[Created by: generate-chains.py] Certificate chain where the leaf certificate asserts the keyCertSign key usage, however does not have CA=true in the basic constraints extension to indicate it is a CA. Certificate: Data: Version: 3 (0x2) Serial Number: 0d:e0:65:d2:8a:72:7c:60:7d:f8:7e:88:6d:f0:a6:80:23:e1:38:a9 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Intermediate Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Target Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d5:97:4d:ce:b9:89:7b:00:4f:e4:1f:f6:b0:1d: 26:7d:c5:42:70:21:40:3a:a6:f9:07:5b:11:c6:fb: 0f:8e:79:46:78:ad:34:71:46:b4:fa:96:75:06:c8: 3e:c7:e9:1a:ae:f0:47:7f:4b:53:4a:f2:46:83:89: 92:b0:11:11:0c:04:7c:33:e1:4b:7e:b5:b5:b2:54: a7:28:64:31:7b:e2:5c:4a:00:30:3f:8c:21:e0:61: f6:15:e8:20:03:bf:ce:d3:b4:ec:6e:27:88:fb:a9: b0:9a:73:79:26:46:55:a3:05:ac:25:ba:6f:24:3c: 17:7d:17:6c:25:ad:14:68:0b:fd:a6:d6:5f:5a:9a: 4a:9d:6d:86:e5:77:b9:50:9c:40:2b:40:af:1d:92: 4e:22:7a:c1:eb:57:17:16:4d:fa:12:e3:8c:25:8e: 8d:4b:74:4f:3e:67:cd:84:2a:63:46:43:3c:45:7f: ad:bc:dd:5c:00:46:7e:25:36:43:d9:98:15:a1:f4: f6:29:5d:54:9d:20:b8:b6:e1:4c:e3:f1:3c:91:47: 9d:eb:d7:f8:a2:f1:c5:f8:bc:7b:bf:bd:40:38:39: 01:3b:98:33:12:d9:de:c6:f9:eb:4b:e3:82:8e:98: 4b:28:1b:cd:ba:22:d5:b3:02:12:fc:40:86:ec:3e: e7:51 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 1B:6F:D1:A8:67:1C:5F:A0:86:1B:FF:7B:E0:F4:72:33:CF:7C:F0:26 X509v3 Authority Key Identifier: keyid:B2:C0:C2:33:FD:8F:F5:37:4B:52:85:82:DD:31:5D:CE:A2:99:71:D0 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Intermediate.crl X509v3 Key Usage: critical Digital Signature, Key Encipherment, Certificate Sign X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption 06:a9:9a:f5:d2:51:8d:b1:ce:45:ae:22:20:c9:61:c3:28:71: ca:cf:e3:f7:86:a8:62:8d:88:90:f0:b5:8a:a0:04:e4:aa:34: 95:f6:c9:91:50:b0:79:c8:6d:ef:19:cd:f1:ae:2b:7f:3f:e6: da:99:a6:bb:28:55:f9:8b:4e:e2:90:bf:d9:1d:6b:3b:2c:53: 0e:3b:7e:ba:d8:3f:83:18:02:43:01:e2:de:d6:98:47:bb:72: 62:5f:f0:90:61:07:fa:ca:15:d2:d1:f3:61:b9:f3:0a:3a:13: 43:7a:fb:50:01:63:e9:b6:0c:f4:1a:90:22:21:9d:3e:68:4e: 46:d8:a1:4d:67:58:26:58:c8:30:0f:d5:6e:f0:28:2c:cc:5a: 70:75:a3:1a:98:0d:4e:f2:bf:dd:9d:d1:72:3c:85:57:3d:eb: 77:11:5f:c3:a7:01:82:15:fe:86:cd:b0:6c:9b:2b:5b:48:0e: 35:d6:4c:10:39:aa:b7:69:d5:5b:b0:af:17:4b:26:6d:01:ea: 55:3d:74:2e:e5:df:f6:7a:d2:78:81:73:42:2a:bb:72:a5:1f: 