[ In the intermediate certificate, the basicConstraints is set - non critical - and the CA is true. This should be validated. ] Certificate: Data: Version: 3 (0x2) Serial Number: 52 (0x34) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.04 Validity Not Before: Jan 1 12:01:00 1998 GMT Not After : Jan 1 12:01:00 2048 GMT Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=User1-IC.02.04 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c5:b8:e5:de:5d:3e:bc:d4:25:bb:91:20:37:90: e6:02:09:45:8c:62:f3:43:f1:3e:fc:52:98:97:bc: 49:c1:b5:03:e9:7b:e5:20:2d:80:b1:96:03:10:6a: c4:f4:b3:2f:eb:5e:04:15:2c:9e:67:f6:5e:c7:3c: fe:a4:07:1d:eb:fb:e2:e6:ad:d2:5c:6a:f5:8a:d9: de:7a:4b:5b:66:0d:a3:60:9f:c4:b2:b4:33:b1:75: fd:b8:64:1c:ad:9f:f6:db:48:bc:ea:eb:28:8e:bb: 05:e1:23:7c:00:94:2d:d2:44:86:5e:37:d6:e5:88: 35:65:74:a5:8f:9f:1e:af:a9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Certificate Policies: Policy: 2.16.840.1.101.3.1.48.1 X509v3 Subject Key Identifier: 23:AD:4D:9D:4B:E0:BE:36 X509v3 Authority Key Identifier: keyid:8C:39:BC:2B:96:1C:19:A9 Signature Algorithm: sha1WithRSAEncryption 8f:08:0b:ea:a3:27:9e:a5:2f:36:ca:6c:0d:a6:29:3d:0c:d3: 0a:a5:e4:aa:c8:59:86:cc:b9:1b:f9:cb:93:ad:b5:1f:f6:1b: 34:69:67:67:a6:ac:1c:69:63:61:56:0c:ce:39:9c:9f:2d:7a: cb:a9:ed:8a:ff:50:3c:1e:d8:a2:b0:31:db:b5:93:ee:94:0f: 16:56:bd:ea:cf:a7:33:fa:df:c1:61:cf:58:8e:90:18:3b:2a: b8:fa:e2:c0:99:bf:33:04:02:fb:5a:03:5c:41:4a:bd:d2:0b: d2:ea:de:8d:f7:79:86:08:97:61:b4:51:c0:c2:3b:92:6f:7b: 88:78 -----BEGIN CERTIFICATE----- MIIChjCCAe+gAwIBAgIBNDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsT B1Rlc3RpbmcxFTATBgNVBAMTDENBMS1JQy4wMi4wNDAeFw05ODAxMDExMjAxMDBa Fw00ODAxMDExMjAxMDBaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv dmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UE AxMOVXNlcjEtSUMuMDIuMDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMW4 5d5dPrzUJbuRIDeQ5gIJRYxi80PxPvxSmJe8ScG1A+l75SAtgLGWAxBqxPSzL+te BBUsnmf2Xsc8/qQHHev74uat0lxq9YrZ3npLW2YNo2CfxLK0M7F1/bhkHK2f9ttI vOrrKI67BeEjfACULdJEhl431uWINWV0pY+fHq+pAgMBAAGjUjBQMA4GA1UdDwEB /wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECgQII61NnUvg vjYwEwYDVR0jBAwwCoAIjDm8K5YcGakwDQYJKoZIhvcNAQEFBQADgYEAjwgL6qMn nqUvNspsDaYpPQzTCqXkqshZhsy5G/nLk621H/YbNGlnZ6asHGljYVYMzjmcny16 y6ntiv9QPB7YorAx27WT7pQPFla96s+nM/rfwWHPWI6QGDsquPriwJm/MwQC+1oD XEFKvdIL0urejfd5hgiXYbRRwMI7km97iHg= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 51 (0x33) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor Validity Not Before: Jan 1 12:01:00 1998 GMT Not After : Jan 1 12:01:00 2048 GMT Subject: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.04 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:df:e6:ee:68:b8:64:25:42:67:4d:7d:ce:1e:96: 