Hello, does anybody know what to write in the extension config to get thisX509v3 Name Constraints as the attached certificate (intel-ca.pem, intel-ca.text)?
Thanks. -- Greetings, Walter
-----BEGIN CERTIFICATE----- MIIJWTCCCEGgAwIBAgIQeRdKqRQXNv4Vp8qfLP9FiDANBgkqhkiG9w0BAQUFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTEzMDIwMTAwMDAwMFoXDTIwMDUzMDEwNDgzOFow UjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMScwJQYD VQQDEx5JbnRlbCBFeHRlcm5hbCBCYXNpYyBQb2xpY3kgQ0EwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDCuISVQi3csKqYk5uz7IOhY8MXkiqBaTqagiht iM997G1mJhTojcR+8DCg3E8OQ3ZajByhxRkwlsR4Srl5sGSwWfF/XaAHGUhWIhjB kDO7toW+EMzI8pAjcLwIbRlIL0AFnUTe6Z0DcIS5406Y/9MKE2oKXbf4EbVBv88m SkA74Z+lZJWFNxXncx/9wq8UdyMY2vHN1Kir1/JbtrqB9wYRBjQtWSbAVZR8nTBP yRp4uvQTS2jOQh+jTUo1Y3O/o1xg/zRA4FEOUCla704OYRUkc8NuXHiPNNDcktr7 gO8E06NVQ6n6aBGaOJbSst2vHA7Eiog7A2PB4wKn+GDFf+FNAgMBAAGjggYMMIIG CDAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUVjpv F6skDOW3MWSwEe3b6iO+XrwwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYB Af8CAQEwXgYDVR0lBFcwVQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYI KwYBBQUHAwQGCCsGAQUFBwMIBgorBgEEAYI3CgMEBgorBgEEAYI3CgMMBgkrBgEE AYI3FQUwFwYDVR0gBBAwDjAMBgoqhkiG+E0BBQFpMEkGA1UdHwRCMEAwPqA8oDqG OGh0dHA6Ly9jcmwudHJ1c3QtcHJvdmlkZXIuY29tL0FkZFRydXN0RXh0ZXJuYWxD QVJvb3QuY3JsMIHCBggrBgEFBQcBAQSBtTCBsjBEBggrBgEFBQcwAoY4aHR0cDov L2NydC50cnVzdC1wcm92aWRlci5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5w N2MwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jcnQudHJ1c3QtcHJvdmlkZXIuY29tL0Fk ZFRydXN0VVROU0dDQ0EuY3J0MCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC50cnVz dC1wcm92aWRlci5jb20wggQXBgNVHR4EggQOMIIECqCCA9QwC4EJaW50ZWwuY29t MAuCCWFwcHVwLmNvbTAOggxjbG91ZG5wby5vcmcwE4IRZWRhY2FkdG9vbGtpdC5v cmcwC4IJZnRsMTAuY29tMAuCCWloY21zLm5ldDAOggxpbmMtbmVzdC5uZXQwFoIU aW5kaWFlZHVzZXJ2aWNlcy5jb20wDYILaW50ZWwuY28uanAwDYILaW50ZWwuY28u a3IwDYILaW50ZWwuY28udWswC4IJaW50ZWwuY29tMAqCCGludGVsLmZyMAuCCWlu dGVsLm5ldDATghFpbnRlbGFsbGlhbmNlLmNvbTAUghJpbnRlbGFwYWNzdG9yZS5j b20wFoIUaW50ZWxhc3NldGZpbmRlci5jb20wGYIXaW50ZWxiZXR0ZXJ0b2dldGhl ci5jb20wFIISaW50ZWxjaGFsbGVuZ2UuY29tMBOCEWludGVsY2xvdWRzc28uY29t MB6CHGludGVsY29uc3VtZXJlbGVjdHJvbmljcy5jb20wEoIQaW50ZWxjb3JlMjAx MC5ydTAWghRpbnRlbGZlbGxvd3NoaXBzLmNvbTAWghRpbnRlbGh5YnJpZGNsb3Vk LmNvbTAUghJpbnRlbHBvcnRmb2xpby5jb20wDoIMaW50ZWwtcmEuY29tMBSCEmlu dGVsLXJlc2VhcmNoLm5ldDAUghJpbnRlbHJtYXN1cnZleS5jb20wGIIWaW50ZWxz