17:25:6b:36:65:42:96:2f:6c:8e:d3:65:b5:95:10:13:99:9d: bb:ea:9f:cf:42:a5:9f:57:3e:f5:fc:47:d6:cf:a3:33:b4:96: 92:f1:ba:a2 -----BEGIN CERTIFICATE----- MIIDoDCCAoigAwIBAgIUDeBl0opyfGB9+H6IbfCmgCPhOKkwDQYJKoZIhvcNAQEL BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA1ZdNzrmJewBP5B/2sB0mfcVCcCFAOqb5B1sRxvsPjnlG eK00cUa0+pZ1Bsg+x+karvBHf0tTSvJGg4mSsBERDAR8M+FLfrW1slSnKGQxe+Jc SgAwP4wh4GH2FeggA7/O07TsbieI+6mwmnN5JkZVowWsJbpvJDwXfRdsJa0UaAv9 ptZfWppKnW2G5Xe5UJxAK0CvHZJOInrB61cXFk36EuOMJY6NS3RPPmfNhCpjRkM8 RX+tvN1cAEZ+JTZD2ZgVofT2KV1UnSC4tuFM4/E8kUed69f4ovHF+Lx7v71AODkB O5gzEtnexvnrS+OCjphLKBvNuiLVswIS/ECG7D7nUQIDAQABo4HpMIHmMB0GA1Ud DgQWBBQbb9GoZxxfoIYb/3vg9HIzz3zwJjAfBgNVHSMEGDAWgBSywMIz/Y/1N0tS hYLdMV3Ooplx0DA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIC pDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD ggEBAAapmvXSUY2xzkWuIiDJYcMoccrP4/eGqGKNiJDwtYqgBOSqNJX2yZFQsHnI be8ZzfGuK38/5tqZprsoVfmLTuKQv9kdazssUw47frrYP4MYAkMB4t7WmEe7cmJf 8JBhB/rKFdLR82G58wo6E0N6+1ABY+m2DPQakCIhnT5oTkbYoU1nWCZYyDAP1W7w KCzMWnB1oxqYDU7yv92d0XI8hVc963cRX8OnAYIV/obNsGybK1tIDjXWTBA5qrdp 1VuwrxdLJm0B6lU9dC7l3/Z60niBc0Iqu3KlHxclazZlQpYvbI7TZbWVEBOZnbvq n89CpZ9XPvX8R9bPozO0lpLxuqI= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 03:1e:f6:e0:d5:64:b5:71:7d:eb:f5:6d:bf:03:da:71:a6:d9:eb:26 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Intermediate Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c6:14:bf:96:32:0d:cf:bb:58:2a:b4:3c:97:e5: 6c:22:92:ff:d3:14:e2:b9:0b:c9:fe:0d:09:d0:c6: b5:48:ed:e0:2a:25:04:2e:16:08:6b:55:da:d1:f3: b1:c1:1a:49:85:33:f4:bb:7c:d6:38:45:c8:af:4d: d4:a9:43:a7:56:cf:9c:40:a5:2b:b8:13:7f:ee:6b: fe:98:3b:ed:74:2a:5e:c7:9f:7c:e0:73:6c:a7:c4: d8:f1:e3:55:79:6c:02:7c:b4:e8:3f:1a:93:57:62: 3a:86:5b:24:db:70:f2:fd:94:91:95:6b:68:72:73: 31:44:a5:36:32:e6:77:37:bb:e1:cb:6d:b5:aa:20: 3a:02:7e:ff:44:6d:79:e4:7d:e6:d3:72:92:e9:59: 92:57:ff:be:e8:e2:d9:84:47:f8:a9:f6:11:ee:cf: 5b:7f:92:d8:19:44:7f:96:40:52:19:09:80:af:2f: 36:65:14:9a:fe:ef:aa:aa:c9:00:fb:ac:d3:87:59: 14:ab:69:52:4c:4f:87:0f:74:49:ab:c5:f2:fb:73: 23:c0:91:c9:93:82:6f:28:8d:23:f9:2d:f3:92:cc: f5:68:20:86:0d:37:35:d7:46:da:dd:4a:fc:92:3b: 32:a2:67:ba:f5:b3:49:13:76:e9:5e:78:a0:86:3e: de:2d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: B2:C0:C2:33:FD:8F:F5:37:4B:52:85:82:DD:31:5D:CE:A2:99:71:D0 X509v3 Authority Key Identifier: keyid:24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption 