Viktor Dukhovni wrote:
openssl pkcs7 -print_certs -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4243532547640530163 (0x3ae40e5e6eec14f3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Sep 10 07:54:47 2013 GMT
Not After : Sep 10 07:54:47 2014 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc,
CN=smtp.gmail.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a9:30:a0:da:13:d6:d6:d7:cc:ae:54:cb:a5:9f:
2e:4a:e5:82:f0:7f:b7:9b:12:92:0d:51:53:d9:5e:
fa:7b:70:ee:af:36:39:7e:30:21:e3:85:b0:76:46:
48:3b:41:52:44:f1:e3:52:57:41:e9:ab:7b:ce:bb:
3f:91:43:6a:cf:29:f6:9e:33:73:05:05:92:7e:b4:
ab:1c:0b:7f:57:9a:55:6d:9b:20:56:e4:05:56:cb:
97:65:3b:be:f5:f0:c4:02:37:f2:f9:92:96:12:63:
a4:62:9c:5a:df:e6:92:25:7f:95:d2:19:10:a8:dd:
66:27:76:0b:8f:3f:50:3e:5f:88:2c:0c:a8:cc:69:
68:42:3f:92:9f:73:32:c7:19:36:3e:e1:3f:9d:df:
59:43:49:a8:7c:09:b1:5e:32:f2:9a:bf:44:85:9f:
24:58:33:7e:98:02:f0:24:d8:71:f5:ff:ae:13:a2:
56:f1:f6:d3:00:5b:a7:ba:ab:c7:54:d5:4e:96:e6:
ee:be:06:de:d6:8d:6d:62:63:0c:1f:30:bf:99:a2:
b2:91:f6:9f:95:d3:bd:27:0c:33:78:d9:91:3c:1d:
56:70:fa:13:a5:f5:e3:25:e3:c2:ff:79:7d:1e:29:
b4:86:64:10:b6:d4:82:b5:e9:e2:12:99:c1:4a:30:
bd:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:smtp.gmail.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
04:43:4D:65:8D:B8:88:CC:D7:19:76:F8:3A:86:19:29:C6:F0:26:BA
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha1WithRSAEncryption
00:de:7d:40:b5:86:bc:11:2d:0a:0e:14:46:12:c5:ec:59:01:
10:a7:79:bc:5f:78:17:07:a4:5f:83:59:83:44:5a:9a:a7:ae:
d7:61:94:e0:62:d1:9d:79:43:a4:6e:65:ef:7d:46:1b:96:3c:
93:79:22:1d:4c:de:a2:0f:fb:73:cd:a8:89:53:33:e5:4b:00:
93:ff:29:48:da:44:a8:ff:42:a6:df:8a:c0:e7:f0:fc:e0:96:
bf:d5:24:9d:0b:3c:71:e0:71:54:d0:59:4e:11:13:60:ed:1c:
52:b1:6e:85:f9:ff:d0:99:39:99:27:fd:e5:60:b2:3b:d6:67:
ae:ba:de:ce:ec:6f:81:70:59:57:56:98:6c:e5:74:b2:eb:92:
e4:ce:24:d7:8a:44:7e:31:11:11:8c:22:a1:bf:70:30:3f:4a:
06:07:6f:aa:00:f3:14:ab:1b:47:e8:ae:a1:98:51:39:10:bb:
58:8d:2e:2b:28:b6:c7:d3:cb:3c:83:2e:b9:cb:f1:22:68:16:
96:28:19:4a:1b:ab:3e:af:6d:ae:cb:1b:b6:c6:68:28:2c:57:
fd:e0:dd:60:54:95:ee:69:95:e5:0a:05:70:4e:10:ad:6d:e9:
21:f3:0c:63:1e:d7:15:c3:61:c2:65:fc:d0:7a:61:2b:ee:8b:
21:54:e5:f6
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIIOuQOXm7sFPMwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTMwOTEwMDc1NDQ3WhcNMTQwOTEwMDc1NDQ3
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210
cC5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpMKDa
E9bW18yuVMulny5K5YLwf7ebEpINUVPZXvp7cO6vNjl+MCHjhbB2Rkg7QVJE8eNS
V0Hpq3vOuz+RQ2rPKfaeM3MFBZJ+tKscC39XmlVtmyBW5AVWy5dlO7718MQCN/L5
kpYSY6RinFrf5pIlf5XSGRCo3WYndguPP1A+X4gsDKjMaWhCP5KfczLHGTY+4T+d
31lDSah8CbFeMvKav0SFnyRYM36YAvAk2HH1/64Tolbx9tMAW6e6q8dU1U6W5u6+
Bt7WjW1iYwwfML+ZorKR9p+V070nDDN42ZE8HVZw+hOl9eMl48L/eX0eKbSGZBC2
1IK16eISmcFKML1bAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBQEQ01ljbiIzNcZdvg6hhkpxvAmujAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW
eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAA3n1AtYa8ES0KDhRGEsXsWQEQp3m8
X3gXB6Rfg1mDRFqap67XYZTgYtGdeUOkbmXvfUYbljyTeSIdTN6iD/tzzaiJUzPl
