1[Created by: ./generate-chains.py] 2 3Certificate chain with inhibitAnyPolicy=1 on the root, and an intermediate 4that uses anyPolicy. Should succeed since anyPolicy is still allowed for 5intermediate. 6 7Certificate: 8 Data: 9 Version: 3 (0x2) 10 Serial Number: 11 1f:68:8f:ee:fd:60:39:09:33:64:83:cf:6f:a4:7c:43:a0:48:dd:fb 12 Signature Algorithm: sha256WithRSAEncryption 13 Issuer: CN=Intermediate 14 Validity 15 Not Before: Oct 5 12:00:00 2021 GMT 16 Not After : Oct 5 12:00:00 2022 GMT 17 Subject: CN=Target 18 Subject Public Key Info: 19 Public Key Algorithm: rsaEncryption 20 Public-Key: (2048 bit) 21 Modulus: 22 00:ae:0d:42:e9:f2:fa:b9:8c:97:53:ed:60:ed:92: 23 0f:08:11:8d:65:ea:98:d7:d4:84:8f:53:b6:58:60: 24 72:d6:c2:1d:76:c0:6c:93:27:32:58:1a:88:23:93: 25 5a:a0:d8:6e:f5:5a:2c:1e:ba:5f:4d:e3:30:93:4c: 26 bd:04:0f:7b:b9:4b:17:b0:0d:22:a0:ca:ff:f7:9e: 27 f6:ff:08:d3:9d:ab:52:03:a1:f8:5c:14:de:6e:8d: 28 cc:16:8e:5d:fa:2b:40:d6:fb:9b:fa:a0:c1:08:10: 29 80:c2:ea:68:ec:a1:52:a8:0b:97:5f:e0:17:6a:bc: 30 0b:1e:43:1f:f6:ee:4f:c2:75:a1:9e:76:88:9b:06: 31 b2:3f:5e:3f:f0:a1:e9:e8:2e:af:70:ed:17:a6:39: 32 e3:74:82:b7:ff:94:9a:47:9e:e7:7b:75:1c:4d:7d: 33 83:a6:0b:df:e5:fd:af:12:3d:33:b5:a0:83:91:21: 34 d7:02:82:47:cb:b5:5a:f6:5e:0c:96:1c:36:a5:f3: 35 8a:a7:31:c5:8f:c5:b5:11:a3:af:1f:af:ba:46:a3: 36 89:98:73:96:91:ee:34:83:22:f5:a2:e5:5f:e9:9a: 37 97:12:36:0e:f4:11:8d:a4:10:2e:81:12:3d:44:a0: 38 33:80:ff:a0:5a:95:81:f8:9f:32:80:f0:d4:44:62: 39 40:25 40 Exponent: 65537 (0x10001) 41 X509v3 extensions: 42 X509v3 Subject Key Identifier: 43 84:09:4F:4B:7E:C1:B5:A8:C6:F1:92:14:50:B2:A2:82:63:56:F2:EB 44 X509v3 Authority Key Identifier: 45 44:9B:0F:5D:73:05:AB:7F:5A:A4:88:72:CE:78:3F:D4:5F:1B:F7:5B 46 Authority Information Access: 47 CA Issuers - URI:http://url-for-aia/Intermediate.cer 48 X509v3 CRL Distribution Points: 49 Full Name: 50 URI:http://url-for-crl/Intermediate.crl 51 X509v3 Key Usage: critical 52 Digital Signature, Key Encipherment 53 X509v3 Extended Key Usage: 54 TLS Web Server Authentication, TLS Web Client Authentication 55 X509v3 Certificate Policies: critical 56 Policy: 1.2.3.5 