1[Created by: generate-chains.py] 2 3Certificate chain where the intermediate restricts the extended key usage to 4clientAuth + any, and the target sets serverAuth + clientAuth. 5 6Certificate: 7 Data: 8 Version: 3 (0x2) 9 Serial Number: 10 0f:19:5d:e8:71:6f:db:08:2d:79:97:74:46:0c:ac:d5:3d:49:b8:b2 11 Signature Algorithm: sha256WithRSAEncryption 12 Issuer: CN=Intermediate 13 Validity 14 Not Before: Oct 5 12:00:00 2021 GMT 15 Not After : Oct 5 12:00:00 2022 GMT 16 Subject: CN=Target 17 Subject Public Key Info: 18 Public Key Algorithm: rsaEncryption 19 RSA Public-Key: (2048 bit) 20 Modulus: 21 00:ae:2e:8b:18:8d:f7:76:2c:94:0c:3f:a0:b6:ea: 22 70:1f:5e:c8:48:c5:aa:ad:55:6b:bd:55:68:0d:8e: 23 ce:e5:99:27:c5:2c:b2:9a:29:a9:8f:8e:c3:c6:97: 24 89:6d:31:d7:a4:8f:d8:36:37:4f:33:c7:d6:42:03: 25 11:08:c4:7f:35:8c:ee:0f:1b:7a:31:74:04:aa:01: 26 d3:1e:8b:5b:01:9d:60:4b:9c:d1:8f:1e:ab:e5:dc: 27 8f:17:77:49:e3:f6:d5:82:a5:2f:0a:e8:dc:9f:96: 28 1e:2a:a1:41:d1:67:2c:9e:f3:7f:94:0c:6e:cf:5f: 29 55:52:37:05:d0:39:37:1a:6e:11:ed:db:fa:aa:92: 30 a7:4f:50:29:07:69:af:1d:a7:99:fa:e1:56:f0:03: 31 38:b0:ae:6b:e7:19:0b:dd:c3:07:31:8e:84:04:a5: 32 b4:eb:b8:bc:23:f3:40:b0:17:b4:ab:9e:3f:05:96: 33 89:fc:84:23:cc:d1:06:c2:e4:8b:c6:65:f5:24:eb: 34 72:31:bc:41:7d:3a:c9:55:08:0c:ee:a6:ae:1f:78: 35 17:f8:a7:9d:7b:b1:82:f5:ce:82:6b:a8:b2:c6:8a: 36 b9:be:a5:d8:39:f4:49:e2:4c:53:32:85:26:53:4d: 37 44:ce:d5:3b:a0:6b:e7:d9:02:a1:5a:ef:e1:a5:81: 38 a7:fb 39 Exponent: 65537 (0x10001) 40 X509v3 extensions: 41 X509v3 Subject Key Identifier: 42 EB:B0:1C:BD:B7:68:B8:D1:B9:8A:C2:9F:5D:CF:DD:AF:F2:62:70:8A 43 X509v3 Authority Key Identifier: 44 keyid:EE:C6:9A:65:CC:FB:CE:A0:3E:17:02:F9:68:12:86:B6:22:09:60:B4 45 46 Authority Information Access: 47 CA Issuers - URI:http://url-for-aia/Intermediate.cer 48 49 X509v3 CRL Distribution Points: 50 51 Full Name: 52 URI:http://url-for-crl/Intermediate.crl 53 54 X509v3 Key Usage: critical 55 Digital Signature, Key Encipherment 56 X509v3 Extended Key Usage: 57 TLS Web Server Authentication, TLS Web Client Authentication 58 Signature Algorithm: sha256WithRSAEncryption 59 7d:52:94:c4:f5:ef:51:88:eb:38:95:e1:ca:72:b3:12:9f:3f: 60 92:8f:32:0d:cb:45:0d:13:f1:7b:72:27:36:e3:d8:e8:d0:1b: 61 bf:47:f0:d9:81:83:bf:ea:14:b2:b3:58:91:c1:71:b8:00:d2: 62 1b:28:90:a3:8e:d0:9f:0e:01:7e:0a:f9:17:a2:14:ea:cc:8f: 63 2e:bd:28:7d:1f:1a:91:1e:36:f9:6f:01:5c:c9:3b:e8:83:76: 64 46:db:7a:f9:81:3c:85:cb:50:40:f1:f8:cb:c1:f8:cb:be:4f: 65 84:3c:76:fa:1d:92:4a:b6:72:d2:ef:e0:4e:d9:13:be:8c:c8: 