-
-
Save RufusJWB/a6052bbc3833d15b1962d4a241fea771 to your computer and use it in GitHub Desktop.
scinfo with CardOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The Microsoft Smart Card Resource Manager is running. | |
Current reader/card status: | |
Readers: 5 | |
0: Alcorlink USB Smart Card Reader 0 | |
1: Certgate GmbH AirID 2 USB 0 | |
2: certgate GmbH AirID BLE F4B3B1AA3B3B 0 | |
3: Microsoft UICC ISO Reader f8e64934 0 | |
4: Windows Hello for Business 1 | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Status: SCARD_STATE_PRESENT | SCARD_STATE_INUSE | |
--- Status: The card is being shared by a process. | |
--- Card: CardOS V5.3 | |
--- ATR: | |
3b d2 18 00 81 31 fe 58 c9 03 16 ;....1.X... | |
--- Reader: Certgate GmbH AirID 2 USB 0 | |
--- Status: SCARD_STATE_EMPTY | |
--- Status: No card. | |
--- Card: | |
--- Reader: certgate GmbH AirID BLE F4B3B1AA3B3B 0 | |
--- Status: SCARD_STATE_EMPTY | |
--- Status: No card. | |
--- Card: | |
--- Reader: Microsoft UICC ISO Reader f8e64934 0 | |
--- Status: SCARD_STATE_PRESENT | |
--- Status: The card is available for use. | |
--- Card: | |
--- ATR: | |
3b 9e 96 80 1f c7 80 31 e0 73 fe 21 1b 66 d0 01 ;......1.s.!.f.. | |
a0 74 10 00 c5 .t... | |
--- Reader: Windows Hello for Business 1 | |
--- Status: SCARD_STATE_PRESENT | SCARD_STATE_INUSE | |
--- Status: The card is being shared by a process. | |
--- Card: Identity Device (Microsoft Generic Profile) | |
--- ATR: | |
3b 8d 01 80 fb a0 00 00 03 97 42 54 46 59 04 01 ;.........BTFY.. | |
cf . | |
======================================================= | |
Analyzing card in reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
================ Certificate 0 ================ | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Card: CardOS V5.3 | |
Provider = Microsoft Base Smart Card Crypto Provider | |
Key Container = Auth 2022-02-04 2025-02-04 [Default Container] | |
No AT_SIGNATURE key for reader: Alcorlink USB Smart Card Reader 0 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 434ce1e37846f52497c00c95e0e5d917 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=Siemens Issuing CA EE Auth 2021 | |
SERIALNUMBER=ZZZZZZD2 | |
O=Siemens | |
S=Bayern | |
C=DE | |
Name Hash(sha1): a95be6eafc665b5880976c12cd02ac396b36fb32 | |
Name Hash(md5): 4092418ee14171bbe9efdcd9ebedb70b | |
NotBefore: 04/02/2022 17:16 | |
NotAfter: 04/02/2025 17:16 | |
Subject: | |
CN=Buschart Rufus | |
SN=Buschart | |
G=Rufus | |
SERIALNUMBER=Z002M76A | |
E=rufus.buschart@siemens.com | |
O=Siemens | |
S=Bayern | |
C=DE | |
Name Hash(sha1): 727d91b2b0c55a8177b7af69c24f641cb05267d5 | |
Name Hash(md5): a4de8aa19b9b898779ae89f53bbc21e3 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 c8 13 06 c0 ce 85 61 | |
0010 5c 69 21 94 7d 6b c7 5f 69 aa f1 63 af ff 1f 45 | |
0020 cc af 8a f8 b7 1c 46 56 3d a2 cb e4 83 4c 68 2a | |
0030 72 12 00 dd 10 1e 21 13 a2 a0 38 2c 47 70 f0 e3 | |
0040 85 75 66 74 5b 38 52 9b cf 86 e1 37 66 2a 71 7d | |
0050 fc c3 c3 10 ed 9a bb c5 95 34 0d 7b 09 3f dd 92 | |
0060 d4 fd c8 e3 36 5c 06 cd d4 2e b9 35 e3 44 89 a9 | |
0070 37 e4 80 58 af 9c d9 cd 5f be 85 33 b0 8e d7 fd | |
0080 da 31 d5 68 ee 73 bb 21 c5 69 cd cc 45 ec cc a6 | |
0090 74 cb 9a ba 4d fb 36 f0 eb c9 36 3f cf 67 53 1b | |
00a0 18 e8 54 3c c1 f9 86 c9 1d d9 8a e3 53 03 1d 4e | |
00b0 2c 28 a4 e7 c7 6a e9 78 73 28 82 46 ee a3 c0 6e | |
00c0 3e 16 26 f5 6c 68 46 a4 48 ca 80 06 7a 33 06 b1 | |
00d0 48 61 05 4b 90 64 70 a5 10 f8 e2 49 8d 5e be 35 | |
00e0 ee 27 5f 33 1e 75 81 06 e3 8d 03 78 d7 ba 3d 36 | |
00f0 11 cc 5c 23 4b 25 b4 76 2b 18 0a aa e7 3b 8a 00 | |
0100 70 e2 be 99 15 5c e2 42 fd 02 03 01 00 01 | |
Certificate Extensions: 9 | |
