[ In the intermediate certificate, the basicConstraints is set - non critical - and the CA is true. This should be validated. ] Certificate: Data: Version: 3 (0x2) Serial Number: 52 (0x34) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.04 Validity Not Before: Jan 1 12:01:00 1998 GMT Not After : Jan 1 12:01:00 2048 GMT Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-IC.02.04 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c5:b8:e5:de:5d:3e:bc:d4:25:bb:91:20:37:90: e6:02:09:45:8c:62:f3:43:f1:3e:fc:52:98:97:bc: 49:c1:b5:03:e9:7b:e5:20:2d:80:b1:96:03:10:6a: c4:f4:b3:2f:eb:5e:04:15:2c:9e:67:f6:5e:c7:3c: fe:a4:07:1d:eb:fb:e2:e6:ad:d2:5c:6a:f5:8a:d9: de:7a:4b:5b:66:0d:a3:60:9f:c4:b2:b4:33:b1:75: fd:b8:64:1c:ad:9f:f6:db:48:bc:ea:eb:28:8e:bb: 05:e1:23:7c:00:94:2d:d2:44:86:5e:37:d6:e5:88: 35:65:74:a5:8f:9f:1e:af:a9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Certificate Policies: Policy: 2.16.840.1.101.3.1.48.1 X509v3 Subject Key Identifier: 23:AD:4D:9D:4B:E0:BE:36 X509v3 Authority Key Identifier: keyid:8C:39:BC:2B:96:1C:19:A9 Signature Algorithm: sha1WithRSAEncryption 8f:08:0b:ea:a3:27:9e:a5:2f:36:ca:6c:0d:a6:29:3d:0c:d3: 0a:a5:e4:aa:c8:59:86:cc:b9:1b:f9:cb:93:ad:b5:1f:f6:1b: 34:69:67:67:a6:ac:1c:69:63:61:56:0c:ce:39:9c:9f:2d:7a: cb:a9:ed:8a:ff:50:3c:1e:d8:a2:b0:31:db:b5:93:ee:94:0f: 16:56:bd:ea:cf:a7:33:fa:df:c1:61:cf:58:8e:90:18:3b:2a: b8:fa:e2:c0:99:bf:33:04:02:fb:5a:03:5c:41:4a:bd:d2:0b: d2:ea:de:8d:f7:79:86:08:97:61:b4:51:c0:c2:3b:92:6f:7b: 88:78 -----BEGIN CERTIFICATE----- MIIChjCCAe+gAwIBAgIBNDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1JQy4wMi4wNDAeFw05ODAxMDExMjAxMDBa Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE AxMOVXNlcjEtSUMuMDIuMDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMW4 5d5dPrzUJbuRIDeQ5gIJRYxi80PxPvxSmJe8ScG1A+l75SAtgLGWAxBqxPSzL+te BBUsnmf2Xsc8/qQHHev74uat0lxq9YrZ3npLW2YNo2CfxLK0M7F1/bhkHK2f9ttI vOrrKI67BeEjfACULdJEhl431uWINWV0pY+fHq+pAgMBAAGjUjBQMA4GA1UdDwEB /wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQII61NnUvg vjYwEwYDVR0jBAwwCoAIjDm8K5YcGakwDQYJKoZIhvcNAQEFBQADgYEAjwgL6qMn nqUvNspsDaYpPQzTCqXkqshZhsy5G/nLk621H/YbNGlnZ6asHGljYVYMzjmcny16 y6ntiv9QPB7YorAx27WT7pQPFla96s+nM/rfwWHPWI6QGDsquPriwJm/MwQC+1oD XEFKvdIL0urejfd5hgiXYbRRwMI7km97iHg= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 51 (0x33) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor Validity Not Before: Jan 1 12:01:00 1998 GMT Not After : Jan 1 12:01:00 2048 GMT Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.04 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:df:e6:ee:68:b8:64:25:42:67:4d:7d:ce:1e:96: 5d:d1:5c:a5:a6:b6:af:9a:af:d5:4a:32:67:b7:92: 9f:03:71:b0:db:51:a5:70:96:f8:56:4e:43:8a:c5: bf:48:db:4f:30:7c:61:b6:9d:08:80:ad:ec:c8:c2: eb:65:01:27:fb:b1:6a:35:e8:43:da:a6:61:9d:08: 5f:ab:a7:57:69:8c:03:c1:52:e7:eb:b8:4c:82:67: c9:ee:d8:84:c3:e7:6c:2e:3d:8f:4e:01:c2:87:40: 4d:bf:6c:1a:42:25:69:30:f7:b7:d8:5f:a4:3d:3c: f5:b9:ba:86:d6:a1:42:6d:3b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Certificate Policies: Policy: 2.16.840.1.101.3.1.48.1 X509v3 Subject Key Identifier: 8C:39:BC:2B:96:1C:19:A9 X509v3 Authority Key Identifier: keyid:AB:9A:EB:F9:C2:E7:54:8F Signature Algorithm: sha1WithRSAEncryption 11:02:09:79:98:ff:1c:4d:c7:be:38:c9:57:b3:dd:53:ed:99: 7b:c3:9e:09:87:9e:58:3a:1c:c6:b0:3a:e3:bc:69:78:e9:2c: 55:70:57:2a:6a:b6:39:53:6a:a0:59:3b:60:db:65:49:4a:a2: 4b:64:e5:aa:31:aa:2e:d2:98:7a:d9:3b:6b:5e:ea:4b:ff:04: 21:07:2d:f8:7e:4a:59:db:e4:2e:46:0c:91:f2:00:00:c2:6f: 