On Tue, Feb 12, 2013 at 3:16 AM, Jeffrey Walton <noloa...@gmail.com> wrote:
> ...
>
> I've used `openssl x509 -text -in "AddTrust External CA Root.pem"`
> (copied out directly from s_client), and everything looks OK. CA is
> TRUE, AKI is present, KU includes "Certificate Sign, CRL Sign", etc.
$ openssl x509 -text -in "AddTrust External CA Root.pem"
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:25:dc:15:af:df:5e:a3:08:56:0c:3b:7a:4f:c7:f8
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network,
CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA
Limited, CN=COMODO Certification Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:d0:40:8b:8b:72:e3:91:1b:f7:51:c1:1b:54:04:
98:d3:a9:bf:c1:e6:8a:5d:3b:87:fb:bb:88:ce:0d:
e3:2f:3f:06:96:f0:a2:29:50:99:ae:db:3b:a1:57:
b0:74:51:71:cd:ed:42:91:4d:41:fe:a9:c8:d8:6a:
86:77:44:bb:59:66:97:50:5e:b4:d4:2c:70:44:cf:
da:37:95:42:69:3c:30:c4:71:b3:52:f0:21:4d:a1:
d8:ba:39:7c:1c:9e:a3:24:9d:f2:83:16:98:aa:16:
7c:43:9b:15:5b:b7:ae:34:91:fe:d4:62:26:18:46:
9a:3f:eb:c1:f9:f1:90:57:eb:ac:7a:0d:8b:db:72:
30:6a:66:d5:e0:46:a3:70:dc:68:d9:ff:04:48:89:
77:de:b5:e9:fb:67:6d:41:e9:bc:39:bd:32:d9:62:
02:f1:b1:a8:3d:6e:37:9c:e2:2f:e2:d3:a2:26:8b:
c6:b8:55:43:88:e1:23:3e:a5:d2:24:39:6a:47:ab:
00:d4:a1:b3:a9:25:fe:0d:3f:a7:1d:ba:d3:51:c1:
0b:a4:da:ac:38:ef:55:50:24:05:65:46:93:34:4f:
2d:8d:ad:c6:d4:21:19:d2:8e:ca:05:61:71:07:73:
47:e5:8a:19:12:bd:04:4d:ce:4e:9c:a5:48:ac:bb:
26:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
X509v3 Subject Key Identifier:
0B:58:E5:8B:C6:4C:15:37:A4:40:A9:30:A9:21:BE:47:36:5A:56:FF
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Certificate Policies:
Policy: X509v3 Any Policy
X509v3 CRL Distribution Points:
URI:http://crl.usertrust.com/AddTrustExternalCARoot.crl
Authority Information Access:
CA Issuers -
URI:http://crt.usertrust.com/AddTrustExternalCARoot.p7c
CA Issuers - URI:http://crt.usertrust.com/AddTrustUTNSGCCA.crt
OCSP - URI:http://ocsp.usertrust.com
Signature Algorithm: sha1WithRSAEncryption
07:60:93:99:aa:ce:d0:d3:47:d0:37:33:de:3f:64:b7:e5:2e:
a3:25:0c:d5:33:1d:0d:8d:ab:f6:7e:46:7b:59:06:92:e3:82:
c4:e7:f5:f6:f3:d9:05:cf:49:34:2d:37:5f:f4:25:c7:f0:fb:
6b:23:77:f1:f1:40:d7:4c:bb:49:45:31:dd:00:28:67:b7:29:
4c:75:a8:1f:79:31:c9:36:37:0f:ca:35:4f:8c:f1:7e:de:fc:
46:ab:bf:68:9b:70:23:30:2e:b7:c5:5c:7b:8a:fb:18:13:79:
4b:92:42:8c:dc:2c:ab:6c:22:b7:28:53:b3:1a:4a:ce:1b:fb:
28:0e:b7:3a:a4:da:0d:f7:40:32:4f:df:6f:bb:01:50:fc:87:
d3:76:d9:fc:fb:b6:84:03:ca:c9:36:18:f7:dd:6c:db:bb:ba:
81:1c:a6:ad:fe:28:f9:cf:b9:a2:71:5d:19:05:ea:4a:46:dc:
73:41:ef:89:94:42:b1:43:88:6f:35:17:af:1e:60:83:ac:7a:
8c:10:7b:9f:c9:f6:83:6d:9e:fa:88:ee:3e:dd:ee:9e:b0:bf:
e0:6a:b9:d0:9f:07:b2:09:13:9a:f5:a4:e5:c8:5b:79:a7:47:
35:33:68:e5:55:9e:aa:5b:cb:30:0b:9d:c7:0f:bf:68:44:81:
97:8b:51:4a
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIQbyXcFa/fXqMIVgw7ek/H+DANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMScwJQYD
VQQDEx5DT01PRE8gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDQQIuLcuORG/dRwRtUBJjTqb/B5opdO4f7u4jO
DeMvPwaW8KIpUJmu2zuhV7B0UXHN7UKRTUH+qcjYaoZ3RLtZZpdQXrTULHBEz9o3
lUJpPDDEcbNS8CFNodi6OXwcnqMknfKDFpiqFnxDmxVbt640kf7UYiYYRpo/68H5
8ZBX66x6DYvbcjBqZtXgRqNw3GjZ/wRIiXfeten7Z21B6bw5vTLZYgLxsag9bjec
4i/i06Imi8a4VUOI4SM+pdIkOWpHqwDUobOpJf4NP6cdutNRwQuk2qw471VQJAVl
RpM0Ty2NrcbUIRnSjsoFYXEHc0flihkSvQRNzk6cpUisuyb3AgMBAAGjggF0MIIB
cDAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUC1jl
i8ZMFTekQKkwqSG+RzZaVv8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
Af8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9j
cmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYI
KwYBBQUHAQEEgaYwgaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0
LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0
cDovL2NydC51c2VydHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsG
AQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUA
A4IBAQAHYJOZqs7Q00fQNzPeP2S35S6jJQzVMx0Njav2fkZ7WQaS44LE5/X289kF
z0k0LTdf9CXH8PtrI3fx8UDXTLtJRTHdAChntylMdagfeTHJNjcPyjVPjPF+3vxG
q79om3AjMC63xVx7ivsYE3lLkkKM3CyrbCK3KFOzGkrOG/soDrc6pNoN90AyT99v
uwFQ/IfTdtn8+7aEA8rJNhj33Wzbu7qBHKat/ij5z7micV0ZBepKRtxzQe+JlEKx
Q4hvNRevHmCDrHqMEHufyfaDbZ76iO4+3e6esL/garnQnweyCROa9aTlyFt5p0c1
M2jlVZ6qW8swC53HD79oRIGXi1FK
-----END CERTIFICATE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
