                Full Name:
146                  URI:http://url-for-crl/Root.crl
147
148            X509v3 Key Usage: critical
149                Certificate Sign, CRL Sign
150            X509v3 Basic Constraints: critical
151                CA:TRUE
152    Signature Algorithm: sha256WithRSAEncryption
153         52:46:11:42:85:ea:0e:46:d3:2a:4b:17:f8:73:c9:7b:c8:93:
154         dd:7b:ef:d1:34:aa:c3:77:d7:12:65:f5:e4:c0:e1:0e:57:55:
155         5a:d6:c0:b1:85:61:c0:3c:dc:77:93:24:f0:81:88:43:75:12:
156         80:0d:b0:b7:17:69:0e:24:53:25:50:76:5d:2e:32:46:7f:8d:
157         00:7f:f6:06:d1:47:cf:95:af:54:67:d2:19:ef:b0:c7:5e:39:
158         a2:4b:c7:b0:f3:f6:58:b3:50:fb:6a:e0:6d:df:52:46:77:cb:
159         c0:bd:9e:db:ca:b0:a7:9c:92:76:ad:19:54:74:3e:52:0f:bf:
160         8e:73:eb:7f:e8:1f:34:48:a0:4a:92:a6:c3:f7:6e:d1:64:07:
161         c2:fe:5e:ae:1b:d9:08:1b:75:2e:80:4a:51:49:dd:ec:ca:70:
162         72:d6:3c:94:04:39:84:61:c5:de:e9:c6:4c:f4:ad:b2:b3:0e:
163         01:63:fd:9c:e9:16:4c:fd:7c:82:11:a2:e5:a8:1e:c3:91:b0:
164         84:1a:36:18:55:06:18:9f:65:59:71:5f:96:6f:60:c9:4d:0e:
165         92:64:ce:1e:20:77:57:35:67:77:dd:7a:b2:e0:b7:c0:37:8d:
166         51:89:71:55:f7:a1:c0:4e:7f:91:80:44:32:86:ca:b3:24:7c:
167         31:e2:ac:70
168-----BEGIN CERTIFICATE-----
169MIIDgDCCAmigAwIBAgIUPkfIyg3QusyDJKrECbJTRNLa90swDQYJKoZIhvcNAQEL
170BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
171MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
172ggEPADCCAQoCggEBAORArLXzx7DcygeFtPpfDSikDYgSywWjT7t9AYjeDLO5DMw/
173tG6f1ranKmsDxbw7EBdp/Slc0/04/rZesgSPEJOSqtt2B6JgDz4Hu43xysjzOGlh
174OEFOaS1wwu2vhYGZ3I5lA0UymwGVfNXAkL30CKVES+Wi5/4X5PM9WTWObTtwTbhJ
175rGP/PtRxNukrUMlcvLuwxhvECgHsrj+3vRBXCF7sigfO5dpGJejKCuDCzA1EhNsM
176iNUPZbzqaRC63JPvNPkvx5vFSSdynKP9QJxJ41l8JMyZmgG2DftByzaAQYjHdZ/V
177AW9j1fV1hc0mPqb+janvqLAEi36J8191OlZpxwcCAwEAAaOByzCByDAdBgNVHQ4E
178FgQUP+5RaTokCdYmPKQIIh8Nd33V5zswHwYDVR0jBBgwFoAUZG/CbmQYICT2Aqmv
179YyMB7cxpm+AwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
180LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
181b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
182MA0GCSqGSIb3DQEBCwUAA4IBAQBSRhFCheoORtMqSxf4c8l7yJPde+/RNKrDd9cS
183ZfXkwOEOV1Va1sCxhWHAPNx3kyTwgYhDdRKADbC3F2kOJFMlUHZdLjJGf40Af/YG
1840UfPla9UZ9IZ77DHXjmiS8ew8/ZYs1D7auBt31JGd8vAvZ7byrCnnJJ2rRlUdD5S
185D7+Oc+t/6B80SKBKkqbD927RZAfC/l6uG9kIG3UugEpRSd3synBy1jyUBDmEYcXe
1866cZM9K2ysw4BY/2c6RZM/XyCEaLlqB7DkbCEGjYYVQYYn2VZcV+Wb2DJTQ6SZM4e