1.3.6.1.5.5.7.1.1: Flags = 0, Length = ea | |
Authority Information Access | |
[1]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=http://ah.siemens.com/pki?ZZZZZZD2.crt | |
[2]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.net/CN=ZZZZZZD2,L=PKI?cACertificate | |
[3]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.com/CN=ZZZZZZD2,o=Trustcenter?cACertificate | |
[4]Authority Info Access | |
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) | |
Alternative Name: | |
URL=http://ocsp.siemens.com | |
2.5.29.32: Flags = 0, Length = 3f | |
Certificate Policies | |
[1]Certificate Policy: | |
Policy Identifier=1.3.6.1.4.1.4329.7.2.2.3.1.1 | |
[1,1]Policy Qualifier Info: | |
Policy Qualifier Id=CPS | |
Qualifier: | |
https://www.siemens.com/pki/ | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
2.5.29.37: Flags = 0, Length = 22 | |
Enhanced Key Usage | |
Client Authentication (1.3.6.1.5.5.7.3.2) | |
Secure Email (1.3.6.1.5.5.7.3.4) | |
Smart Card Logon (1.3.6.1.4.1.311.20.2.2) | |
2.5.29.17: Flags = 0, Length = 4a | |
Subject Alternative Name | |
Other Name: | |
Principal Name=rufus.buschart@siemens.com | |
RFC822 Name=rufus.buschart@siemens.com | |
2.5.29.31: Flags = 0, Length = c2 | |
CRL Distribution Points | |
[1]CRL Distribution Point | |
Distribution Point Name: | |
Full Name: | |
URL=http://ch.siemens.com/pki?ZZZZZZD2.crl | |
URL=ldap://cl.siemens.net/CN=ZZZZZZD2,L=PKI?certificateRevocationList | |
URL=ldap://cl.siemens.com/CN=ZZZZZZD2,o=Trustcenter?certificateRevocationList | |
2.5.29.35: Flags = 0, Length = 18 | |
Authority Key Identifier | |
KeyID=dc2ca79241ae419a17ecc6e5303debc2206688dd | |
2.5.29.15: Flags = 1(Critical), Length = 4 | |
Key Usage | |
Digital Signature (80) | |
2.5.29.14: Flags = 0, Length = 16 | |
Subject Key Identifier | |
cb7365da0e1fc1d2c801b84ff3e8f32d4e608da8 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 06 1a 19 21 56 3d e1 a9 60 17 69 ce a7 37 b3 4a | |
0010 59 fa 0f 3c 35 ab 8c 54 0a 1d aa 7f 49 80 cf ef | |
0020 35 29 c0 4b 1b c6 cc d6 c5 74 ba 6d 6c 29 93 8a | |
0030 4a 2a 31 43 26 d4 d2 5c 0c 33 39 4b 74 8c b6 de | |
0040 bd d5 cf 78 55 38 37 86 c0 df fa 2b c3 ed f2 3c | |
0050 c4 f0 d2 7c aa bf 52 97 df c2 20 80 eb 9a 03 81 | |
0060 bc ad 0a b1 f8 73 94 9a 95 bb b7 25 02 71 58 b6 | |
0070 d0 78 9f 32 69 c2 ea 1a 96 63 c8 f9 5c 24 75 35 | |
0080 e1 80 67 fd 52 07 61 3c 19 03 ed 0c 8b 39 94 a5 | |
0090 10 86 f9 05 17 8c 24 a1 83 0d 09 3a 4c 2a 95 a9 | |
00a0 e6 78 43 24 64 d5 89 49 e2 5e bd 38 49 97 13 71 | |
00b0 95 59 13 69 16 65 b3 5d b0 7e 08 49 97 46 f3 d9 | |
00c0 99 bc 88 40 d3 6a ba 52 95 f8 01 e6 6e ea 64 ad | |
00d0 07 be 3a ac 15 28 0d 7d d4 26 b5 53 10 97 de 6e | |
00e0 c6 f3 b1 50 58 fb 55 3b 8f 01 73 bd 31 82 f9 bb | |
00f0 1f 99 f4 f7 66 fb bf 06 f7 0f c2 0e 3e 85 13 ff | |
0100 9e 8e cb ac 35 1e 75 ee f7 76 c3 2a 9d 37 26 20 | |
0110 83 a4 2e f4 bb 26 84 26 57 67 34 4f 82 e1 c1 02 | |
0120 e2 03 e4 4a 3c ef 60 7b 6e cd f8 9f 6a 10 39 d5 | |
0130 1b fa 14 94 09 1f 7a 8c 15 9e a0 35 e5 db da 2b | |
0140 38 97 b7 c7 fa 85 d6 5d 36 a2 45 7d a4 7a 31 ba | |
0150 c6 5d b3 a9 7e 5d 15 a0 17 a2 58 a9 db f7 87 87 | |
0160 9c 81 38 f9 0b 38 49 fc 1f a2 4b c9 80 91 25 5d | |
0170 fe 4b c1 32 3f 6c ee 9f 94 8b d4 51 a9 25 26 70 | |
0180 d3 a5 90 f5 d0 be 5e 75 bf 34 be c7 a9 96 a7 16 | |
0190 68 4d f6 84 38 5e fa 49 72 aa 6f 89 08 75 ef fb | |
01a0 44 04 65 ff e0 2c ae 35 06 60 28 33 bf 5c d0 ac | |
01b0 62 cc 9c eb 1d a0 2d c0 b4 43 c6 29 0b d7 3b b3 | |
01c0 63 22 78 c4 b2 d8 02 68 46 19 c5 ee b3 fd 46 54 | |
01d0 2d b0 66 eb 58 ff f8 b9 be 3d 3a f2 fc 08 cb b0 | |
01e0 2a 31 2a f9 1c 28 4c 3b 62 4e 9c f8 a3 cb a6 0d | |