57 Signature Algorithm: sha256WithRSAEncryption 58 Signature Value: 59 5e:38:2c:b0:f6:9b:52:fd:b9:00:87:8b:cb:59:05:a7:bd:d8: 60 63:06:2c:21:14:1a:55:30:37:9b:30:3f:33:00:00:7c:89:01: 61 55:26:81:89:82:5c:cf:43:90:b7:a9:62:29:56:60:a6:ff:6f: 62 8c:5f:fb:01:56:79:49:63:40:dd:06:16:99:e5:6d:d5:2d:fc: 63 33:28:cc:85:87:e9:eb:0c:5b:ca:48:c3:72:4b:68:91:01:6a: 64 e5:25:80:0b:e4:c4:71:0d:c6:c8:72:b9:16:8f:1c:9c:1d:94: 65 34:29:b0:68:89:a4:ef:a8:cf:b6:90:6b:65:82:72:06:af:86: 66 26:10:c6:dd:43:48:18:3c:b1:2a:e4:2f:47:d4:41:e9:1a:70: 67 bd:fe:35:48:9a:f9:06:49:c2:7e:9a:b4:aa:0d:a3:10:8a:1e: 68 b3:fb:66:41:2e:2d:c8:1f:65:74:e2:cf:7b:f8:59:85:01:ec: 69 78:84:ee:3b:d8:9f:db:5c:54:5e:0c:b2:9d:4d:af:0a:5b:5a: 70 9b:52:f6:2f:30:10:9b:58:64:73:71:5a:c7:c8:0b:57:d0:4a: 71 21:60:1c:02:51:a9:03:63:ea:b0:92:82:d8:20:73:30:84:a9: 72 33:95:0f:9f:42:84:61:c1:89:17:d2:42:03:77:ef:9d:04:2d: 73 92:13:95:aa 74-----BEGIN CERTIFICATE----- 75MIIDtTCCAp2gAwIBAgIUH2iP7v1gOQkzZIPPb6R8Q6BI3fswDQYJKoZIhvcNAQEL 76BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy 77MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF 78AAOCAQ8AMIIBCgKCAQEArg1C6fL6uYyXU+1g7ZIPCBGNZeqY19SEj1O2WGBy1sId 79dsBskycyWBqII5NaoNhu9VosHrpfTeMwk0y9BA97uUsXsA0ioMr/9572/wjTnatS 80A6H4XBTebo3MFo5d+itA1vub+qDBCBCAwupo7KFSqAuXX+AXarwLHkMf9u5PwnWh 81nnaImwayP14/8KHp6C6vcO0XpjnjdIK3/5SaR57ne3UcTX2Dpgvf5f2vEj0ztaCD 82kSHXAoJHy7Va9l4Mlhw2pfOKpzHFj8W1EaOvH6+6RqOJmHOWke40gyL1ouVf6ZqX 83EjYO9BGNpBAugRI9RKAzgP+gWpWB+J8ygPDURGJAJQIDAQABo4H+MIH7MB0GA1Ud 84DgQWBBSECU9LfsG1qMbxkhRQsqKCY1by6zAfBgNVHSMEGDAWgBREmw9dcwWrf1qk 85iHLOeD/UXxv3WzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 86cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 87dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF 88oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF 89BgMqAwUwDQYJKoZIhvcNAQELBQADggEBAF44LLD2m1L9uQCHi8tZBae92GMGLCEU 90GlUwN5swPzMAAHyJAVUmgYmCXM9DkLepYilWYKb/b4xf+wFWeUljQN0GFpnlbdUt 91/DMozIWH6esMW8pIw3JLaJEBauUlgAvkxHENxshyuRaPHJwdlDQpsGiJpO+oz7aQ 92a2WCcgavhiYQxt1DSBg8sSrkL0fUQekacL3+NUia+QZJwn6atKoNoxCKHrP7ZkEu 