66 3f:e5:0f:33:de:94:65:f7:2f:bc:57:86:0b:dc:a3:83:1d:7a: 67 41:70:fa:7b:57:b7:d9:63:f9:14:9b:8d:c2:65:71:e6:27:94: 68 06:6a:68:7a:88:69:13:34:ae:29:46:61:dc:64:44:de:f8:a2: 69 ad:fb:69:7d:e3:bc:5c:2f:45:c1:68:ff:8d:d8:b9:51:91:f3: 70 12:6f:fd:2a:1f:90:05:21:08:19:5e:79:06:9d:2c:d7:ea:86: 71 08:fd:94:70:e4:cc:1d:b9:ef:6d:fc:bd:9b:21:42:e6:84:9f: 72 c2:3e:6b:18:36:8c:ea:ff:8e:24:1b:e0:b1:05:09:d5:e8:93: 73 cd:fd:b0:51 74-----BEGIN CERTIFICATE----- 75MIIDoDCCAoigAwIBAgIUDxld6HFv2wgteZd0Rgys1T1JuLIwDQYJKoZIhvcNAQEL 76BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy 77MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF 78AAOCAQ8AMIIBCgKCAQEAri6LGI33diyUDD+gtupwH17ISMWqrVVrvVVoDY7O5Zkn 79xSyymimpj47DxpeJbTHXpI/YNjdPM8fWQgMRCMR/NYzuDxt6MXQEqgHTHotbAZ1g 80S5zRjx6r5dyPF3dJ4/bVgqUvCujcn5YeKqFB0WcsnvN/lAxuz19VUjcF0Dk3Gm4R 817dv6qpKnT1ApB2mvHaeZ+uFW8AM4sK5r5xkL3cMHMY6EBKW067i8I/NAsBe0q54/ 82BZaJ/IQjzNEGwuSLxmX1JOtyMbxBfTrJVQgM7qauH3gX+Kede7GC9c6Ca6iyxoq5 83vqXYOfRJ4kxTMoUmU01EztU7oGvn2QKhWu/hpYGn+wIDAQABo4HpMIHmMB0GA1Ud 84DgQWBBTrsBy9t2i40bmKwp9dz92v8mJwijAfBgNVHSMEGDAWgBTuxpplzPvOoD4X 85AvloEoa2IglgtDA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 86cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 87dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF 88oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD 89ggEBAH1SlMT171GI6ziV4cpysxKfP5KPMg3LRQ0T8XtyJzbj2OjQG79H8NmBg7/q 90FLKzWJHBcbgA0hsokKOO0J8OAX4K+ReiFOrMjy69KH0fGpEeNvlvAVzJO+iDdkbb 91evmBPIXLUEDx+MvB+Mu+T4Q8dvodkkq2ctLv4E7ZE76MyD/lDzPelGX3L7xXhgvc 92o4MdekFw+ntXt9lj+RSbjcJlceYnlAZqaHqIaRM0rilGYdxkRN74oq37aX3jvFwv 93RcFo/43YuVGR8xJv/SofkAUhCBleeQadLNfqhgj9lHDkzB257238vZshQuaEn8I+ 94axg2jOr/jiQb4LEFCdXok839sFE= 95-----END CERTIFICATE----- 96 97Certificate: 98 Data: 99 Version: 3 (0x2) 100 Serial Number: 101 22:f0:bc:f5:46:4d:72:4b:8a:5f:7a:8d:54:e1:d7:60:ae:dd:08:ea 102 Signature Algorithm: sha256WithRSAEncryption 103 Issuer: CN=Root 104 Validity 105 Not Before: Oct 5 12:00:00 2021 GMT 106 Not After : Oct 5 12:00:00 2022 GMT 107 Subject: CN=Intermediate 108 Subject Public Key Info: 109 Public Key Algorithm: rsaEncryption 110 RSA Public-Key: (2048 bit) 111 Modulus: 112 00:d1:41:40:6f:cb:25:05:d9:29:d0:a3:c7:fe:2f: 113 f0:53:ad:46:36:19:aa:b1:1f:3f:7a:a2:e0:fb:03: 114 2b:77:65:6a:79:eb:f3:a3:16:13:34:83:3b:42:de: 115 a2:bb:e2:bf:d8:d2:75:3d:48:38:86:bb:2a:7d:14: 116 a3:88:f7:7c:00:f4:0a:6b:6b:aa:9b:44:24:62:fe: 117 db:a3:42:55:15:67:2a:32:ff:b2:4d:80:93:d0:84: 