01f0 64 71 41 d5 be 5a 2e 6e 44 47 30 be fb ac 43 5a | |
Non-root Certificate | |
Key Id Hash(rfc-sha1): cb7365da0e1fc1d2c801b84ff3e8f32d4e608da8 | |
Key Id Hash(sha1): 4e4514b8e0d3189842263637fe20fca01a0d123e | |
Key Id Hash(bcrypt-sha1): 551b339a1ac7af7b8cd4861b1149cc54ec854b20 | |
Key Id Hash(bcrypt-sha256): 16d1e002b9ab3c5ffb031776fe5b9424c500f711ba44b8dd3703edbc21e37fc8 | |
Key Id Hash(md5): 21a4555462cb8ab5fc1784553b060c0f | |
Key Id Hash(sha256): f345f26ecc6c6e8fb6c11fa87c39b63b8a25f4ddc04b01701bb4a43d3c58cf1d | |
Key Id Hash(pin-sha256): hNvEL2bBxZkRe5Wc8bOvJeQa8rjeGqN8qMT3Ph4aDrI= | |
Key Id Hash(pin-sha256-hex): 84dbc42f66c1c599117b959cf1b3af25e41af2b8de1aa37ca8c4f73e1e1a0eb2 | |
Cert Hash(md5): e17a41ec35ca915b8892b6af415a2abf | |
Cert Hash(sha1): 7e591fee55444e23a409d4d4b5aa846ddee5f933 | |
Cert Hash(sha256): 11632d2f5d05d071363a92b05e3acf41a31067382a5646f4ac62af9fd556a428 | |
Signature Hash: 077bf14300b65d81fab7e69195d796c895608d5e26790a498625c6d748c9a8c0 | |
Performing AT_KEYEXCHANGE public key matching test... | |
Public key matching test succeeded | |
Key Container = Auth 2022-02-04 2025-02-04 | |
Simple container name: Auth 2022-02-04 2025-02-04 | |
Unique container name: Auth 2022-02-04 2025-02-04 | |
Provider = Microsoft Base Smart Card Crypto Provider | |
ProviderType = 1 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 1 -- AT_KEYEXCHANGE | |
Private key verifies | |
Performing cert chain verification... | |
Chain validates | |
Smart Card Logon: Chain validates | |
dwFlags = CA_VERIFY_FLAGS_NT_AUTH (0x10) | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
Application[0] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_NT_AUTH | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwRevocationFreshnessTime: 166 Days, 4 Hours, 31 Minutes, 48 Seconds | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwRevocationFreshnessTime: 166 Days, 4 Hours, 31 Minutes, 48 Seconds | |
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Issuing CA EE Auth 2021, SERIALNUMBER=ZZZZZZD2, O=Siemens, S=Bayern, C=DE | |
NotBefore: 04/02/2022 17:16 | |
NotAfter: 04/02/2025 17:16 | |
Subject: CN=Buschart Rufus, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A, E=rufus.buschart@siemens.com, O=Siemens, S=Bayern, C=DE | |
Serial: 434ce1e37846f52497c00c95e0e5d917 | |
SubjectAltName: Other Name:Principal Name=rufus.buschart@siemens.com, RFC822 Name=rufus.buschart@siemens.com | |
Cert: 7e591fee55444e23a409d4d4b5aa846ddee5f933 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZD2, O=Siemens, S=Bayern, C=DE | |
ThisUpdate: 13/11/2023 07:32 | |
NextUpdate: 19/11/2023 07:32 | |
CRL: afb659a006dd2d0981d5ce10d957a5c374c9fa46 | |
Issuance[0] = 1.3.6.1.4.1.4329.7.2.2.3.1.1 | |
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
Application[1] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[2] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Intermediate CA 2021, O=Siemens, C=DE | |
NotBefore: 31/05/2021 13:13 | |
NotAfter: 28/07/2025 13:18 | |
Subject: CN=Siemens Issuing CA EE Auth 2021, SERIALNUMBER=ZZZZZZD2, O=Siemens, S=Bayern, C=DE | |
Serial: 435b94f668f3112b56b1f226882ffd29 | |
Cert: 0a1fc331077933449ef400c2987bc28221b41af2 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZD0, O=Siemens, S=Bayern, C=DE | |
ThisUpdate: 06/09/2023 07:29 | |
NextUpdate: 05/12/2023 07:29 | |
CRL: df086115b7ce01d6a7f29623e64144124ac588fc | |
Issuance[0] = 1.3.6.1.4.1.4329.7 | |
Issuance[1] = 1.3.6.1.4.1.4329.7.2.2.3.1.1 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.1.2 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.3.2.1 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.2.3.2.2 | |
Issuance[5] = 1.3.6.1.4.1.4329.7.2.2.4.1.1 | |