SwCT/ylI2kSo/0Km34rA5/D84Ja/1SSdCzxx4HFU0FlOERNg7RxSsW6F+f/QmTmZ
J/3lYLI71meuut7O7G+BcFlXVphs5XSy65LkziTXikR+MRERjCKhv3AwP0oGB2+q
APMUqxtH6K6hmFE5ELtYjS4rKLbH08s8gy65y/EiaBaWKBlKG6s+r22uyxu2xmgo
LFf94N1gVJXuaZXlCgVwThCtbekh8wxjHtcVw2HCZfzQemEr7oshVOX2
-----END CERTIFICATE-----
A bit off-topic maybe (apologies if so!), but I decided to check the
google certificate I get for the same domain (smtp.google.com) and it is
very different from the one shown above. I get:
SHA1 fingerprint:
DA:86:84:00:FA:71:D1:03:69:44:BC:32:B4:6F:1C:FE:E6:8F:F0:05
MDA5 fingerprint: CD:A1:DD:B0:1F:C8:41:B0:F5:1A:44:50:1B
Serial Number: 04:4D:40:B8:88:6B:6C:0D
Not Before: 10/09/2013 08:52:52 (10/09/2013 07:52:52 GMT)
Not After: 10/09/2014 08:52:52 (10/09/2014 07:52:52 GMT)
Subject: CN = smtp.googlemail.com, O = Google Inc, L = Mountain View, ST
= California, C = US
Public Key:
30 82 01 0a 02 82 01 01 00 ed b2 a6 b6 86 d6 43
63 4f cd 35 ca 96 05 7b 5e 2c 3e fb 81 f7 28 b6
f6 be 88 e4 a3 f5 b3 c3 ae 97 f7 2b 62 82 57 c8
33 b7 c9 c2 f1 83 c3 a6 d5 bb bf c6 f0 54 37 f0
7e 1a eb 83 c3 4a 4a c1 9d 78 83 df 83 38 c3 5e
a6 b6 a7 f4 ef 1a 25 72 d1 d5 f6 f0 5a 7d bb 17
cd e0 7d 25 6e 6d 33 9a 79 94 5b f4 fd cd 3e ae
a9 49 c0 68 65 04 04 3c 6b 1d e9 4b f0 a8 75 81
d4 01 03 ea dc 59 c4 15 95 0c 08 30 7e 4c 3f fe
3b 34 2d 26 38 a5 7f 84 52 a0 3b 6c 55 d9 d5 ce
c9 e3 a1 cb df 6c b5 d6 3d 5f e5 e0 34 27 f0 96
76 9d 46 a7 2f 29 a6 d4 19 42 ba d3 f2 95 96 40
71 ba 6b 39 ce 9d e8 ef bd 13 67 f8 c2 cb 4d d7
98 1a 07 38 6b 75 a1 10 a0 23 b4 96 30 c3 fe 49
60 62 9e 2a a5 52 8d 8f 13 0a 49 ca ea f4 58 49
d4 1f c6 67 b0 7b 92 7a 63 bd ad 68 16 8d ab 16
18 90 42 9a db 20 5c b4 ef 02 03 01 00 01
Extended key usage: Not Critical, TLS Web Server Authentication
(1.3.6.1.5.5.7.3.1), TLS Web Client Authentication (1.3.6.1.5.5.7.3.2)
Subject Alt Name: Not Critical DNS Name: smtp.googlemail.com
Subject key ID:
96 4b 29 20 b2 3d e9 c2 3b 01 fb 59 b8 74 c8 5b
8c fd e4 35
Authority key identifier:
4a dd 06 16 1b bc f6 68 b5 76 f5 81 b6 bb 62 1a
ba 5a 81 2f
Certificate signature value:
8d 34 e0 3e 7d d1 69 57 62 b8 96 c7 1b f3 2d 71
ad 32 a1 b9 ea 82 ba e2 7f 02 c3 be e3 4d 15 ba
7b 28 11 4d ef f5 cf f5 fa f5 ea 26 cf f4 08 7a
51 7a ce 1f d3 be 55 3c ef 3a 25 76 2f 2a c8 19
7d a6 a9 bf be ce 76 4a 73 bb 0e 7c 43 bd da b9
04 3f f9 dc 67 bb ad 59 ca bb 4e fa a5 25 3f 6f
a3 66 35 ae cf 41 1b 85 65 73 92 b1 6a 13 fd 63
6c 04 50 ac e0 64 6f 84 d6 e0 09 35 70 96 f3 aa
de b6 62 04 bd 4b 0a 14 69 a8 36 e2 af 3f 6a 01
34 2e e1 7b f8 55 8d 07 0a 52 70 0e a6 5d 51 ad
0f 14 b1 f8 6e ae 2c e7 42 f3 3c 48 3d 9a 94 48
e0 49 7b c9 16 9a a2 17 9c bb 04 f1 51 2f 57 7e
1e 0b 13 07 f9 d1 7e bf af 4e b0 54 a4 a4 87 cd
63 0f 6e 78 fa 08 eb 54 8f 93 a2 b5 15 9f 76 eb
ca 05 d2 fc 8c f3 00 c9 72 13 f6 22 58 ad 61 a0
b9 a4 09 9b 5d 4b 32 4b ac 34 8b 73 d6 7a ff 3b
Should I be worried? If this is indeed a genuine google certificate, why
is it that there are (at least) 2 different certificates for the same
domain (smtp.google.com)?
MZ
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
