On Tue, Feb 12, 2013 at 3:16 AM, Jeffrey Walton <noloa...@gmail.com> wrote: > ... > > I've used `openssl x509 -text -in "AddTrust External CA Root.pem"` > (copied out directly from s_client), and everything looks OK. CA is > TRUE, AKI is present, KU includes "Certificate Sign, CRL Sign", etc. $ openssl x509 -text -in "AddTrust External CA Root.pem" Certificate: Data: Version: 3 (0x2) Serial Number: 6f:25:dc:15:af:df:5e:a3:08:56:0c:3b:7a:4f:c7:f8 Signature Algorithm: sha1WithRSAEncryption Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root Validity Not Before: May 30 10:48:38 2000 GMT Not After : May 30 10:48:38 2020 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:d0:40:8b:8b:72:e3:91:1b:f7:51:c1:1b:54:04: 98:d3:a9:bf:c1:e6:8a:5d:3b:87:fb:bb:88:ce:0d: e3:2f:3f:06:96:f0:a2:29:50:99:ae:db:3b:a1:57: b0:74:51:71:cd:ed:42:91:4d:41:fe:a9:c8:d8:6a: 86:77:44:bb:59:66:97:50:5e:b4:d4:2c:70:44:cf: da:37:95:42:69:3c:30:c4:71:b3:52:f0:21:4d:a1: d8:ba:39:7c:1c:9e:a3:24:9d:f2:83:16:98:aa:16: 7c:43:9b:15:5b:b7:ae:34:91:fe:d4:62:26:18:46: 9a:3f:eb:c1:f9:f1:90:57:eb:ac:7a:0d:8b:db:72: 30:6a:66:d5:e0:46:a3:70:dc:68:d9:ff:04:48:89: 77:de:b5:e9:fb:67:6d:41:e9:bc:39:bd:32:d9:62: 02:f1:b1:a8:3d:6e:37:9c:e2:2f:e2:d3:a2:26:8b: c6:b8:55:43:88:e1:23:3e:a5:d2:24:39:6a:47:ab: 00:d4:a1:b3:a9:25:fe:0d:3f:a7:1d:ba:d3:51:c1: 0b:a4:da:ac:38:ef:55:50:24:05:65:46:93:34:4f: 2d:8d:ad:c6:d4:21:19:d2:8e:ca:05:61:71:07:73: 47:e5:8a:19:12:bd:04:4d:ce:4e:9c:a5:48:ac:bb: 26:f7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier:
keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A X509v3 Subject Key Identifier: 0B:58:E5:8B:C6:4C:15:37:A4:40:A9:30:A9:21:BE:47:36:5A:56:FF X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: X509v3 Any Policy X509v3 CRL Distribution Points: URI:http://crl.usertrust.com/AddTrustExternalCARoot.crl Authority Information Access: CA Issuers - URI:http://crt.usertrust.com/AddTrustExternalCARoot.p7c CA Issuers - URI:http://crt.usertrust.com/AddTrustUTNSGCCA.crt OCSP - URI:http://ocsp.usertrust.com Signature Algorithm: sha1WithRSAEncryption 07:60:93:99:aa:ce:d0:d3:47:d0:37:33:de:3f:64:b7:e5:2e: a3:25:0c:d5:33:1d:0d:8d:ab:f6:7e:46:7b:59:06:92:e3:82: c4:e7:f5:f6:f3:d9:05:cf:49:34:2d:37:5f:f4:25:c7:f0:fb: 6b:23:77:f1:f1:40:d7:4c:bb:49:45:31:dd:00:28:67:b7:29: 4c:75:a8:1f:79:31:c9:36:37:0f:ca:35:4f:8c:f1:7e:de:fc: 46:ab:bf:68:9b:70:23:30:2e:b7:c5:5c:7b:8a:fb:18:13:79: 4b:92:42:8c:dc:2c:ab:6c:22:b7:28:53:b3:1a:4a:ce:1b:fb: 28:0e:b7:3a:a4:da:0d:f7:40:32:4f:df:6f:bb:01:50:fc:87: d3:76:d9:fc:fb:b6:84:03:ca:c9:36:18:f7:dd:6c:db:bb:ba: 81:1c:a6:ad:fe:28:f9:cf:b9:a2:71:5d:19:05:ea:4a:46:dc: 73:41:ef:89:94:42:b1:43:88:6f:35:17:af:1e:60:83:ac:7a: 8c:10:7b:9f:c9:f6:83:6d:9e:fa:88:ee:3e:dd:ee:9e:b0:bf: e0:6a:b9:d0:9f:07:b2:09:13:9a:f5:a4:e5:c8:5b:79:a7:47: 35:33:68:e5:55:9e:aa:5b:cb:30:0b:9d:c7:0f:bf:68:44:81: 97:8b:51:4a -----BEGIN CERTIFICATE----- MIIE8TCCA9mgAwIBAgIQbyXcFa/fXqMIVgw7ek/H+DANBgkqhkiG9w0BAQUFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow gYExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMScwJQYD VQQDEx5DT01PRE8gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDQQIuLcuORG/dRwRtUBJjTqb/B5opdO4f7u4jO DeMvPwaW8KIpUJmu2zuhV7B0UXHN7UKRTUH+qcjYaoZ3RLtZZpdQXrTULHBEz9o3 lUJpPDDEcbNS8CFNodi6OXwcnqMknfKDFpiqFnxDmxVbt640kf7UYiYYRpo/68H5 8ZBX66x6DYvbcjBqZtXgRqNw3GjZ/wRIiXfeten7Z21B6bw5vTLZYgLxsag9bjec 4i/i06Imi8a4VUOI4SM+pdIkOWpHqwDUobOpJf4NP6cdutNRwQuk2qw471VQJAVl RpM0Ty2NrcbUIRnSjsoFYXEHc0flihkSvQRNzk6cpUisuyb3AgMBAAGjggF0MIIB cDAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUC1jl i8ZMFTekQKkwqSG+RzZaVv8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB Af8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9j cmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYI KwYBBQUHAQEEgaYwgaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0 LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0 cDovL2NydC51c2VydHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsG AQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUA A4IBAQAHYJOZqs7Q00fQNzPeP2S35S6jJQzVMx0Njav2fkZ7WQaS44LE5/X289kF z0k0LTdf9CXH8PtrI3fx8UDXTLtJRTHdAChntylMdagfeTHJNjcPyjVPjPF+3vxG q79om3AjMC63xVx7ivsYE3lLkkKM3CyrbCK3KFOzGkrOG/soDrc6pNoN90AyT99v uwFQ/IfTdtn8+7aEA8rJNhj33Wzbu7qBHKat/ij5z7micV0ZBepKRtxzQe+JlEKx Q4hvNRevHmCDrHqMEHufyfaDbZ76iO4+3e6esL/garnQnweyCROa9aTlyFt5p0c1 M2jlVZ6qW8swC53HD79oRIGXi1FK -----END CERTIFICATE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org