bWFsbGJ1c2luZXNzLmNvbTARgg9teWludGVsZWRnZS5jb20wEYIPbXktbGFwdG9w LmNvLnVrMBKCEG9yaWdpbi1hcHB1cC5jb20wHoIcb3JpZ2luLWludGVncmF0aW9u LWFwcHVwLmNvbTAIggZwYy5jb20wFIIScGN0aGVmdGRlZmVuY2UuY29tMBSCEnBj dGhlZnRkZWZlbnNlLmNvbTAOggxwdmF0cmlhbC5uZXQwGYIXcmVkZWZpbmV5b3Vy bmV0d29yay5jb20wD4INcmV0YWlsLWlhLmNvbTAUghJzZXJ2ZXItaW5zaWdodC5j b20wE4IRdGhlaW50ZWxzdG9yZS5jb20wHYIbdGhyZWFkaW5nYnVpbGRpbmdibG9j a3Mub3JnMBuCGXRodW5kZXJib2x0dGVjaG5vbG9neS5uZXQwIIIedWx0cmFib29r LXNvZnR3YXJlLWNvbnRlc3QuY29tMFCkTjBMMQswCQYDVQQGEwJVUzELMAkGA1UE CBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJbnRlbCBDb3Jw b3JhdGlvbqEwMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAMA0GCSqGSIb3DQEBBQUAA4IBAQBYb7/NQwdCE/y40K2BIfKKb++H vCaKfAC9aAwrGWQsEWezqdl5Cqw5XWUAFjtTRm6iprVnmdvov6IlrgSVEQk6L96s tz24vAF0MIBHSFRMoPtrqLiihLf0NOV7ztxSePQxbUJRroe/lKy+lhb7VeV5gmT9 rFA45NzLgSznd2+dmyNcfQQD9AeeftRX4maUTeu1XFxinowtg+ZGFOKhE4D92uCG JxGSK72HF0/LGRhLXozmDdmPfSN2b6T/oLo942031iY46BqcI5LIVh8aGo4A1jOm a5X6gh50Cw+kht8jM3yeNhSzXOKj7Uigjijx10z2wJu09Tyj5ahjoiwIpdX+ -----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network,
CN=AddTrust External CA Root
Validity
Not Before: Feb 1 00:00:00 2013 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c2:b8:84:95:42:2d:dc:b0:aa:98:93:9b:b3:ec:
83:a1:63:c3:17:92:2a:81:69:3a:9a:82:28:6d:88:
cf:7d:ec:6d:66:26:14:e8:8d:c4:7e:f0:30:a0:dc:
4f:0e:43:76:5a:8c:1c:a1:c5:19:30:96:c4:78:4a:
b9:79:b0:64:b0:59:f1:7f:5d:a0:07:19:48:56:22:
18:c1:90:33:bb:b6:85:be:10:cc:c8:f2:90:23:70:
bc:08:6d:19:48:2f:40:05:9d:44:de:e9:9d:03:70:
84:b9:e3:4e:98:ff:d3:0a:13:6a:0a:5d:b7:f8:11:
b5:41:bf:cf:26:4a:40:3b:e1:9f:a5:64:95:85:37:
15:e7:73:1f:fd:c2:af:14:77:23:18:da:f1:cd:d4:
a8:ab:d7:f2:5b:b6:ba:81:f7:06:11:06:34:2d:59:
26:c0:55:94:7c:9d:30:4f:c9:1a:78:ba:f4:13:4b:
68:ce:42:1f:a3:4d:4a:35:63:73:bf:a3:5c:60:ff:
34:40:e0:51:0e:50:29:5a:ef:4e:0e:61:15:24:73:
c3:6e:5c:78:8f:34:d0:dc:92:da:fb:80:ef:04:d3:
a3:55:43:a9:fa:68:11:9a:38:96:d2:b2:dd:af:1c:
0e:c4:8a:88:3b:03:63:c1:e3:02:a7:f8:60:c5:7f:
e1:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
X509v3 Subject Key Identifier:
56:3A:6F:17:AB:24:0C:E5:B7:31:64:B0:11:ED:DB:EA:23:BE:5E:BC
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:1
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication,
Code Signing, E-mail Protection, Time Stamping, Microsoft Encrypted File
System, 1.3.6.1.4.1.311.10.3.12, 1.3.6.1.4.1.311.21.5