Issuance[6] = 1.3.6.1.4.1.4329.7.2.2.4.1.2 | |
Issuance[7] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[8] = 1.3.6.1.4.1.4329.99 | |
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
Application[1] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[2] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 28/05/2021 13:18 | |
NotAfter: 05/06/2028 13:32 | |
Subject: CN=Siemens Intermediate CA 2021, O=Siemens, C=DE | |
Serial: 5119273643dfb6d51792779dbded5eb2 | |
Cert: a2fa475d7594b7155ddd3259215051719b965e07 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL 23: | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
ThisUpdate: 31/05/2023 10:17 | |
NextUpdate: 30/11/2023 10:17 | |
CRL: f2bd7fa69cadf5206742893c4907628e5fbcaa54 | |
Issuance[0] = 1.3.6.1.4.1.4329.7 | |
Issuance[1] = 1.3.6.1.4.1.4329.7.2.2.3.1.1 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.1.2 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.2.3.2.1 | |
Issuance[5] = 1.3.6.1.4.1.4329.7.2.2.3.2.2 | |
Issuance[6] = 1.3.6.1.4.1.4329.7.2.2.3.2.3 | |
Issuance[7] = 1.3.6.1.4.1.4329.7.2.2.4.1.1 | |
Issuance[8] = 1.3.6.1.4.1.4329.7.2.2.4.1.2 | |
Issuance[9] = 1.3.6.1.4.1.4329.7.2.2.4.1.3 | |
Issuance[10] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[11] = 1.3.6.1.4.1.4329.99 | |
Issuance[12] = 2.23.140.1.5.3.1 | |
Issuance[13] = 2.23.140.1.5.3.2 | |
Issuance[14] = 2.23.140.1.5.3.3 | |
Issuance[15] = 2.23.140.1.5.2.1 | |
Issuance[16] = 2.23.140.1.5.2.2 | |
Issuance[17] = 2.23.140.1.5.2.3 | |
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
Application[1] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[2] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[4] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[5] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
CertContext[0][3]: dwInfoStatus=10a dwErrorStatus=0 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 06/06/2016 14:30 | |
NotAfter: 06/06/2028 14:30 | |
Subject: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 762907e3 | |
Cert: a6ff9adaaa1925d18b1d4076c8d86b22d2557b19 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Exclude leaf cert: | |
Chain: 61624c7098de11fceea401d484e74d1b38784361 | |
Full chain: | |
Chain: 6ef4636bb44d4b5ba902537a6b41537217a4bd60 | |
Issuer: CN=Siemens Issuing CA EE Auth 2021, SERIALNUMBER=ZZZZZZD2, O=Siemens, S=Bayern, C=DE | |
NotBefore: 04/02/2022 17:16 | |
NotAfter: 04/02/2025 17:16 | |
Subject: CN=Buschart Rufus, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A, E=rufus.buschart@siemens.com, O=Siemens, S=Bayern, C=DE | |
Serial: 434ce1e37846f52497c00c95e0e5d917 | |
SubjectAltName: Other Name:Principal Name=rufus.buschart@siemens.com, RFC822 Name=rufus.buschart@siemens.com | |
Cert: 7e591fee55444e23a409d4d4b5aa846ddee5f933 | |
A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA) | |
------------------------------------ | |
Displayed AT_KEYEXCHANGE cert for reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
================ Certificate 1 ================ | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Card: CardOS V5.3 | |
Provider = Microsoft Base Smart Card Crypto Provider | |
Key Container = Encr 2022-02-04 2025-02-04 06 | |
No AT_SIGNATURE key for reader: Alcorlink USB Smart Card Reader 0 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 59d3799e9313e57be2874d7dc1653615 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=Siemens Issuing CA EE Enc 2021 | |
SERIALNUMBER=ZZZZZZD3 | |
O=Siemens | |
S=Bayern | |
C=DE | |
Name Hash(sha1): d251bf19bb92ff052b43a79e7f62eb151de333ad | |
Name Hash(md5): 4fc6a9759de2974c8ca59e3147e2e2a3 | |
NotBefore: 04/02/2022 17:16 | |
