• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1[Created by: generate-chains.py]
2
3Certificate chain where the root certificate restricts the extended key
4usage to clientAuth.
5
6Certificate:
7    Data:
8        Version: 3 (0x2)
9        Serial Number:
10            77:30:29:4c:98:1d:55:e4:df:5e:92:14:f6:68:26:ef:11:01:dd:15
11        Signature Algorithm: sha256WithRSAEncryption
12        Issuer: CN=Intermediate
13        Validity
14            Not Before: Oct  5 12:00:00 2021 GMT
15            Not After : Oct  5 12:00:00 2022 GMT
16        Subject: CN=Target
17        Subject Public Key Info:
18            Public Key Algorithm: rsaEncryption
19                RSA Public-Key: (2048 bit)
20                Modulus:
21                    00:c0:64:a7:01:b2:83:6c:47:bc:2d:30:01:f9:43:
22                    8c:fc:cc:6b:7c:a4:c7:1c:78:fa:a8:8c:be:1e:9a:
23                    72:d0:34:1a:56:80:67:67:76:48:8a:9f:c5:3a:68:
24                    9e:53:c2:35:ce:69:7e:4f:d5:c4:fb:0b:91:3c:af:
25                    00:26:f4:bf:77:ca:cd:ec:87:f9:6e:05:9b:0c:93:
26                    1b:f2:6e:c8:10:32:4e:7b:51:1c:22:77:4c:b8:a3:
27                    bd:d6:dc:95:29:9b:4b:b5:d9:ce:ae:91:d8:05:c5:
28                    c5:bf:4a:9c:b7:94:db:d5:a5:e6:b1:44:e1:02:4a:
29                    1a:dc:21:e5:e6:a6:ba:54:2e:2c:3f:40:f5:fd:5c:
30                    79:dd:55:6d:9e:e2:ab:db:3c:67:b4:84:db:ba:86:
31                    fd:a0:b5:d8:8b:d0:b8:bc:8b:77:e9:32:31:51:68:
32                    ee:18:17:09:e2:f1:27:79:ca:3c:72:a8:f3:96:25:
33                    31:24:3a:05:53:d4:89:0a:48:7a:9c:2d:6d:6a:84:
34                    97:df:34:c9:22:7f:d5:05:f2:2c:91:e9:c4:7f:ab:
35                    d0:ae:76:22:64:ae:be:e2:7f:97:08:ec:86:8a:92:
36                    bf:57:f0:22:f7:91:ff:86:17:62:92:e3:80:8b:19:
37                    84:14:60:19:00:91:d6:fe:51:96:77:5b:22:0d:32:
38                    50:07
39                Exponent: 65537 (0x10001)
40        X509v3 extensions:
41            X509v3 Subject Key Identifier:
42                E8:27:22:F1:C3:94:E3:48:C4:4C:45:0D:D6:4E:1C:6E:CF:9D:1B:1B
43            X509v3 Authority Key Identifier:
44                keyid:8F:7C:F8:3A:27:33:C2:AB:96:9E:BD:0F:68:E0:C9:58:BB:0B:7C:F2
45
46            Authority Information Access:
47                CA Issuers - URI:http://url-for-aia/Intermediate.cer
48
49            X509v3 CRL Distribution Points:
50
51                Full Name:
52                  URI:http://url-for-crl/Intermediate.crl
53
54            X509v3 Key Usage: critical
55                Digital Signature, Key Encipherment
56            X509v3 Extended Key Usage:
57                TLS Web Server Authentication, TLS Web Client Authentication
58    Signature Algorithm: sha256WithRSAEncryption
59         9b:da:f1:df:bb:7b:45:32:49:30:c9:75:1b:ca:cf:64:0c:3a:
60         e4:b3:68:73:da:46:87:7b:0f:ad:23:16:43:f6:9c:b3:e4:c1:
61         6f:ad:32:3b:68:ce:47:c4:cd:70:a4:5d:c3:91:34:1e:ba:c4:
62         73:e5:25:b4:4c:85:05:32:5b:fe:b4:98:88:f7:c9:aa:96:6d:
63         b1:ce:cc:3c:51:6c:ab:ec:c7:20:10:47:dc:6f:13:a6:4c:db:
64         11:02:1f:98:ae:76:9d:75:28:56:f9:26:73:ef:fb:f9:51:d3:
65         9a:65:21:70:27:f7:47:05:5c:f3:8c:38:6e:f9:58:c7:d3:f2:
66         3e:8b:3c:3b:ed:b3:ba:0c:ac:c0:43:0a:c0:34:54:f9:9c:4e:
67         44:76:1e:f5:a6:b6:7b:a7:dd:1b:22:0d:fa:ff:67:1c:d9:1c:
68         66:9c:4c:30:88:4c:dc:d6:fb:ad:01:ed:5b:3d:aa:98:b7:27:
69         e6:68:94:33:2e:32:3d:56:33:88:8b:66:2c:91:3b:20:c1:10:
70         43:e3:89:1c:ee:8a:ea:b0:66:45:6a:1f:23:ab:e1:d3:2c:a8:
71         48:3a:6b:9d:f0:cd:52:b3:90:1b:a7:46:07:61:59:d9:aa:12:
72         94:81:67:43:53:3a:6b:00:4e:e8:f3:3f:af:a3:6d:78:00:08:
73         3a:4a:9f:a9
74-----BEGIN CERTIFICATE-----
75MIIDoDCCAoigAwIBAgIUdzApTJgdVeTfXpIU9mgm7xEB3RUwDQYJKoZIhvcNAQEL
76BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
77MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
78AAOCAQ8AMIIBCgKCAQEAwGSnAbKDbEe8LTAB+UOM/MxrfKTHHHj6qIy+Hppy0DQa
79VoBnZ3ZIip/FOmieU8I1zml+T9XE+wuRPK8AJvS/d8rN7If5bgWbDJMb8m7IEDJO
80e1EcIndMuKO91tyVKZtLtdnOrpHYBcXFv0qct5Tb1aXmsUThAkoa3CHl5qa6VC4s
81P0D1/Vx53VVtnuKr2zxntITbuob9oLXYi9C4vIt36TIxUWjuGBcJ4vEneco8cqjz
82liUxJDoFU9SJCkh6nC1taoSX3zTJIn/VBfIskenEf6vQrnYiZK6+4n+XCOyGipK/
83V/Ai95H/hhdikuOAixmEFGAZAJHW/lGWd1siDTJQBwIDAQABo4HpMIHmMB0GA1Ud
84DgQWBBToJyLxw5TjSMRMRQ3WThxuz50bGzAfBgNVHSMEGDAWgBSPfPg6JzPCq5ae
85vQ9o4MlYuwt88jA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
86cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
87dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
88oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD
89ggEBAJva8d+7e0UySTDJdRvKz2QMOuSzaHPaRod7D60jFkP2nLPkwW+tMjtozkfE
90zXCkXcORNB66xHPlJbRMhQUyW/60mIj3yaqWbbHOzDxRbKvsxyAQR9xvE6ZM2xEC
91H5iudp11KFb5JnPv+/lR05plIXAn90cFXPOMOG75WMfT8j6LPDvts7oMrMBDCsA0
92VPmcTkR2HvWmtnun3RsiDfr/ZxzZHGacTDCITNzW+60B7Vs9qpi3J+ZolDMuMj1W
93M4iLZiyROyDBEEPjiRzuiuqwZkVqHyOr4dMsqEg6a53wzVKzkBunRgdhWdmqEpSB
94Z0NTOmsATujzP6+jbXgACDpKn6k=
95-----END CERTIFICATE-----
96
97Certificate:
98    Data:
99        Version: 3 (0x2)
100        Serial Number:
101            08:cf:d3:d1:65:21:cc:44:8a:0a:5d:79:88:07:16:54:c3:1f:d8:66
102        Signature Algorithm: sha256WithRSAEncryption
103        Issuer: CN=Root
104        Validity
105            Not Before: Oct  5 12:00:00 2021 GMT
106            Not After : Oct  5 12:00:00 2022 GMT
107        Subject: CN=Intermediate
108        Subject Public Key Info:
109            Public Key Algorithm: rsaEncryption
110                RSA Public-Key: (2048 bit)
111                Modulus:
112                    00:a8:e7:5f:fa:d0:9d:f1:e1:e4:87:7f:62:7e:1c:
113                    89:02:66:64:9e:d5:a0:81:f3:65:68:d7:8d:02:37:
114                    99:da:e8:85:00:51:b4:69:e9:57:29:09:51:c2:78:
115                    c8:ee:bb:87:62:4a:a8:46:c3:d4:06:e5:f0:c2:33:
116                    68:13:f7:55:c5:44:42:14:1e:d7:65:a4:a1:b6:67:
117                    38:e0:c2:72:65:ee:ad:f5:94:34:93:4f:e9:d8:a5:
118                    93:98:05:34:e5:f6:0f:3b:71:84:39:71:9b:b6:10:
119                    47:37:ef:87:d2:98:29:a4:f1:18:e7:f4:3b:52:af:
120                    34:b1:39:34:9a:49:b4:7a:ed:21:2c:60:b2:01:e8:
121                    cb:b6:ad:f8:00:95:85:a9:87:91:90:05:54:0b:2e:
122                    9d:4c:79:c4:c8:6d:72:ab:23:5b:d0:2b:90:3c:5b:
123                    53:ed:da:56:39:38:37:45:43:17:3d:81:d5:49:97:
124                    23:88:83:9f:bf:86:8d:52:af:3d:86:45:f1:1e:e8:
125                    dd:8f:4f:fe:da:b5:35:cb:e0:02:ba:8e:6b:61:4a:
126                    f2:c6:5d:d7:02:95:71:23:9e:7b:99:96:cf:ac:df:
127                    20:2a:2d:fe:0c:42:72:c6:b8:c3:81:81:3e:a0:8d:
128                    62:41:17:14:f5:24:67:f1:6c:af:c6:0c:94:09:fb:
129                    56:07
130                Exponent: 65537 (0x10001)
131        X509v3 extensions:
132            X509v3 Subject Key Identifier:
133                8F:7C:F8:3A:27:33:C2:AB:96:9E:BD:0F:68:E0:C9:58:BB:0B:7C:F2
134            X509v3 Authority Key Identifier:
135                keyid:91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54
136
137            Authority Information Access:
138                CA Issuers - URI:http://url-for-aia/Root.cer
139
140            X509v3 CRL Distribution Points:
141
142                Full Name:
143                  URI:http://url-for-crl/Root.crl
144
145            X509v3 Key Usage: critical
146                Certificate Sign, CRL Sign
147            X509v3 Basic Constraints: critical
148                CA:TRUE
149    Signature Algorithm: sha256WithRSAEncryption
150         31:06:ca:84:8d:bf:6c:6b:4f:31:e5:81:f1:ee:62:80:ef:83:
151         63:8d:56:00:c0:b7:cd:fd:37:8b:99:ea:a1:01:43:99:19:b9:
152         8b:5e:9e:f4:55:73:9b:1a:2f:33:97:ac:e3:6a:ae:4b:c4:e9:
153         e2:04:33:29:a8:55:08:af:4e:cc:2a:83:a4:12:af:11:54:62:
154         d2:19:ad:6b:6d:54:ac:f6:9c:15:77:0b:d4:68:78:5b:2b:04:
155         0e:82:9a:98:ac:8f:bc:47:de:29:d2:95:6b:ed:8d:29:a2:60:
156         d8:86:fc:a1:92:18:85:2d:4f:56:27:d2:de:20:87:f7:35:dd:
157         9d:a1:26:cb:ed:fe:e8:b6:87:b6:8a:eb:7c:bd:04:d5:be:2a:
158         96:cd:95:f6:16:9b:29:e1:62:0c:a8:ca:6c:fb:70:08:3c:10:
159         56:bf:e5:c4:57:19:42:87:5f:ef:fb:77:b9:10:62:1e:5f:e7:
160         35:58:80:30:92:ef:69:ef:2d:dc:f8:30:58:97:28:8d:64:18:
161         f2:c8:f3:ce:ce:3f:8a:aa:a0:e8:27:95:b9:58:55:88:32:9c:
162         27:56:71:54:c1:6e:0a:94:2d:0a:e6:70:7e:42:56:6a:b0:eb:
163         ad:8c:cd:93:6e:20:00:6e:81:8a:18:1b:30:0e:c2:27:f3:74:
164         67:98:3a:58
165-----BEGIN CERTIFICATE-----
166MIIDgDCCAmigAwIBAgIUCM/T0WUhzESKCl15iAcWVMMf2GYwDQYJKoZIhvcNAQEL
167BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
168MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
169ggEPADCCAQoCggEBAKjnX/rQnfHh5Id/Yn4ciQJmZJ7VoIHzZWjXjQI3mdrohQBR
170tGnpVykJUcJ4yO67h2JKqEbD1Abl8MIzaBP3VcVEQhQe12WkobZnOODCcmXurfWU