118 ef:1b:dc:7c:ac:56:2d:54:08:02:f6:18:6e:b5:80: 119 a8:77:52:1f:b8:2c:09:6d:cc:f8:1c:04:91:62:6e: 120 1e:dd:1d:89:b2:f1:23:0b:4d:4c:6c:da:49:3d:61: 121 83:72:0f:66:36:12:3f:f3:ff:53:52:73:53:a1:ca: 122 38:bd:c3:48:bf:7a:2f:13:19:d7:c2:28:e1:6f:32: 123 00:5e:64:ac:4b:05:7a:77:62:57:55:a9:59:83:d5: 124 ed:a3:2e:28:34:71:79:2f:b9:c3:9e:df:b3:2a:b1: 125 59:cd:04:00:1d:8b:11:56:ae:c6:67:f6:4f:1d:58: 126 07:65:e0:b0:2f:ef:57:6d:de:c1:a0:7c:6e:38:a8: 127 45:26:21:96:e0:f6:ef:0e:28:cf:01:70:57:dc:20: 128 15:08:ad:e8:e3:98:74:8c:54:32:c1:28:17:e0:de: 129 a1:8b 130 Exponent: 65537 (0x10001) 131 X509v3 extensions: 132 X509v3 Subject Key Identifier: 133 EE:C6:9A:65:CC:FB:CE:A0:3E:17:02:F9:68:12:86:B6:22:09:60:B4 134 X509v3 Authority Key Identifier: 135 keyid:42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 136 137 Authority Information Access: 138 CA Issuers - URI:http://url-for-aia/Root.cer 139 140 X509v3 CRL Distribution Points: 141 142 Full Name: 143 URI:http://url-for-crl/Root.crl 144 145 X509v3 Key Usage: critical 146 Certificate Sign, CRL Sign 147 X509v3 Basic Constraints: critical 148 CA:TRUE 149 X509v3 Extended Key Usage: 150 TLS Web Client Authentication, Any Extended Key Usage 151 Signature Algorithm: sha256WithRSAEncryption 152 b8:a7:e9:54:83:94:a0:c7:37:16:41:dc:31:79:23:f9:84:53: 153 05:28:be:08:e0:f4:de:d9:bd:67:70:da:b3:7e:00:30:80:d9: 154 2c:7f:3d:1e:5f:16:75:40:a0:85:d8:4b:99:63:d7:ca:ac:b6: 155 88:07:4b:21:9c:97:85:0d:e5:d5:4e:2c:4c:ca:2f:04:fd:39: 156 52:b9:b7:eb:90:48:d1:2a:ed:a5:fc:e5:0d:d6:e3:8d:30:69: 157 99:79:cc:8f:17:89:61:d2:6d:d8:58:21:ec:49:80:74:d2:64: 158 98:97:04:bc:c8:61:ce:13:6a:b7:d7:ac:58:3a:27:3e:d8:c1: 159 46:d0:f8:ee:e3:1b:0b:2f:ef:6f:e2:8f:34:ab:08:09:69:d2: 160 62:58:70:84:dd:6c:e1:23:29:38:10:b4:8d:b4:e0:27:34:ad: 161 12:72:8c:f0:8f:53:6e:c2:ea:b0:7c:29:59:16:39:1a:9e:b7: 162 10:2d:64:45:9e:8f:79:ec:92:c7:cd:3b:c4:fe:7b:ff:5b:d8: 163 41:22:e7:e6:23:7d:2f:44:04:57:82:ee:de:ce:5b:20:45:68: 164 94:08:0b:83:5d:ef:e2:06:6f:3e:8a:d7:ab:58:3f:a6:16:6d: 165 84:da:f7:dc:a1:ad:a6:24:7e:7e:cf:aa:13:32:f0:92:73:b0: 166 d9:d6:49:15 167-----BEGIN CERTIFICATE----- 168MIIDmzCCAoOgAwIBAgIUIvC89UZNckuKX3qNVOHXYK7dCOowDQYJKoZIhvcNAQEL 169BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 170MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD 171ggEPADCCAQoCggEBANFBQG/LJQXZKdCjx/4v8FOtRjYZqrEfP3qi4PsDK3dlannr 17286MWEzSDO0Leorviv9jSdT1IOIa7Kn0Uo4j3fAD0CmtrqptEJGL+26NCVRVnKjL/ 