93LcgfZXTiz3v4WYUB7HiE7jvYn9tcVF4Msp1NrwpbWptS9i8wEJtYZHNxWsfIC1fQ 94SiFgHAJRqQNj6rCSgtggczCEqTOVD59ChGHBiRfSQgN3750ELZITlao= 95-----END CERTIFICATE----- 96 97Certificate: 98 Data: 99 Version: 3 (0x2) 100 Serial Number: 101 70:09:64:da:50:cc:c6:d4:9d:ae:e5:e6:0a:57:94:4b:37:e5:92:ff 102 Signature Algorithm: sha256WithRSAEncryption 103 Issuer: CN=Root 104 Validity 105 Not Before: Oct 5 12:00:00 2021 GMT 106 Not After : Oct 5 12:00:00 2022 GMT 107 Subject: CN=Intermediate 108 Subject Public Key Info: 109 Public Key Algorithm: rsaEncryption 110 Public-Key: (2048 bit) 111 Modulus: 112 00:89:26:5d:b6:91:69:ea:ce:b4:ed:b5:36:0b:7c: 113 c3:7e:e4:68:84:e8:9e:bb:52:76:dc:a5:f2:9e:76: 114 26:51:b7:d2:db:9f:5f:f1:ae:9f:72:f3:16:e4:f1: 115 aa:b7:f6:d6:c9:1e:da:ef:d2:d5:f7:a2:b0:f9:e2: 116 7b:01:01:33:40:2b:03:85:de:10:e4:e9:ff:5e:d4: 117 c3:72:f8:ee:51:1b:aa:ff:1e:c1:1d:83:ff:d6:c5: 118 54:8e:b8:60:73:b1:bf:6f:bf:3f:02:b9:fb:7a:bd: 119 c9:c4:71:d1:d7:de:b0:c0:3b:69:cf:dd:2b:9f:88: 120 81:12:b0:3b:61:bc:3c:29:56:71:2d:04:c1:1f:9f: 121 74:77:de:d5:a5:ac:00:e9:d5:fd:a8:e1:76:0b:e8: 122 8f:f2:a8:64:a6:59:6f:33:42:e6:e8:15:64:10:b2: 123 8d:db:51:23:73:01:0e:bf:d3:ad:17:65:cc:b2:c2: 124 a0:06:f6:ba:16:9a:80:0d:ac:3c:9c:15:73:0f:15: 125 64:dd:f6:99:55:70:b5:91:78:08:93:79:57:fb:83: 126 89:e3:cd:b4:5a:b0:56:eb:00:6b:cc:7c:c0:02:e4: 127 ae:0a:84:63:e2:5f:c0:f3:a9:a1:16:cb:bb:f1:ef: 128 56:75:95:d9:b8:bc:55:7d:61:45:73:32:e5:a5:87: 129 56:bb 130 Exponent: 65537 (0x10001) 131 X509v3 extensions: 132 X509v3 Subject Key Identifier: 133 44:9B:0F:5D:73:05:AB:7F:5A:A4:88:72:CE:78:3F:D4:5F:1B:F7:5B 134 X509v3 Authority Key Identifier: 135 FB:09:9A:AA:11:65:B8:7C:67:A5:6E:C4:AB:74:FE:5F:54:0A:A2:A7 136 Authority Information Access: 137 CA Issuers - URI:http://url-for-aia/Root.cer 138 X509v3 CRL Distribution Points: 139 Full Name: 140 URI:http://url-for-crl/Root.crl 141 X509v3 Key Usage: critical 142 Certificate Sign, CRL Sign 143 X509v3 Basic Constraints: critical 144 CA:TRUE 145 X509v3 Policy Constraints: critical 146 Require Explicit Policy:0 147 X509v3 Certificate Policies: critical 148 Policy: X509v3 Any Policy 149 Signature