7b:29:9f:c7:c8:ce:5d:3f:cd:53:a3:2a:6e:8e:02:7a:b7:22: 6d:02:dc:50:3b:51:bc:25:b7:4f:d4:97:6d:c3:3c:dc:f2:17: be:47:94:48:14:db:9f:89:73:18:b2:75:a6:91:92:5d:84:54: d8:6c:f9:fe:e4:1f:be:53:e7:9d:c2:df:59:a0:ba:63:b6:67: db:05:a1:a5:0a:f9:9b:8a:b4:33:71:1b:a9:c7:91:9a:fa:c4: 2e:f9:2d:6a:7d:f3:34:81:51:72:99:4f:74:00:95:9a:9d:19: ee:6d:1b:b0:25:5d:ae:e5:fa:9a:ac:a6:ff:9b:63:51:f4:93: 41:bc:35:5b:da:f3:64:4c:53:46:23:07:08:1e:82:ff:86:25: fd:6e:26:dc:f2:bb:e9:62:84:24:ac:a0:f3:18:29:02:9a:11: 1e:30:c5:db:8e:cc:ef:f0:4b:75:25:1e:8e:8d:3b:81:93:ec: 25:d3:56:f6:a8:7c:85:f6:9c:6e:ff:c8:c3:dd:58:c7:3e:d3: 4a:a2:23:88:81:fd:25:6d:40:8f:e7:94:1c:a7:62:48:cd:de: 7a:22:de:55:4c:00:4a:75:e2:3d:29:a6:c1:c8:f0:69:cb:b1: de:0c:37:49:dd:8a:5a:88:63:8c:8b:e9:44:a2:a8:9a:18:d9: d5:33:07:ec -----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIUAx724NVktXF96/VtvwPacabZ6yYwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMYUv5YyDc+7WCq0PJflbCKS/9MU4rkLyf4NCdDGtUjt4Col BC4WCGtV2tHzscEaSYUz9Lt81jhFyK9N1KlDp1bPnEClK7gTf+5r/pg77XQqXsef fOBzbKfE2PHjVXlsAny06D8ak1diOoZbJNtw8v2UkZVraHJzMUSlNjLmdze74ctt taogOgJ+/0RteeR95tNykulZklf/vuji2YRH+Kn2Ee7PW3+S2BlEf5ZAUhkJgK8v NmUUmv7vqqrJAPus04dZFKtpUkxPhw90SavF8vtzI8CRyZOCbyiNI/kt85LM9Wgg hg03NddG2t1K/JI7MqJnuvWzSRN26V54oIY+3i0CAwEAAaOByzCByDAdBgNVHQ4E FgQUssDCM/2P9TdLUoWC3TFdzqKZcdAwHwYDVR0jBBgwFoAUJNu03j4/qh2wV3od fM2G6WvQFW8wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ MA0GCSqGSIb3DQEBCwUAA4IBAQB7KZ/HyM5dP81ToypujgJ6tyJtAtxQO1G8JbdP 1Jdtwzzc8he+R5RIFNufiXMYsnWmkZJdhFTYbPn+5B++U+edwt9ZoLpjtmfbBaGl CvmbirQzcRupx5Ga+sQu+S1qffM0gVFymU90AJWanRnubRuwJV2u5fqarKb/m2NR 9JNBvDVb2vNkTFNGIwcIHoL/hiX9bibc8rvpYoQkrKDzGCkCmhEeMMXbjszv8Et1 JR6OjTuBk+wl01b2qHyF9pxu/8jD3VjHPtNKoiOIgf0lbUCP55Qcp2JIzd56It5V TABKdeI9KabByPBpy7HeDDdJ3YpaiGOMi+lEoqiaGNnVMwfs -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 03:1e:f6:e0:d5:64:b5:71:7d:eb:f5:6d:bf:03:da:71:a6:d9:eb:25 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e4:4e:96:f6:de:02:05:e7:16:80:fa:ed:b1:3c: f3:19:ea:7b:d2:fe:ed:93:b7:09:37:7d:c1:98:9b: 65:a9:84:09:72:cd:e5:d8:da:21:44:c2:2e:92:95: 12:fe:35:0c:66:34:ad:f3:4f:c5:2f:d0:2e:57:41: 1c:3b:ce:c9:51:17:05:eb:06:f7:4f:fb:6e:27:9d: 06:d8:10:87:f4:97:5f:0f:9d:5d:d7:2b:d3:3b:21: 5b:5a:8f:20:e0:97:16:7b:15:39:d6:3f:ff:1d:06: 53:74:62:78:68:5b:ed:c2:05:e7:86:8b:1a:63:3a: d3:e4:a9:25:8f:0e:92:13:df:39:d6:31:82:bf:bd: ef:d4:21:9d:0e:7f:c9:90:ef:1d:c5:f3:c4:00:1e: 4a:03:61:f4:5e:cf:e9:58:e5:12:49:37:31:49:89: 54:d8:59:40:78:eb:e2:3f:75:9c:a5:ff:1c:33:b8: 6c:26:26:5a:8f:28:12:1f:4e:81:e5:a6:aa:dd:c6: d9:c9:94:6a:15:3c:9e:7a:59:29:92:cb:7a:f5:67: c4:d4:dd:4c:c5:6e:fb:b3:c2:5a:9d:f1:0b:35:17: 92:b6:85:dc:fd:45:c5:3f:13:f3:cd:fc:bc:b6:59: c0:17:0b:ce:b3:e1:47:d1:2f:34:74:a4:5c:ba:a9: cf:0d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F X509v3 Authority Key Identifier: keyid:24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption 29:e6:c6:f3:9d:9a:53:9b:3c:f8:79:c9:e3:d3:33:c6:2f:1c: 50:a2:de:7d:69:75:40:75:ba:af:8a:61:b0:f2:fc:3c:39:01: df:d6:c2:f6:df:a1:a5:3f:b3:f1:8e:09:3a:fb:87:ca:4c:cd: 5f:89:ca:d1:5d:d1:38:94:36:af:52:32:e3:67:9b:ad:6a:e6: f9:dc:92:1e:35:dd:81:9d:d7:5d:ce:75:14:74:2b:4a:16:ef: a0:74:ee:76:a5:4b:90:70:6f:de:d8:0a:1b:e3:0c:b5:f5:33: eb:74:dc:8e:f8:ef:a8:0e:52:74:b8:d4:4e:fb:42:e5:3d:8c: c3:71:d8:99:df:bf:c3:bf:87:e6:cd:84:89:ac:df:5d:c7:a6: 8e:b5:10:a5:8a:2f:66:3f:2f:79:c6:e7:9b:76:3b:5e:4f:ce: cf:cc:24:bd:6d:38:6d:b8:17:a6:31:ed:c2:d9:81:84:74:f6: 94:a9:6a:28:52:56:cd:a8:62:8d:c7:2f:73:e5:db:8e:f0:9d: a3:c9:b7:c4:07:10:99:be:b7:9f:66:bf:b1:51:30:ee:f5:55: ba:1e:39:a8:73:ca:10:68:7e:29:c7:42:9f:01:6b:47:cd:47: 08:52:80:3d:b1:f0:94:a7:35:21:37:47:d8:d9:c8:5a:a5:be: 75:37:89:fb -----BEGIN CERTIFICATE----- MIIDeDCCAmCgAwIBAgIUAx724NVktXF96/VtvwPacabZ6yUwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDkTpb23gIF5xaA+u2xPPMZ6nvS/u2Ttwk3fcGYm2WphAlyzeXY2iFEwi6S lRL+NQxmNK3zT8Uv0C5XQRw7zslRFwXrBvdP+24nnQbYEIf0l18PnV3XK9M7IVta jyDglxZ7FTnWP/8dBlN0YnhoW+3CBeeGixpjOtPkqSWPDpIT3znWMYK/ve/UIZ0O f8mQ7x3F88QAHkoDYfRez+lY5RJJNzFJiVTYWUB46+I/dZyl/xwzuGwmJlqPKBIf ToHlpqrdxtnJlGoVPJ56WSmSy3r1Z8TU3UzFbvuzwlqd8Qs1F5K2hdz9RcU/E/PN /Ly2WcAXC86z4UfRLzR0pFy6qc8NAgMBAAGjgcswgcgwHQYDVR0OBBYEFCTbtN4+ P6odsFd6HXzNhulr0BVvMB8GA1UdIwQYMBaAFCTbtN4+P6odsFd6HXzNhulr0BVv MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 9w0BAQsFAAOCAQEAKebG852aU5s8+HnJ49Mzxi8cUKLefWl1QHW6r4phsPL8PDkB 39bC9t+hpT+z8Y4JOvuHykzNX4nK0V3ROJQ2r1Iy42ebrWrm+dySHjXdgZ3XXc51 FHQrShbvoHTudqVLkHBv3tgKG+MMtfUz63TcjvjvqA5SdLjUTvtC5T2Mw3HYmd+/ w7+H5s2EiazfXcemjrUQpYovZj8vecbnm3Y7Xk/Oz8wkvW04bbgXpjHtwtmBhHT2 lKlqKFJWzahijccvc+XbjvCdo8m3xAcQmb63n2a/sVEw7vVVuh45qHPKEGh+KcdC nwFrR81HCFKAPbHwlKc1ITdH2NnIWqW+dTeJ+w== -----END CERTIFICATE-----