173sk2Ak9CE7xvcfKxWLVQIAvYYbrWAqHdSH7gsCW3M+BwEkWJuHt0dibLxIwtNTGza 174ST1hg3IPZjYSP/P/U1JzU6HKOL3DSL96LxMZ18Io4W8yAF5krEsFendiV1WpWYPV 1757aMuKDRxeS+5w57fsyqxWc0EAB2LEVauxmf2Tx1YB2XgsC/vV23ewaB8bjioRSYh 176luD27w4ozwFwV9wgFQit6OOYdIxUMsEoF+DeoYsCAwEAAaOB5jCB4zAdBgNVHQ4E 177FgQU7saaZcz7zqA+FwL5aBKGtiIJYLQwHwYDVR0jBBgwFoAUQnVBNMVZn5mjmxwM 178V9tcx8FIt5EwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs 179LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m 180b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ 181MBkGA1UdJQQSMBAGCCsGAQUFBwMCBgRVHSUAMA0GCSqGSIb3DQEBCwUAA4IBAQC4 182p+lUg5SgxzcWQdwxeSP5hFMFKL4I4PTe2b1ncNqzfgAwgNksfz0eXxZ1QKCF2EuZ 183Y9fKrLaIB0shnJeFDeXVTixMyi8E/TlSubfrkEjRKu2l/OUN1uONMGmZecyPF4lh 1840m3YWCHsSYB00mSYlwS8yGHOE2q316xYOic+2MFG0Pju4xsLL+9v4o80qwgJadJi 185WHCE3WzhIyk4ELSNtOAnNK0Scozwj1NuwuqwfClZFjkanrcQLWRFno957JLHzTvE 186/nv/W9hBIufmI30vRARXgu7ezlsgRWiUCAuDXe/iBm8+iterWD+mFm2E2vfcoa2m 187JH5+z6oTMvCSc7DZ1kkV 188-----END CERTIFICATE----- 189 190Certificate: 191 Data: 192 Version: 3 (0x2) 193 Serial Number: 194 22:f0:bc:f5:46:4d:72:4b:8a:5f:7a:8d:54:e1:d7:60:ae:dd:08:e9 195 Signature Algorithm: sha256WithRSAEncryption 196 Issuer: CN=Root 197 Validity 198 Not Before: Oct 5 12:00:00 2021 GMT 199 Not After : Oct 5 12:00:00 2022 GMT 200 Subject: CN=Root 201 Subject Public Key Info: 202 Public Key Algorithm: rsaEncryption 203 RSA Public-Key: (2048 bit) 204 Modulus: 205 00:c3:96:66:c7:e7:fd:21:14:ec:df:4a:05:1a:8c: 206 22:da:8f:3e:b7:8e:ca:a2:de:d7:e3:08:05:cd:28: 207 1c:da:d4:99:ba:ad:de:92:07:44:18:55:e7:b5:41: 208 6b:38:64:18:06:ab:6c:b8:ad:3d:b8:4e:c8:fa:8c: 209 fc:58:2c:2c:a8:42:08:28:b4:85:2a:aa:57:e2:a8: 210 76:4a:6e:fe:38:2f:d1:14:c6:52:6f:05:a4:89:54: 211 c2:0f:f0:93:83:09:b7:55:56:94:7b:57:65:87:09: 212 dd:61:ea:1a:02:3c:24:a5:cc:2d:d3:7c:0a:dc:2e: 213 67:a2:7f:91:ad:b4:76:76:02:ac:7f:85:5f:61:86: 214 0c:60:15:a0:82:7f:85:16:f4:10:8d:49:27:e4:33: 215 58:75:55:6b:5a:ab:c7:d1:bd:3d:a8:3b:68:1b:b4: 216 de:68:89:c4:87:fe:87:04:d4:52:f3:8f:fa:2e:44: 217 79:c1:62:46:b7:88:4c:bb:75:61:fd:e6:c5:6a:fb: 218 a8:3b:ef:a7:e6:1a:1e:44:2d:61:a7:4e:63:5e:66: 219 b8:f7:85:60:74:8b:ea:20:82:84:84:71:f5:1d:c6: 220 0c:c2:ee:11:78:01:ae:44:5a:e3:7b:97:2e:01:d0: 221 18:91:77:01:23:7f:d2:21:73:f4:f3:9a:94:ad:93: 222 2e:a1 223 Exponent: 65537 (0x10001) 224 X509v3 extensions: 225 X509v3 Subject Key Identifier: 226 42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 227 X509v3 Authority Key Identifier: 228 keyid:42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 