Algorithm: sha256WithRSAEncryption 150 Signature Value: 151 da:6c:b3:22:9a:bf:00:10:72:85:11:8b:3e:23:63:52:f4:a2: 152 63:ee:85:73:02:c0:61:da:8e:92:5d:8c:43:f5:a9:02:32:9d: 153 f2:10:0f:5c:df:1c:22:fd:dd:cf:23:4b:9f:1a:f3:b5:07:ea: 154 81:00:06:a7:58:d4:f7:b1:12:ca:3a:67:2b:82:84:ed:38:da: 155 e5:c6:bf:0c:d0:af:dc:7a:17:b1:c9:33:9a:81:96:2f:61:9e: 156 c8:58:cb:96:35:e3:84:60:93:8b:a6:da:56:b4:63:f1:55:c7: 157 19:c0:28:7e:05:df:1b:36:0b:52:31:bd:d1:3e:e5:7d:f7:bf: 158 d4:47:fa:08:d3:92:de:33:33:00:84:8c:1f:b2:bb:45:63:a5: 159 fb:9d:6b:d2:ee:ea:0b:c1:58:ae:de:31:d3:de:0e:6f:8e:cb: 160 05:7a:75:6d:38:c3:b6:a9:5b:08:3c:93:35:0f:94:ca:ea:bc: 161 b2:1e:a5:70:04:65:4e:4b:99:5e:e3:09:a7:b6:de:6a:f9:a1: 162 48:37:ae:24:20:45:88:ea:78:81:25:8b:57:90:3e:8c:0f:8d: 163 ec:00:e3:3e:c7:43:d1:e3:ca:6a:81:5f:e1:c8:c7:7f:23:55: 164 e3:e2:8c:8a:b7:4d:9c:e9:47:93:2d:60:ca:6e:f8:7f:7d:46: 165 3f:14:d1:d9 166-----BEGIN CERTIFICATE----- 167MIIDpzCCAo+gAwIBAgIUcAlk2lDMxtSdruXmCleUSzflkv8wDQYJKoZIhvcNAQEL 168BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 169MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD 170ggEPADCCAQoCggEBAIkmXbaRaerOtO21Ngt8w37kaITonrtSdtyl8p52JlG30tuf 171X/Gun3LzFuTxqrf21ske2u/S1feisPniewEBM0ArA4XeEOTp/17Uw3L47lEbqv8e 172wR2D/9bFVI64YHOxv2+/PwK5+3q9ycRx0dfesMA7ac/dK5+IgRKwO2G8PClWcS0E 173wR+fdHfe1aWsAOnV/ajhdgvoj/KoZKZZbzNC5ugVZBCyjdtRI3MBDr/TrRdlzLLC 174oAb2uhaagA2sPJwVcw8VZN32mVVwtZF4CJN5V/uDiePNtFqwVusAa8x8wALkrgqE 175Y+JfwPOpoRbLu/HvVnWV2bi8VX1hRXMy5aWHVrsCAwEAAaOB8jCB7zAdBgNVHQ4E 176FgQURJsPXXMFq39apIhyzng/1F8b91swHwYDVR0jBBgwFoAU+wmaqhFluHxnpW7E 177q3T+X1QKoqcwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs 178LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m 179b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ 180MA8GA1UdJAEB/wQFMAOAAQAwFAYDVR0gAQH/BAowCDAGBgRVHSAAMA0GCSqGSIb3 181DQEBCwUAA4IBAQDabLMimr8AEHKFEYs+I2NS9KJj7oVzAsBh2o6SXYxD9akCMp3y 182EA9c3xwi/d3PI0ufGvO1B+qBAAanWNT3sRLKOmcrgoTtONrlxr8M0K/cehexyTOa 183gZYvYZ7IWMuWNeOEYJOLptpWtGPxVccZwCh+Bd8bNgtSMb3RPuV997/UR/oI05Le 184MzMAhIwfsrtFY6X7nWvS7uoLwViu3jHT3g5vjssFenVtOMO2qVsIPJM1D5TK6ryy 