X509v3 Certificate Policies:
Policy: 1.2.840.113741.1.5.1.105
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.trust-provider.com/AddTrustExternalCARoot.crl
Authority Information Access:
CA Issuers -
URI:http://crt.trust-provider.com/AddTrustExternalCARoot.p7c
CA Issuers -
URI:http://crt.trust-provider.com/AddTrustUTNSGCCA.crt
OCSP - URI:http://ocsp.trust-provider.com
X509v3 Name Constraints:
Permitted:
email:intel.com
DNS:appup.com
DNS:cloudnpo.org
DNS:edacadtoolkit.org
DNS:ftl10.com
DNS:ihcms.net
DNS:inc-nest.net
DNS:indiaeduservices.com
DNS:intel.co.jp
DNS:intel.co.kr
DNS:intel.co.uk
DNS:intel.com
DNS:intel.fr
DNS:intel.net
DNS:intelalliance.com
DNS:intelapacstore.com
DNS:intelassetfinder.com
DNS:intelbettertogether.com
DNS:intelchallenge.com
DNS:intelcloudsso.com
DNS:intelconsumerelectronics.com
DNS:intelcore2010.ru
DNS:intelfellowships.com
DNS:intelhybridcloud.com
DNS:intelportfolio.com
DNS:intel-ra.com
DNS:intel-research.net
DNS:intelrmasurvey.com
DNS:intelsmallbusiness.com
DNS:myinteledge.com
DNS:my-laptop.co.uk
DNS:origin-appup.com
DNS:origin-integration-appup.com
DNS:pc.com
DNS:pctheftdefence.com
DNS:pctheftdefense.com
DNS:pvatrial.net
DNS:redefineyournetwork.com
DNS:retail-ia.com
DNS:server-insight.com
DNS:theintelstore.com
DNS:threadingbuildingblocks.org
DNS:thunderbolttechnology.net
DNS:ultrabook-software-contest.com
DirName: C = US, ST = CA, L = Santa Clara, O = Intel
Corporation
Excluded:
IP:0.0.0.0/0.0.0.0
IP:0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0
Signature Algorithm: sha1WithRSAEncryption
58:6f:bf:cd:43:07:42:13:fc:b8:d0:ad:81:21:f2:8a:6f:ef:
87:bc:26:8a:7c:00:bd:68:0c:2b:19:64:2c:11:67:b3:a9:d9:
79:0a:ac:39:5d:65:00:16:3b:53:46:6e:a2:a6:b5:67:99:db:
e8:bf:a2:25:ae:04:95:11:09:3a:2f:de:ac:b7:3d:b8:bc:01:
74:30:80:47:48:54:4c:a0:fb:6b:a8:b8:a2:84:b7:f4:34:e5:
7b:ce:dc:52:78:f4:31:6d:42:51:ae:87:bf:94:ac:be:96:16:
fb:55:e5:79:82:64:fd:ac:50:38:e4:dc:cb:81:2c:e7:77:6f:
9d:9b:23:5c:7d:04:03:f4:07:9e:7e:d4:57:e2:66:94:4d:eb:
b5:5c:5c:62:9e:8c:2d:83:e6:46:14:e2:a1:13:80:fd:da:e0:
86:27:11:92:2b:bd:87:17:4f:cb:19:18:4b:5e:8c:e6:0d:d9:
8f:7d:23:76:6f:a4:ff:a0:ba:3d:e3:6d:37:d6:26:38:e8:1a:
9c:23:92:c8:56:1f:1a:1a:8e:00:d6:33:a6:6b:95:fa:82:1e:
74:0b:0f:a4:86:df:23:33:7c:9e:36:14:b3:5c:e2:a3:ed:48:
a0:8e:28:f1:d7:4c:f6:c0:9b:b4:f5:3c:a3:e5:a8:63:a2:2c:
08:a5:d5:fe
smime.p7s
Description: S/MIME Cryptographic Signature