229 230 Authority Information Access: 231 CA Issuers - URI:http://url-for-aia/Root.cer 232 233 X509v3 CRL Distribution Points: 234 235 Full Name: 236 URI:http://url-for-crl/Root.crl 237 238 X509v3 Key Usage: critical 239 Certificate Sign, CRL Sign 240 X509v3 Basic Constraints: critical 241 CA:TRUE 242 Signature Algorithm: sha256WithRSAEncryption 243 24:0b:85:25:5f:aa:41:4f:92:5b:42:99:84:9d:49:cd:6f:0b: 244 e0:a9:e5:0f:58:f5:9c:77:3c:73:57:76:9f:e5:15:99:44:e6: 245 3b:b9:33:f6:fd:dd:b9:b5:d7:a0:63:3e:b7:b3:89:52:01:1e: 246 76:af:d3:c6:86:44:5b:0a:ea:bd:54:25:82:1a:72:f8:48:af: 247 d6:cd:fe:dd:b0:7c:1b:cf:0b:c3:40:66:32:61:19:98:aa:2f: 248 64:02:6a:32:f0:eb:eb:f3:ff:1c:fd:2f:94:ae:a5:af:cf:bd: 249 bf:17:f7:d3:2c:63:ad:99:3b:38:51:ae:d6:c7:4c:07:3c:a6: 250 a0:8c:ed:79:1d:d8:fe:90:79:53:3e:49:8f:9a:33:89:cb:c2: 251 44:87:23:43:6f:4e:13:fc:f8:01:6d:11:c5:71:31:36:f8:bf: 252 d3:ab:9c:7b:21:a5:9a:14:e4:51:c9:53:f8:27:1d:5b:14:91: 253 d3:76:f8:8b:37:2f:ab:d8:fc:0a:5d:40:28:24:07:f4:53:05: 254 fa:cd:ae:6c:8f:b7:14:e1:3c:33:70:8e:9d:ff:dc:2b:42:b8: 255 b2:2d:66:33:c3:f5:05:29:4c:d9:67:cf:7c:68:72:9d:21:54: 256 9f:75:d0:00:aa:83:20:cb:72:60:0b:28:8e:0c:aa:c0:d4:90: 257 13:a7:f9:28 258-----BEGIN CERTIFICATE----- 259MIIDeDCCAmCgAwIBAgIUIvC89UZNckuKX3qNVOHXYK7dCOkwDQYJKoZIhvcNAQEL 260BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 261MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 262AoIBAQDDlmbH5/0hFOzfSgUajCLajz63jsqi3tfjCAXNKBza1Jm6rd6SB0QYVee1 263QWs4ZBgGq2y4rT24Tsj6jPxYLCyoQggotIUqqlfiqHZKbv44L9EUxlJvBaSJVMIP 2648JODCbdVVpR7V2WHCd1h6hoCPCSlzC3TfArcLmeif5GttHZ2Aqx/hV9hhgxgFaCC 265f4UW9BCNSSfkM1h1VWtaq8fRvT2oO2gbtN5oicSH/ocE1FLzj/ouRHnBYka3iEy7 266dWH95sVq+6g776fmGh5ELWGnTmNeZrj3hWB0i+oggoSEcfUdxgzC7hF4Aa5EWuN7 267ly4B0BiRdwEjf9Ihc/TzmpStky6hAgMBAAGjgcswgcgwHQYDVR0OBBYEFEJ1QTTF 268WZ+Zo5scDFfbXMfBSLeRMB8GA1UdIwQYMBaAFEJ1QTTFWZ+Zo5scDFfbXMfBSLeR 269MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh 270L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S 271b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 2729w0BAQsFAAOCAQEAJAuFJV+qQU+SW0KZhJ1JzW8L4KnlD1j1nHc8c1d2n+UVmUTm 273O7kz9v3dubXXoGM+t7OJUgEedq/TxoZEWwrqvVQlghpy+Eiv1s3+3bB8G88Lw0Bm 274MmEZmKovZAJqMvDr6/P/HP0vlK6lr8+9vxf30yxjrZk7OFGu1sdMBzymoIzteR3Y 275/pB5Uz5Jj5ozicvCRIcjQ29OE/z4AW0RxXExNvi/06uceyGlmhTkUclT+CcdWxSR 27603b4izcvq9j8Cl1AKCQH9FMF+s2ubI+3FOE8M3COnf/cK0K4si1mM8P1BSlM2WfP 277fGhynSFUn3XQAKqDIMtyYAsojgyqwNSQE6f5KA== 278-----END CERTIFICATE----- 279