5d:d1:5c:a5:a6:b6:af:9a:af:d5:4a:32:67:b7:92: 9f:03:71:b0:db:51:a5:70:96:f8:56:4e:43:8a:c5: bf:48:db:4f:30:7c:61:b6:9d:08:80:ad:ec:c8:c2: eb:65:01:27:fb:b1:6a:35:e8:43:da:a6:61:9d:08: 5f:ab:a7:57:69:8c:03:c1:52:e7:eb:b8:4c:82:67: c9:ee:d8:84:c3:e7:6c:2e:3d:8f:4e:01:c2:87:40: 4d:bf:6c:1a:42:25:69:30:f7:b7:d8:5f:a4:3d:3c: f5:b9:ba:86:d6:a1:42:6d:3b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Certificate Policies: Policy: 2.16.840.1.101.3.1.48.1 X509v3 Subject Key Identifier: 8C:39:BC:2B:96:1C:19:A9 X509v3 Authority Key Identifier: keyid:AB:9A:EB:F9:C2:E7:54:8F Signature Algorithm: sha1WithRSAEncryption 11:02:09:79:98:ff:1c:4d:c7:be:38:c9:57:b3:dd:53:ed:99: 7b:c3:9e:09:87:9e:58:3a:1c:c6:b0:3a:e3:bc:69:78:e9:2c: 55:70:57:2a:6a:b6:39:53:6a:a0:59:3b:60:db:65:49:4a:a2: 4b:64:e5:aa:31:aa:2e:d2:98:7a:d9:3b:6b:5e:ea:4b:ff:04: 21:07:2d:f8:7e:4a:59:db:e4:2e:46:0c:91:f2:00:00:c2:6f: 25:91:cf:1b:11:2f:8f:ea:15:3c:08:bd:14:84:d1:6c:57:4d: f0:9b:dd:a3:d3:00:b9:4d:aa:f1:dd:b1:f0:c1:76:df:a4:66: 11:db -----BEGIN CERTIFICATE----- MIICkjCCAfugAwIBAgIBMzANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEY MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsT B1Rlc3RpbmcxFTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBa Fw00ODAxMDExMjAxMDBaMF4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv dmVybm1lbnQxDDAKBgNVBAsTA0RvZDEQMA4GA1UECxMHVGVzdGluZzEVMBMGA1UE AxMMQ0ExLUlDLjAyLjA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDf5u5o uGQlQmdNfc4ell3RXKWmtq+ar9VKMme3kp8DcbDbUaVwlvhWTkOKxb9I208wfGG2 nQiArezIwutlASf7sWo16EPapmGdCF+rp1dpjAPBUufruEyCZ8nu2ITD52wuPY9O AcKHQE2/bBpCJWkw97fYX6Q9PPW5uobWoUJtOwIDAQABo2AwXjAMBgNVHRMEBTAD AQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNV HQ4ECgQIjDm8K5YcGakwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEF BQADgYEAEQIJeZj/HE3HvjjJV7PdU+2Ze8OeCYeeWDocxrA647xpeOksVXBXKmq2 OVNqoFk7YNtlSUqiS2TlqjGqLtKYetk7a17qS/8EIQct+H5KWdvkLkYMkfIAAMJv JZHPGxEvj+oVPAi9FITRbFdN8Jvdo9MAuU2q8d2x8MF236RmEds= -----END CERTIFICATE----- Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/O=U.S. Government/OU=Dod/OU=Testing/CN=CA1-IC.02.04 Last Update: Jan 1 12:01:00 1999 GMT Next Update: Jan 1 12:01:00 2048 GMT CRL extensions: X509v3 CRL Number: 1 X509v3 Authority Key Identifier: keyid:8C:39:BC:2B:96:1C:19:A9 No Revoked Certificates. Signature Algorithm: sha1WithRSAEncryption 57:96:d7:ed:6b:13:f2:c5:9e:03:48:90:ed:5f:fe:65:01:12: 0f:3b:f2:1c:0e:d9:8a:3b:b4:89:1b:2f:4c:be:ea:39:51:7f: 36:5e:6f:fb:33:43:f9:93:4f:85:d2:43:28:43:3f:43:49:44: 68:0c:9b:7b:41:3b:dc:d3:26:33:5a:91:5f:57:5a:03:01:3e: fa:31:ee:90:5f:53:31:e3:65:ef:9d:07:25:a4:ba:eb:b1:fa: 8d:c8:de:46:b1:d4:24:30:f4:f8:08:2a:ad:96:39:d9:d2:fa: 