187IHdXNWd33Xqy4LfAN41RiXFV96HATn+RgEQyhsqzJHwx4qxw
188-----END CERTIFICATE-----
189
190Certificate:
191    Data:
192        Version: 3 (0x2)
193        Serial Number:
194            66:63:f9:27:23:34:d5:b4:a6:e3:b2:e1:3f:8c:39:ed:fb:cd:58:fc
195        Signature Algorithm: sha256WithRSAEncryption
196        Issuer: CN=BogusRoot
197        Validity
198            Not Before: Oct  5 12:00:00 2021 GMT
199            Not After : Oct  5 12:00:00 2022 GMT
200        Subject: CN=BogusRoot
201        Subject Public Key Info:
202            Public Key Algorithm: rsaEncryption
203                RSA Public-Key: (2048 bit)
204                Modulus:
205                    00:b8:c8:2f:dc:30:b5:3e:65:02:31:fe:76:d5:cf:
206                    18:49:18:9a:99:63:02:ea:1f:9c:fc:34:05:04:f5:
207                    dc:94:15:48:0c:0b:c0:18:b9:0f:a5:a0:8f:66:27:
208                    02:0b:a9:33:0f:a8:27:d7:61:d7:77:7e:d5:ab:db:
209                    d4:a0:32:d0:40:9b:66:91:5b:ec:07:df:67:13:14:
210                    71:1f:21:98:d8:89:ae:15:dd:68:07:3d:3b:62:5c:
211                    34:f8:e8:39:da:2a:23:01:6a:09:a7:91:a1:c1:94:
212                    ab:ba:42:7f:24:20:57:c8:67:2a:d6:cf:24:7b:b6:
213                    14:ad:69:61:c5:50:6b:6b:d2:77:0c:0c:6e:30:df:
214                    2b:e8:c4:de:89:a9:94:bf:8d:70:4e:ee:e1:5d:0f:
215                    11:0f:80:71:3d:67:90:59:c5:c7:d6:8b:6a:29:7d:
216                    8a:43:7a:98:0d:75:83:db:3c:09:27:19:12:77:99:
217                    2c:2b:a2:94:dc:7d:78:41:e2:4a:9a:31:f4:fa:8b:
218                    ef:d3:d3:42:dd:1d:a5:be:5d:2f:1c:9c:33:4f:7d:
219                    c8:bd:12:eb:18:cd:e0:80:d5:7a:1a:2d:93:fc:1f:
220                    59:8e:72:f8:e5:21:e1:f2:fe:b7:6a:c1:e1:39:20:
221                    26:60:98:fd:02:f0:5b:a2:6d:13:c7:15:20:9b:ef:
222                    d5:31
223                Exponent: 65537 (0x10001)
224        X509v3 extensions:
225            X509v3 Subject Key Identifier:
226                6F:BD:F8:37:8B:1D:B5:1A:91:4C:D6:08:E8:33:85:8C:08:E9:3E:63
227            X509v3 Authority Key Identifier:
228                keyid:6F:BD:F8:37:8B:1D:B5:1A:91:4C:D6:08:E8:33:85:8C:08:E9:3E:63
229
230            Authority Information Access:
231                CA Issuers - URI:http://url-for-aia/BogusRoot.cer
232
233            X509v3 CRL Distribution Points:
234
235                Full Name:
236                  URI:http://url-for-crl/BogusRoot.crl
237
238            X509v3 Key Usage: critical
239                Certificate Sign, CRL Sign