185HqVwBGVOS5le4wmntt5q+aFIN64kIEWI6niBJYtXkD6MD43sAOM+x0PR48pqgV/h 186yMd/I1Xj4oyKt02c6UeTLWDKbvh/fUY/FNHZ 187-----END CERTIFICATE----- 188 189Certificate: 190 Data: 191 Version: 3 (0x2) 192 Serial Number: 193 70:09:64:da:50:cc:c6:d4:9d:ae:e5:e6:0a:57:94:4b:37:e5:92:fe 194 Signature Algorithm: sha256WithRSAEncryption 195 Issuer: CN=Root 196 Validity 197 Not Before: Oct 5 12:00:00 2021 GMT 198 Not After : Oct 5 12:00:00 2022 GMT 199 Subject: CN=Root 200 Subject Public Key Info: 201 Public Key Algorithm: rsaEncryption 202 Public-Key: (2048 bit) 203 Modulus: 204 00:da:86:a0:3a:dc:6f:58:98:e5:86:57:9e:07:6c: 205 f1:8c:87:54:d3:9b:7b:2c:aa:95:29:d5:86:b0:16: 206 b2:78:62:12:a4:09:3e:1a:38:7c:1f:32:be:bd:59: 207 55:58:3a:8a:2e:9b:28:54:09:0c:ec:d7:e8:e5:ee: 208 94:62:7f:f0:b7:cb:d1:36:d9:fc:71:bb:f5:74:bf: 209 d0:58:8e:bd:fc:1d:0e:ae:08:58:cc:17:cd:21:69: 210 1c:db:1f:7a:ee:6b:40:ed:4b:6d:8f:43:32:f8:14: 211 58:ac:94:dc:97:cc:35:04:e5:6f:17:66:53:c8:21: 212 ae:0e:8b:a8:bd:3b:41:66:af:fa:f6:b2:af:0c:a0: 213 c8:17:ea:d7:5c:cc:84:9b:9a:5b:cc:23:73:f7:b6: 214 a8:d3:05:27:b7:2a:95:ac:c8:1f:dd:5e:52:e3:6a: 215 38:73:31:f6:f3:3a:ca:7d:57:d1:ff:a6:59:4e:9a: 216 29:68:be:b5:8b:9a:b1:2f:d1:41:c2:fd:f7:fb:aa: 217 bc:07:34:56:a9:ea:8b:b3:87:54:c7:8b:15:41:2a: 218 56:aa:42:00:27:5d:2c:36:68:1e:d3:02:76:3e:00: 219 1f:90:4a:a6:f5:d9:9e:b2:aa:10:85:ba:73:65:09: 220 d1:fb:51:58:9f:a9:f0:d0:1f:a0:7d:56:d6:e9:ed: 221 f3:a5 222 Exponent: 65537 (0x10001) 223 X509v3 extensions: 224 X509v3 Subject Key Identifier: 225 FB:09:9A:AA:11:65:B8:7C:67:A5:6E:C4:AB:74:FE:5F:54:0A:A2:A7 226 X509v3 Authority Key Identifier: 227 FB:09:9A:AA:11:65:B8:7C:67:A5:6E:C4:AB:74:FE:5F:54:0A:A2:A7 228 Authority Information Access: 229 CA Issuers - URI:http://url-for-aia/Root.cer 230 X509v3 CRL Distribution Points: 231 Full Name: 232 URI:http://url-for-crl/Root.crl 233 X509v3 Key Usage: critical 234 Certificate Sign, CRL Sign 235 X509v3 Basic Constraints: critical 236 CA:TRUE 237 X509v3 Inhibit Any Policy: critical 238 1 239 Signature Algorithm: sha256WithRSAEncryption 240 Signature Value: 241 06:70:58:59:b1:7c:e9:8f:75:42:27:f0:eb:e9:bd:b9:c1:11: 