NotAfter: 04/02/2025 17:16 | |
Subject: | |
CN=Buschart Rufus | |
SN=Buschart | |
G=Rufus | |
SERIALNUMBER=Z002M76A | |
E=rufus.buschart@siemens.com | |
O=Siemens | |
S=Bayern | |
C=DE | |
Name Hash(sha1): 727d91b2b0c55a8177b7af69c24f641cb05267d5 | |
Name Hash(md5): a4de8aa19b9b898779ae89f53bbc21e3 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 8a e3 98 5a a0 5f 51 | |
0010 76 b4 0a 72 3a 2c c7 8c 89 17 ed b5 73 9a 9b e7 | |
0020 15 cc 22 ec f8 eb 67 a4 b0 50 c6 be bd c4 a9 dd | |
0030 d9 c8 78 49 b7 45 1e 00 13 7f 4f c6 bf 84 b1 56 | |
0040 a7 43 36 5e 66 ae 22 bc be a7 1a 1d 4a f6 cd 89 | |
0050 9b 4b b8 ed 92 00 d3 40 a0 6a 07 59 cd 11 ae b4 | |
0060 a9 3c 10 35 64 7b 15 96 3f 85 b1 8a 9f 6a c3 af | |
0070 07 8b b3 b7 9d 01 2e 95 b0 d8 f1 db 93 8c cf e1 | |
0080 29 36 4a 93 ec a8 7c 57 8c 06 c4 51 3d 95 3c 65 | |
0090 bd f7 27 28 22 31 3d 15 15 8c d4 a8 8a f4 0a dc | |
00a0 ee 46 26 0e 62 1c 75 78 7d 63 fd b7 83 ba 87 45 | |
00b0 fa 71 62 bc 48 85 74 63 d6 5c c5 2e 46 d0 c2 5c | |
00c0 ad 6e 57 65 33 6f a1 5c 7e ef 7a 9d b4 f3 c8 b1 | |
00d0 be d6 2a 03 00 5a 78 25 84 a9 42 5f fc a2 6d 81 | |
00e0 24 1d eb 86 68 9c 7c 1f ec 30 a2 eb ee 4b 1b b9 | |
00f0 02 7d 22 06 91 0f 0c f7 12 15 3d 53 71 72 1d 43 | |
0100 fc 15 9b a5 29 1f b5 2e 87 02 03 01 00 01 | |
Certificate Extensions: 9 | |
1.3.6.1.5.5.7.1.1: Flags = 0, Length = ea | |
Authority Information Access | |
[1]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=http://ah.siemens.com/pki?ZZZZZZD3.crt | |
[2]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.net/CN=ZZZZZZD3,L=PKI?cACertificate | |
[3]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.com/CN=ZZZZZZD3,o=Trustcenter?cACertificate | |
[4]Authority Info Access | |
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) | |
Alternative Name: | |
URL=http://ocsp.siemens.com | |
2.5.29.32: Flags = 0, Length = 3f | |
Certificate Policies | |
[1]Certificate Policy: | |
Policy Identifier=1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
[1,1]Policy Qualifier Info: | |
Policy Qualifier Id=CPS | |
Qualifier: | |
https://www.siemens.com/pki/ | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
2.5.29.37: Flags = 0, Length = 31 | |
Enhanced Key Usage | |
Secure Email (1.3.6.1.5.5.7.3.4) | |
Encrypting File System (1.3.6.1.4.1.311.10.3.4) | |
File Recovery (1.3.6.1.4.1.311.10.3.4.1) | |
BitLocker Drive Encryption (1.3.6.1.4.1.311.67.1.1) | |
2.5.29.17: Flags = 0, Length = 1e | |
Subject Alternative Name | |
RFC822 Name=rufus.buschart@siemens.com | |
2.5.29.31: Flags = 0, Length = c2 | |
CRL Distribution Points | |
[1]CRL Distribution Point | |
Distribution Point Name: | |
Full Name: | |
URL=http://ch.siemens.com/pki?ZZZZZZD3.crl | |
URL=ldap://cl.siemens.net/CN=ZZZZZZD3,L=PKI?certificateRevocationList | |
URL=ldap://cl.siemens.com/CN=ZZZZZZD3,o=Trustcenter?certificateRevocationList | |
2.5.29.35: Flags = 0, Length = 18 | |
Authority Key Identifier | |
KeyID=08dcfec8119cf53baec8df2b434547f6364cdaa5 | |
2.5.29.15: Flags = 1(Critical), Length = 4 | |
Key Usage | |
Key Encipherment, Data Encipherment (30) | |
2.5.29.14: Flags = 0, Length = 16 | |
Subject Key Identifier | |
254dd58ee98fb28d5a15122c27739aa56118673e | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 b6 20 f0 96 44 f4 bc 12 68 cd c6 b3 38 6a c6 6f | |
0010 74 6d 22 e7 50 54 5f fa c9 6c e9 d1 c9 4b e9 98 | |
0020 fe 4c b2 09 75 33 fe 24 72 a5 a3 23 2b e6 34 a6 | |
0030 4e ef 77 1c 61 b1 16 36 00 99 02 2a 10 7f b3 9b | |
0040 2e 69 3b 00 c4 75 86 d9 19 39 c6 af dd 8e d1 ac | |
0050 ae e9 66 b4 ff e0 4c ac f9 d0 86 2c f4 c5 1e a1 | |
0060 1b de b7 40 63 dc 63 87 26 a4 b0 3b 88 9e cb dc | |
0070 45 23 6b 06 78 05 22 7e 85 3b b6 e9 05 54 02 b8 | |