25:91:cf:1b:11:2f:8f:ea:15:3c:08:bd:14:84:d1:6c:57:4d: f0:9b:dd:a3:d3:00:b9:4d:aa:f1:dd:b1:f0:c1:76:df:a4:66: 11:db -----BEGIN CERTIFICATE----- MIICkjCCAfugAwIBAgIBMzANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE AxMMQ0ExLUlDLjAyLjA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDf5u5o uGQlQmdNfc4ell3RXKWmtq+ar9VKMme3kp8DcbDbUaVwlvhWTkOKxb9I208wfGG2 nQiArezIwutlASf7sWo16EPapmGdCF+rp1dpjAPBUufruEyCZ8nu2ITD52wuPY9O AcKHQE2/bBpCJWkw97fYX6Q9PPW5uobWoUJtOwIDAQABo2AwXjAMBgNVHRMEBTAD AQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNV HQ4ECgQIjDm8K5YcGakwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEF BQADgYEAEQIJeZj/HE3HvjjJV7PdU+2Ze8OeCYeeWDocxrA647xpeOksVXBXKmq2 OVNqoFk7YNtlSUqiS2TlqjGqLtKYetk7a17qS/8EIQct+H5KWdvkLkYMkfIAAMJv JZHPGxEvj+oVPAi9FITRbFdN8Jvdo9MAuU2q8d2x8MF236RmEds= -----END CERTIFICATE----- Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/O=U.S. Government/OU=Dod/OU=Testing/CN=CA1-IC.02.04 Last Update: Jan 1 12:01:00 1999 GMT Next Update: Jan 1 12:01:00 2048 GMT CRL extensions: X509v3 CRL Number: 1 X509v3 Authority Key Identifier: keyid:8C:39:BC:2B:96:1C:19:A9 No Revoked Certificates. Signature Algorithm: sha1WithRSAEncryption 57:96:d7:ed:6b:13:f2:c5:9e:03:48:90:ed:5f:fe:65:01:12: 0f:3b:f2:1c:0e:d9:8a:3b:b4:89:1b:2f:4c:be:ea:39:51:7f: 36:5e:6f:fb:33:43:f9:93:4f:85:d2:43:28:43:3f:43:49:44: 68:0c:9b:7b:41:3b:dc:d3:26:33:5a:91:5f:57:5a:03:01:3e: fa:31:ee:90:5f:53:31:e3:65:ef:9d:07:25:a4:ba:eb:b1:fa: 8d:c8:de:46:b1:d4:24:30:f4:f8:08:2a:ad:96:39:d9:d2:fa: 08:f3:37:57:84:12:bd:d7:dc:d7:fc:6d:2a:63:48:65:64:92: a2:a6 -----BEGIN X509 CRL----- MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEYMBYGA1UE ChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsTB1Rlc3Rp bmcxFTATBgNVBAMTDENBMS1JQy4wMi4wNBcNOTkwMTAxMTIwMTAwWhcNNDgwMTAx MTIwMTAwWqAjMCEwCgYDVR0UBAMCAQEwEwYDVR0jBAwwCoAIjDm8K5YcGakwDQYJ KoZIhvcNAQEFBQADgYEAV5bX7WsT8sWeA0iQ7V/+ZQESDzvyHA7Ziju0iRsvTL7q OVF/Nl5v+zND+ZNPhdJDKEM/Q0lEaAybe0E73NMmM1qRX1daAwE++jHukF9TMeNl 750HJaS667H6jcjeRrHUJDD0+AgqrZY52dL6CPM3V4QSvdfc1/xtKmNIZWSSoqY= -----END X509 CRL----- Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/O=U.S. Government/OU=DoD/OU=Testing/CN=Trust Anchor Last Update: Jan 1 12:01:00 1999 GMT Next Update: Jan 1 12:01:00 2048 GMT CRL extensions: X509v3 CRL Number: 1 X509v3 Authority Key Identifier: keyid:AB:9A:EB:F9:C2:E7:54:8F Revoked Certificates: Serial Number: 27 Revocation Date: Jan 1 12:00:00 1999 GMT X509v3 CRL Reason Code: Key Compromise Signature Algorithm: sha1WithRSAEncryption 0b:b9:6a:67:07:a3:25:15:bb:42:fc:c7:d7:5f:fb:71:87:0b: de:b6:9c:80:cc:47:dc:f4:94:fe:e7:ef:c8:b9:3b:6a:14:7e: f9:1b:47:6a:bc:bf:59:e0:af:45:dc:b3:9c:b8:88:38:0f:19: 06:28:2e:5a:d5:4f:aa:c3:72:b0:d9:fb:58:ba:1f:40:85:5a: fb:f4:c3:dd:3f:a5:79:c7:b8:7b:53:70:19:0b:e3:e5:0f:9e: db:04:6d:19:78:3e:80:2b:93:8d:32:94:15:f2:91:9d:6c:fb: 3b:b4:72:88:92:8a:8a:6d:23:b4:01:78:46:40:a9:2d:e6:cd: 0a:16 -----BEGIN X509 CRL----- MIIBbzCB2QIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEYMBYGA1UE ChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsTB1Rlc3Rp bmcxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNOTkwMTAxMTIwMTAwWhcNNDgwMTAx MTIwMTAwWjAiMCACAScXDTk5MDEwMTEyMDAwMFowDDAKBgNVHRUEAwoBAaAjMCEw CgYDVR0UBAMCAQEwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEFBQAD gYEAC7lqZwejJRW7QvzH11/7cYcL3racgMxH3PSU/ufvyLk7ahR++RtHary/WeCv RdyznLiIOA8ZBiguWtVPqsNysNn7WLofQIVa+/TD3T+lece4e1NwGQvj5Q+e2wRt GXg+gCuTjTKUFfKRnWz7O7RyiJKKim0jtAF4RkCpLebNChY= -----END X509 CRL-----