08:f3:37:57:84:12:bd:d7:dc:d7:fc:6d:2a:63:48:65:64:92: a2:a6 -----BEGIN X509 CRL----- MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEYMBYGA1UE ChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb2QxEDAOBgNVBAsTB1Rlc3Rp bmcxFTATBgNVBAMTDENBMS1JQy4wMi4wNBcNOTkwMTAxMTIwMTAwWhcNNDgwMTAx MTIwMTAwWqAjMCEwCgYDVR0UBAMCAQEwEwYDVR0jBAwwCoAIjDm8K5YcGakwDQYJ KoZIhvcNAQEFBQADgYEAV5bX7WsT8sWeA0iQ7V/+ZQESDzvyHA7Ziju0iRsvTL7q OVF/Nl5v+zND+ZNPhdJDKEM/Q0lEaAybe0E73NMmM1qRX1daAwE++jHukF9TMeNl 750HJaS667H6jcjeRrHUJDD0+AgqrZY52dL6CPM3V4QSvdfc1/xtKmNIZWSSoqY= -----END X509 CRL----- Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/O=U.S. Government/OU=DoD/OU=Testing/CN=Trust Anchor Last Update: Jan 1 12:01:00 1999 GMT Next Update: Jan 1 12:01:00 2048 GMT CRL extensions: X509v3 CRL Number: 1 X509v3 Authority Key Identifier: keyid:AB:9A:EB:F9:C2:E7:54:8F Revoked Certificates: Serial Number: 27 Revocation Date: Jan 1 12:00:00 1999 GMT X509v3 CRL Reason Code: Key Compromise Signature Algorithm: sha1WithRSAEncryption 0b:b9:6a:67:07:a3:25:15:bb:42:fc:c7:d7:5f:fb:71:87:0b: de:b6:9c:80:cc:47:dc:f4:94:fe:e7:ef:c8:b9:3b:6a:14:7e: f9:1b:47:6a:bc:bf:59:e0:af:45:dc:b3:9c:b8:88:38:0f:19: 06:28:2e:5a:d5:4f:aa:c3:72:b0:d9:fb:58:ba:1f:40:85:5a: fb:f4:c3:dd:3f:a5:79:c7:b8:7b:53:70:19:0b:e3:e5:0f:9e: db:04:6d:19:78:3e:80:2b:93:8d:32:94:15:f2:91:9d:6c:fb: 3b:b4:72:88:92:8a:8a:6d:23:b4:01:78:46:40:a9:2d:e6:cd: 0a:16 -----BEGIN X509 CRL----- MIIBbzCB2QIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEYMBYGA1UE ChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsTB1Rlc3Rp bmcxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNOTkwMTAxMTIwMTAwWhcNNDgwMTAx MTIwMTAwWjAiMCACAScXDTk5MDEwMTEyMDAwMFowDDAKBgNVHRUEAwoBAaAjMCEw CgYDVR0UBAMCAQEwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEFBQAD gYEAC7lqZwejJRW7QvzH11/7cYcL3racgMxH3PSU/ufvyLk7ahR++RtHary/WeCv RdyznLiIOA8ZBiguWtVPqsNysNn7WLofQIVa+/TD3T+lece4e1NwGQvj5Q+e2wRt GXg+gCuTjTKUFfKRnWz7O7RyiJKKim0jtAF4RkCpLebNChY= -----END X509 CRL----- Certificate: Data: Version: 3 (0x2) Serial Number: 99999 (0x1869f) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor Validity Not Before: Jan 1 12:01:00 1999 GMT Not After : Jan 1 12:01:00 2048 GMT Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: 1d:ba:f3:18:84:2a:82:2b:47 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: AB:9A:EB:F9:C2:E7:54:8F X509v3 Basic Constraints: CA:TRUE X509v3 Authority Key Identifier: keyid:AB:9A:EB:F9:C2:E7:54:8F Signature Algorithm: sha1WithRSAEncryption 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: 5a:45 -----BEGIN CERTIFICATE----- MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt 7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF -----END CERTIFICATE-----