0080 85 f6 0e 16 f8 ec b8 7c be ce 72 fd 50 24 58 73 | |
0090 cd 18 18 16 92 c5 70 43 2a 46 aa e9 08 32 4f 92 | |
00a0 db 3f e4 54 e8 d0 e7 b3 75 a3 9f 2b 68 a5 a0 3a | |
00b0 84 3d 71 5e e5 eb af 0e 92 45 b2 de 1f fe e6 9d | |
00c0 eb 98 fc 51 4a df 1e d9 31 12 1e 59 67 33 dd 24 | |
00d0 a9 a4 b7 b0 45 86 56 58 6d f6 ff 74 61 8d 5d ac | |
00e0 32 df 17 58 31 46 f9 8d b5 3a 95 e5 ec b3 95 fc | |
00f0 24 c0 3d 41 ef 83 0b 1a 97 a7 ba 36 8f 63 65 91 | |
0100 54 7a b8 45 4b f4 6c 89 05 d4 ca d2 e9 68 22 9e | |
0110 aa de bb 21 0e 64 f1 a8 c3 e0 c3 ad 6d 37 06 1b | |
0120 81 d3 ec 04 0a a0 bb 79 d2 9a 53 c8 c5 a1 60 4b | |
0130 f1 8a 88 48 68 9d c6 e4 cd 8c f0 84 70 f6 82 b9 | |
0140 18 f2 10 34 b5 8d 59 20 0f d2 41 e2 32 03 8a 94 | |
0150 37 ed cc 76 9c c3 3c c4 47 89 04 84 28 fd 4b b1 | |
0160 98 73 c6 09 33 10 0d c8 f6 13 99 73 ef 90 12 72 | |
0170 06 a0 c1 c4 63 58 b8 8a aa cc 56 c0 f6 8f 0a f6 | |
0180 b2 4a 42 89 d6 bb 40 d0 62 65 53 28 fa 47 6b e4 | |
0190 5e 04 58 36 54 8c 38 59 1c e5 ee 36 61 40 65 da | |
01a0 22 de f6 29 61 cc 65 61 4a a4 4f 4f 5e ff ac 97 | |
01b0 50 b2 f5 02 b1 fd 0e 19 79 87 92 fc b0 ee 4b 2d | |
01c0 a0 4d 3e 4c eb 49 fb 3a c1 c4 60 b9 53 78 c3 8d | |
01d0 38 f1 ab 9f e3 07 c8 0b ab 8b ff 69 fc d0 94 70 | |
01e0 10 25 53 bd 06 ab 00 9a f2 30 d5 82 93 26 4b 2c | |
01f0 b2 22 7a f1 b6 44 07 79 5b 0e c7 4c 9e 2a 0a 3b | |
Non-root Certificate | |
Key Id Hash(rfc-sha1): 254dd58ee98fb28d5a15122c27739aa56118673e | |
Key Id Hash(sha1): 713e8a395e1cb9eeaec8eb52a6815756dace9b4d | |
Key Id Hash(bcrypt-sha1): a0eede5b688078daf07fb5fa41a96dec9b5197fc | |
Key Id Hash(bcrypt-sha256): 4e9de7f67cbc533a1d7caaed75182d195c6fc64ae45834040496a8de21af60d5 | |
Key Id Hash(md5): b2a9518998a21d5cb052217f6449c462 | |
Key Id Hash(sha256): 760f206fe0c6283d9dc2699d448ae6c27d84b2875aba06cb6422bf86d59c1510 | |
Key Id Hash(pin-sha256): JAiBPnq9RjbhNjisqwV5/gMcI9iIW/vzNa4weFymVK0= | |
Key Id Hash(pin-sha256-hex): 2408813e7abd4636e13638acab0579fe031c23d8885bfbf335ae30785ca654ad | |
Cert Hash(md5): aa2a6c33006247a626608c83afb2a36f | |
Cert Hash(sha1): dac5b02ba5c26f07e85b56be1fcf336ba96bb0d3 | |
Cert Hash(sha256): 97d2fa6e92784ec995cce23f41a7767afba99129fc7c54714affd8458cd5a2ea | |
Signature Hash: a3bcca08a10cf1e7d1b245d205a02aea60ccac90bcbcf15bb20f8b6bc2737809 | |
Performing AT_KEYEXCHANGE public key matching test... | |
Public key matching test succeeded | |
Key Container = Encr 2022-02-04 2025-02-04 06 | |
Simple container name: Encr 2022-02-04 2025-02-04 06 | |
Unique container name: Encr 2022-02-04 2025-02-04 06 | |
Provider = Microsoft Base Smart Card Crypto Provider | |
ProviderType = 1 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 1 -- AT_KEYEXCHANGE | |
Private key verifies | |
Performing cert chain verification... | |
Chain validates | |
Smart Card Logon: Chain on smart card is invalid | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_BASE | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwRevocationFreshnessTime: 166 Days, 4 Hours, 31 Minutes, 48 Seconds | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwRevocationFreshnessTime: 166 Days, 4 Hours, 31 Minutes, 48 Seconds | |
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Issuing CA EE Enc 2021, SERIALNUMBER=ZZZZZZD3, O=Siemens, S=Bayern, C=DE | |
NotBefore: 04/02/2022 17:16 | |
NotAfter: 04/02/2025 17:16 | |
Subject: CN=Buschart Rufus, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A, E=rufus.buschart@siemens.com, O=Siemens, S=Bayern, C=DE | |
Serial: 59d3799e9313e57be2874d7dc1653615 | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: dac5b02ba5c26f07e85b56be1fcf336ba96bb0d3 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZD3, O=Siemens, S=Bayern, C=DE | |