240            X509v3 Basic Constraints: critical
241                CA:TRUE
242    Signature Algorithm: sha256WithRSAEncryption
243         24:98:cc:7e:a5:c1:32:61:f4:c3:e0:ab:4f:ce:e5:dd:13:e1:
244         1c:02:d8:fe:b5:47:5d:db:fe:75:36:35:2a:bf:23:6a:8b:16:
245         09:5b:db:32:28:ea:3d:77:b9:75:d2:bc:b7:27:ae:7e:be:42:
246         88:1a:8f:24:ab:2a:9b:21:69:fb:39:30:1f:6f:67:7a:c9:e1:
247         fc:fb:63:83:ce:a6:d5:e2:6f:46:a4:de:c5:2c:cf:71:e9:b7:
248         22:70:d3:0e:36:0c:38:f3:91:15:25:6f:27:61:0a:02:e3:06:
249         c8:9b:56:00:aa:19:fe:99:d5:21:d1:b2:1d:70:87:84:cd:dc:
250         1b:22:4a:a3:9b:61:65:b8:f8:36:f0:46:22:6a:05:23:fc:cc:
251         d9:3a:83:8f:e9:dc:f9:fe:71:b7:fa:f0:db:32:a3:46:87:90:
252         1c:c5:9b:3f:23:24:78:6c:cf:38:ef:64:43:58:99:4c:9f:c2:
253         e3:fa:b2:93:7d:90:a7:3d:e3:64:99:e1:df:2c:12:f2:93:f6:
254         2a:a5:e5:b4:98:b5:2d:ac:c5:87:a4:c2:a4:aa:e4:1b:8b:0a:
255         f4:95:91:f5:b9:e8:82:95:e2:05:3b:19:5f:c7:90:f6:51:e9:
256         12:bb:81:c0:33:c0:4c:8f:16:6c:b1:ee:ad:a4:4b:e1:d7:de:
257         69:99:65:ca
258-----BEGIN CERTIFICATE-----
259MIIDjDCCAnSgAwIBAgIUZmP5JyM01bSm47LhP4w57fvNWPwwDQYJKoZIhvcNAQEL
260BQAwFDESMBAGA1UEAwwJQm9ndXNSb290MB4XDTIxMTAwNTEyMDAwMFoXDTIyMTAw
261NTEyMDAwMFowFDESMBAGA1UEAwwJQm9ndXNSb290MIIBIjANBgkqhkiG9w0BAQEF
262AAOCAQ8AMIIBCgKCAQEAuMgv3DC1PmUCMf521c8YSRiamWMC6h+c/DQFBPXclBVI
263DAvAGLkPpaCPZicCC6kzD6gn12HXd37Vq9vUoDLQQJtmkVvsB99nExRxHyGY2Imu
264Fd1oBz07Ylw0+Og52iojAWoJp5GhwZSrukJ/JCBXyGcq1s8ke7YUrWlhxVBra9J3
265DAxuMN8r6MTeiamUv41wTu7hXQ8RD4BxPWeQWcXH1otqKX2KQ3qYDXWD2zwJJxkS
266d5ksK6KU3H14QeJKmjH0+ovv09NC3R2lvl0vHJwzT33IvRLrGM3ggNV6Gi2T/B9Z
267jnL45SHh8v63asHhOSAmYJj9AvBbom0TxxUgm+/VMQIDAQABo4HVMIHSMB0GA1Ud
268DgQWBBRvvfg3ix21GpFM1gjoM4WMCOk+YzAfBgNVHSMEGDAWgBRvvfg3ix21GpFM
2691gjoM4WMCOk+YzA8BggrBgEFBQcBAQQwMC4wLAYIKwYBBQUHMAKGIGh0dHA6Ly91
270cmwtZm9yLWFpYS9Cb2d1c1Jvb3QuY2VyMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6
271Ly91cmwtZm9yLWNybC9Cb2d1c1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNV
272HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAkmMx+pcEyYfTD4KtPzuXd
273E+EcAtj+tUdd2/51NjUqvyNqixYJW9syKOo9d7l10ry3J65+vkKIGo8kqyqbIWn7
274OTAfb2d6yeH8+2ODzqbV4m9GpN7FLM9x6bcicNMONgw485EVJW8nYQoC4wbIm1YA
275qhn+mdUh0bIdcIeEzdwbIkqjm2FluPg28EYiagUj/MzZOoOP6dz5/nG3+vDbMqNG
276h5AcxZs/IyR4bM8472RDWJlMn8Lj+rKTfZCnPeNkmeHfLBLyk/YqpeW0mLUtrMWH
277pMKkquQbiwr0lZH1ueiCleIFOxlfx5D2UekSu4HAM8BMjxZsse6tpEvh195pmWXK
278-----END CERTIFICATE-----
279