242 47:12:18:e7:a7:11:c7:fe:6c:08:c2:40:5a:d7:90:8d:53:12: 243 b4:01:93:69:87:ec:dc:40:69:2e:d1:b1:04:1d:36:d4:ae:6f: 244 bd:22:d7:8d:9e:cf:ff:c7:14:f2:36:43:e6:a3:0c:54:0c:52: 245 3f:65:ff:8e:4c:34:1b:83:6b:12:01:09:87:cd:f0:1a:67:89: 246 e0:2d:24:a9:85:af:25:7a:3b:d0:2a:d0:a5:8e:ee:9c:cf:fa: 247 81:8a:db:1a:33:74:2f:e8:b4:73:67:26:20:c4:86:75:ae:2a: 248 ef:f6:6b:f8:3c:3f:d8:a2:be:b3:82:70:74:8b:d4:b8:cb:6b: 249 31:de:29:77:22:22:85:46:8a:3f:7a:f4:8a:8b:40:77:3b:92: 250 7a:59:57:ab:4d:84:84:c9:19:35:a6:45:95:65:41:3c:f1:4e: 251 a1:d3:c0:bd:c2:d4:bb:fe:32:26:1c:fc:25:3c:87:3b:c4:29: 252 ce:1b:1b:dd:9c:3f:1c:bf:b6:5b:9e:d4:46:79:ea:94:70:0b: 253 fb:5a:d0:9c:2e:be:0e:a8:fd:38:fc:2a:65:31:5b:a4:1d:52: 254 e0:e0:9f:07:76:72:e7:41:e9:95:6f:04:42:9e:88:a6:3c:d6: 255 ad:7d:6a:48 256-----BEGIN CERTIFICATE----- 257MIIDhzCCAm+gAwIBAgIUcAlk2lDMxtSdruXmCleUSzflkv4wDQYJKoZIhvcNAQEL 258BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 259MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 260AoIBAQDahqA63G9YmOWGV54HbPGMh1TTm3ssqpUp1YawFrJ4YhKkCT4aOHwfMr69 261WVVYOooumyhUCQzs1+jl7pRif/C3y9E22fxxu/V0v9BYjr38HQ6uCFjMF80haRzb 262H3rua0DtS22PQzL4FFislNyXzDUE5W8XZlPIIa4Oi6i9O0Fmr/r2sq8MoMgX6tdc 263zISbmlvMI3P3tqjTBSe3KpWsyB/dXlLjajhzMfbzOsp9V9H/pllOmilovrWLmrEv 2640UHC/ff7qrwHNFap6ouzh1THixVBKlaqQgAnXSw2aB7TAnY+AB+QSqb12Z6yqhCF 265unNlCdH7UVifqfDQH6B9Vtbp7fOlAgMBAAGjgdowgdcwHQYDVR0OBBYEFPsJmqoR 266Zbh8Z6VuxKt0/l9UCqKnMB8GA1UdIwQYMBaAFPsJmqoRZbh8Z6VuxKt0/l9UCqKn 267MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh 268L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S 269b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYB 270Af8EAwIBATANBgkqhkiG9w0BAQsFAAOCAQEABnBYWbF86Y91Qifw6+m9ucERRxIY 27156cRx/5sCMJAWteQjVMStAGTaYfs3EBpLtGxBB021K5vvSLXjZ7P/8cU8jZD5qMM 272VAxSP2X/jkw0G4NrEgEJh83wGmeJ4C0kqYWvJXo70CrQpY7unM/6gYrbGjN0L+i0 273c2cmIMSGda4q7/Zr+Dw/2KK+s4JwdIvUuMtrMd4pdyIihUaKP3r0iotAdzuSellX 274q02EhMkZNaZFlWVBPPFOodPAvcLUu/4yJhz8JTyHO8Qpzhsb3Zw/HL+2W57URnnq 275lHAL+1rQnC6+Dqj9OPwqZTFbpB1S4OCfB3Zy50HplW8EQp6IpjzWrX1qSA== 276-----END CERTIFICATE----- 277