ThisUpdate: 13/11/2023 07:33 | |
NextUpdate: 19/11/2023 07:33 | |
CRL: 92994b66be8096fe929c47a8cb1f06f891de1dc7 | |
Issuance[0] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Intermediate CA 2021, O=Siemens, C=DE | |
NotBefore: 31/05/2021 13:24 | |
NotAfter: 28/07/2025 13:18 | |
Subject: CN=Siemens Issuing CA EE Enc 2021, SERIALNUMBER=ZZZZZZD3, O=Siemens, S=Bayern, C=DE | |
Serial: 50094f56b2286daace7c6aed623f9968 | |
Cert: f876cb6e92dc1331bcd21502ed7684aeceffb634 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZD0, O=Siemens, S=Bayern, C=DE | |
ThisUpdate: 06/09/2023 07:29 | |
NextUpdate: 05/12/2023 07:29 | |
CRL: b986c5285d4fdc38db30960fbf244a22c33ecd5a | |
Issuance[0] = 1.3.6.1.4.1.4329.7 | |
Issuance[1] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.2.3 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.4.1.3 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[5] = 1.3.6.1.4.1.4329.99 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 28/05/2021 13:18 | |
NotAfter: 05/06/2028 13:32 | |
Subject: CN=Siemens Intermediate CA 2021, O=Siemens, C=DE | |
Serial: 5119273643dfb6d51792779dbded5eb2 | |
Cert: a2fa475d7594b7155ddd3259215051719b965e07 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL 23: | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
ThisUpdate: 31/05/2023 10:17 | |
NextUpdate: 30/11/2023 10:17 | |
CRL: f2bd7fa69cadf5206742893c4907628e5fbcaa54 | |
Issuance[0] = 1.3.6.1.4.1.4329.7 | |
Issuance[1] = 1.3.6.1.4.1.4329.7.2.2.3.1.1 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.1.2 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.2.3.2.1 | |
Issuance[5] = 1.3.6.1.4.1.4329.7.2.2.3.2.2 | |
Issuance[6] = 1.3.6.1.4.1.4329.7.2.2.3.2.3 | |
Issuance[7] = 1.3.6.1.4.1.4329.7.2.2.4.1.1 | |
Issuance[8] = 1.3.6.1.4.1.4329.7.2.2.4.1.2 | |
Issuance[9] = 1.3.6.1.4.1.4329.7.2.2.4.1.3 | |
Issuance[10] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[11] = 1.3.6.1.4.1.4329.99 | |
Issuance[12] = 2.23.140.1.5.3.1 | |
Issuance[13] = 2.23.140.1.5.3.2 | |
Issuance[14] = 2.23.140.1.5.3.3 | |
Issuance[15] = 2.23.140.1.5.2.1 | |
Issuance[16] = 2.23.140.1.5.2.2 | |
Issuance[17] = 2.23.140.1.5.2.3 | |
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
Application[1] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[2] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[4] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[5] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
CertContext[0][3]: dwInfoStatus=10a dwErrorStatus=0 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 06/06/2016 14:30 | |
NotAfter: 06/06/2028 14:30 | |
Subject: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 762907e3 | |
Cert: a6ff9adaaa1925d18b1d4076c8d86b22d2557b19 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Exclude leaf cert: | |
Chain: 9c0e626dbab9db4a3d585b4b3f50a94edfc2347d | |
Full chain: | |
Chain: f76f4e1fcdcfad239760524888a698e9e33ee595 | |
------------------------------------ | |
Verified Issuance Policies: | |
1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Verified Application Policies: | |
1.3.6.1.5.5.7.3.4 Secure Email | |
1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
Displayed AT_KEYEXCHANGE cert for reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
================ Certificate 2 ================ | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Card: CardOS V5.3 | |
Provider = Microsoft Base Smart Card Crypto Provider | |
Key Container = Encr 2018-12-18 2021-12-18 07 | |
No AT_SIGNATURE key for reader: Alcorlink USB Smart Card Reader 0 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 30ae49e6 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=Siemens Issuing CA EE Enc 2016 | |