171NJNP6dilk5gFNOX2DztxhDlxm7YQRzfvh9KYKaTxGOf0O1KvNLE5NJpJtHrtISxg
172sgHoy7at+ACVhamHkZAFVAsunUx5xMhtcqsjW9ArkDxbU+3aVjk4N0VDFz2B1UmX
173I4iDn7+GjVKvPYZF8R7o3Y9P/tq1NcvgArqOa2FK8sZd1wKVcSOee5mWz6zfICot
174/gxCcsa4w4GBPqCNYkEXFPUkZ/Fsr8YMlAn7VgcCAwEAAaOByzCByDAdBgNVHQ4E
175FgQUj3z4OiczwquWnr0PaODJWLsLfPIwHwYDVR0jBBgwFoAUkWkNlDS1uq/x3Zki
176iBUrg7E3slQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
177LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
178b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
179MA0GCSqGSIb3DQEBCwUAA4IBAQAxBsqEjb9sa08x5YHx7mKA74NjjVYAwLfN/TeL
180meqhAUOZGbmLXp70VXObGi8zl6zjaq5LxOniBDMpqFUIr07MKoOkEq8RVGLSGa1r
181bVSs9pwVdwvUaHhbKwQOgpqYrI+8R94p0pVr7Y0pomDYhvyhkhiFLU9WJ9LeIIf3
182Nd2doSbL7f7otoe2iut8vQTVviqWzZX2Fpsp4WIMqMps+3AIPBBWv+XEVxlCh1/v
183+3e5EGIeX+c1WIAwku9p7y3c+DBYlyiNZBjyyPPOzj+KqqDoJ5W5WFWIMpwnVnFU
184wW4KlC0K5nB+QlZqsOutjM2TbiAAboGKGBswDsIn83RnmDpY
185-----END CERTIFICATE-----
186
187Certificate:
188    Data:
189        Version: 3 (0x2)
190        Serial Number:
191            08:cf:d3:d1:65:21:cc:44:8a:0a:5d:79:88:07:16:54:c3:1f:d8:65
192        Signature Algorithm: sha256WithRSAEncryption
193        Issuer: CN=Root
194        Validity
195            Not Before: Oct  5 12:00:00 2021 GMT
196            Not After : Oct  5 12:00:00 2022 GMT
197        Subject: CN=Root
198        Subject Public Key Info:
199            Public Key Algorithm: rsaEncryption
200                RSA Public-Key: (2048 bit)
201                Modulus:
202                    00:af:9d:d7:d1:a5:91:6e:5d:17:d4:89:85:95:b8:
203                    cf:e3:e3:fb:94:dd:cc:c0:99:59:24:ac:c0:4d:cc:
204                    4b:37:88:38:3c:a1:60:06:96:8d:1b:6b:e7:2b:b8:
205                    71:9e:54:4b:cd:c4:4d:93:b6:3b:3f:7a:a2:c6:3b:
206                    ea:9f:36:8d:e5:b0:0f:9e:27:58:7c:f8:fb:6f:e8:
207                    ae:0c:bb:69:02:60:21:d1:bd:dc:e1:33:23:8d:c5:
208                    5f:dc:ff:33:71:95:98:77:07:69:c0:71:2a:bf:62:
209                    eb:b6:e5:cc:2e:3a:98:1c:7b:a4:a7:cb:ba:e5:ab:
210                    22:32:fb:d5:03:1a:03:b7:d1:9f:d9:56:69:ae:b1:
211                    51:e7:8d:06:ca:2a:f9:25:43:af:92:a1:f7:40:60:
212                    85:5a:33:67:2a:62:ad:6e:4a:9a:02:1b:c4:e3:89:
213                    38:d3:06:eb:a3:8c:ce:a8:c8:49:5a:4e:08:b2:7e:
214                    00:16:92:60:4b:ff:77:2d:53:e7:2c:f3:2c:51:b3:
215                    16:87:67:28:43:10:d3:6c:d6:c2:96:97:a3:c8:8e:
216                    0b:ae:f1:56:13:bb:1b:ca:7f:2d:59:cc:37:fc:47:
217                    9d:f7:c9:0a:66:19:87:3d:13:66:50:0b:52:0d:13:
218                    33:6c:0b:fc:fb:88:cf:34:7b:9f:6f:6e:7e:36:ac:
219                    ec:39
220                Exponent: 65537 (0x10001)
221        X509v3 extensions:
222            X509v3 Subject Key Identifier:
223                91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54
224            X509v3 Authority Key Identifier:
225                keyid:91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54
226
227            Authority Information Access:
228                CA Issuers - URI:http://url-for-aia/Root.cer
229
230            X509v3 CRL Distribution Points:
231
232                Full Name:
233                  URI:http://url-for-crl/Root.crl
234
235            X509v3 Key Usage: critical
236                Certificate Sign, CRL Sign
237            X509v3 Basic Constraints: critical
238                CA:TRUE
239            X509v3 Extended Key Usage:
240                TLS Web Client Authentication
241    Signature Algorithm: sha256WithRSAEncryption
242         41:b1:b7:39:9a:c9:11:6c:57:42:5d:fa:b6:0f:4d:97:e8:37:
243         82:fb:f7:b0:ff:db:1c:78:73:17:f3:cf:9f:15:b0:c8:6d:16:
244         6f:a6:0b:5f:ea:f8:58:73:ad:37:74:f9:f4:8e:6e:db:6b:21:
245         98:10:80:0c:2d:b5:de:d2:73:74:02:67:8b:0b:eb:40:92:f5:
246         da:66:a4:dd:84:ce:db:49:47:71:bd:24:b2:5c:b7:03:2f:52:
247         9f:65:f2:9e:ab:13:09:76:a4:c8:94:3a:30:b1:5f:43:9a:af:
248         86:c9:e8:e2:37:24:be:b4:d1:ab:34:45:df:3f:77:ff:cd:71:
249         5d:de:7b:33:6e:60:04:45:d2:31:3e:3d:3f:5a:2e:bc:2e:00:
250         a2:67:3c:70:8e:90:b1:b5:d2:f7:1e:1b:23:2a:d6:0a:4e:26:
251         98:35:e0:3b:2d:82:94:ce:b6:a3:1f:5f:67:e2:96:af:c6:89:
252         ed:28:47:9b:48:47:58:dc:fc:6a:7f:49:2b:6f:0e:6b:40:40:
253         68:ec:53:fb:ef:16:55:1c:1d:77:1a:49:8f:13:0a:c6:06:16:
254         09:0d:08:e4:12:ff:cb:a2:0e:42:18:fc:a8:5a:04:e3:72:09:
255         2b:01:5f:1f:63:b8:aa:51:dd:ae:b6:13:f1:24:2c:b6:1c:87:
256         95:70:db:97
257-----BEGIN CERTIFICATE-----
258MIIDjTCCAnWgAwIBAgIUCM/T0WUhzESKCl15iAcWVMMf2GUwDQYJKoZIhvcNAQEL
259BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
260MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
261AoIBAQCvndfRpZFuXRfUiYWVuM/j4/uU3czAmVkkrMBNzEs3iDg8oWAGlo0ba+cr
262uHGeVEvNxE2Ttjs/eqLGO+qfNo3lsA+eJ1h8+Ptv6K4Mu2kCYCHRvdzhMyONxV/c
263/zNxlZh3B2nAcSq/Yuu25cwuOpgce6Sny7rlqyIy+9UDGgO30Z/ZVmmusVHnjQbK
264KvklQ6+SofdAYIVaM2cqYq1uSpoCG8TjiTjTBuujjM6oyElaTgiyfgAWkmBL/3ct
265U+cs8yxRsxaHZyhDENNs1sKWl6PIjguu8VYTuxvKfy1ZzDf8R533yQpmGYc9E2ZQ
266C1INEzNsC/z7iM80e59vbn42rOw5AgMBAAGjgeAwgd0wHQYDVR0OBBYEFJFpDZQ0
267tbqv8d2ZIogVK4OxN7JUMB8GA1UdIwQYMBaAFJFpDZQ0tbqv8d2ZIogVK4OxN7JU
268MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
269L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
270b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSUE
271DDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAQbG3OZrJEWxXQl36tg9N
272l+g3gvv3sP/bHHhzF/PPnxWwyG0Wb6YLX+r4WHOtN3T59I5u22shmBCADC213tJz
273dAJniwvrQJL12mak3YTO20lHcb0ksly3Ay9Sn2XynqsTCXakyJQ6MLFfQ5qvhsno
2744jckvrTRqzRF3z93/81xXd57M25gBEXSMT49P1ouvC4Aomc8cI6QsbXS9x4bIyrW
275Ck4mmDXgOy2ClM62ox9fZ+KWr8aJ7ShHm0hHWNz8an9JK28Oa0BAaOxT++8WVRwd
276dxpJjxMKxgYWCQ0I5BL/y6IOQhj8qFoE43IJKwFfH2O4qlHdrrYT8SQsthyHlXDb
277lw==
278-----END CERTIFICATE-----
279