OU=Siemens Trust Center | |
SERIALNUMBER=ZZZZZZA3 | |
O=Siemens | |
L=Muenchen | |
S=Bayern | |
C=DE | |
Name Hash(sha1): 2501679e709f6cd270ae4b18214b01eb549853db | |
Name Hash(md5): 5005bc182a93547d8736670530caf830 | |
NotBefore: 18/12/2018 10:10 | |
NotAfter: 18/12/2021 10:10 | |
Subject: | |
CN=Buschart Rufus | |
O=Siemens | |
SN=Buschart | |
G=Rufus | |
SERIALNUMBER=Z002M76A | |
Name Hash(sha1): 4dff57ecd21818024ece1799dd434865dca43675 | |
Name Hash(md5): d5fa4126b8c3df1dd0a013f51a6c9f43 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 b6 90 03 d3 60 6b 5f | |
0010 8e ca f5 da f2 c7 ff 97 cb ee 17 42 26 9b 9a 46 | |
0020 16 b1 aa 2f 31 46 87 83 d6 c9 e2 ca 05 69 47 da | |
0030 9e 14 90 c0 99 c5 16 97 fe c8 a5 40 08 34 27 f6 | |
0040 28 1d a6 be f3 52 d5 c6 7d 27 ba 4c 2b 3a d5 2e | |
0050 dc 24 b5 50 f7 48 ae 3d 01 b7 71 60 43 40 22 39 | |
0060 50 37 27 00 e1 25 c7 09 92 87 e3 2e e9 1e 09 77 | |
0070 94 bb 86 71 ad 84 c0 c6 e9 d1 b7 14 f2 9b cf 5c | |
0080 cc aa 40 d3 a7 1a 8a 97 5f 5b d3 68 6d 38 12 08 | |
0090 ee c0 c5 db c8 6d 3d 2e 2a 13 87 08 9a 37 9c 96 | |
00a0 7c 1c cb 1a 99 e8 58 0f e9 72 cb 00 9f 02 27 4c | |
00b0 a0 6a fd 01 39 30 62 ed 94 a8 ee 23 f4 03 83 40 | |
00c0 1d 69 4f f3 29 e1 6d 59 88 c5 0c 29 a6 e9 c6 e3 | |
00d0 ca c4 64 c3 d5 2b 76 16 f2 73 12 02 75 9c dc 2b | |
00e0 5a 92 de 75 7b 9f f5 33 71 05 b6 1d 91 21 68 37 | |
00f0 ce fa 3d 8f 78 98 bd 62 1b 57 9a d5 6b cd 65 c7 | |
0100 c1 2e 2a fb 38 ae 4a 13 c1 02 03 01 00 01 | |
Certificate Extensions: 9 | |
1.3.6.1.5.5.7.1.1: Flags = 0, Length = f7 | |
Authority Information Access | |
[1]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=http://ah.siemens.com/pki?ZZZZZZA3.crt | |
[2]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.net/CN=ZZZZZZA3,L=PKI?cACertificate | |
[3]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.com/CN=ZZZZZZA3,o=Trustcenter?cACertificate | |
[4]Authority Info Access | |
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) | |
Alternative Name: | |
URL=http://ocsp.pki-services.siemens.com | |
2.5.29.35: Flags = 0, Length = 18 | |
Authority Key Identifier | |
KeyID=a1ab2c6ea07af0d3c24dea1ff11e218afc0cadef | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
2.5.29.32: Flags = 0, Length = 3e | |
Certificate Policies | |
[1]Certificate Policy: | |
Policy Identifier=1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
[1,1]Policy Qualifier Info: | |
Policy Qualifier Id=CPS | |
Qualifier: | |
http://www.siemens.com/pki/ | |
2.5.29.31: Flags = 0, Length = c2 | |
CRL Distribution Points | |
[1]CRL Distribution Point | |
Distribution Point Name: | |
Full Name: | |
URL=http://ch.siemens.com/pki?ZZZZZZA3.crl | |
URL=ldap://cl.siemens.net/CN=ZZZZZZA3,L=PKI?certificateRevocationList | |
URL=ldap://cl.siemens.com/CN=ZZZZZZA3,o=Trustcenter?certificateRevocationList | |
2.5.29.37: Flags = 0, Length = 25 | |
Enhanced Key Usage | |
Secure Email (1.3.6.1.5.5.7.3.4) | |
Encrypting File System (1.3.6.1.4.1.311.10.3.4) | |
File Recovery (1.3.6.1.4.1.311.10.3.4.1) | |
2.5.29.15: Flags = 1(Critical), Length = 4 | |
Key Usage | |
Key Encipherment, Data Encipherment (30) | |
2.5.29.17: Flags = 0, Length = 1e | |
Subject Alternative Name | |
RFC822 Name=rufus.buschart@siemens.com | |
2.5.29.14: Flags = 0, Length = 16 | |
Subject Key Identifier | |
b7c4c5ea85c22a695595db058d1fac8c959d1644 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 01 03 e9 9b 84 75 ec 75 0f 03 fe 95 68 e9 d4 e1 | |
0010 a8 eb 22 e0 9f df 39 80 4b 55 05 fe e2 c2 b3 ff | |
0020 f1 e5 de e9 83 22 0d c3 52 b9 b7 34 f8 47 55 ee | |
0030 d3 d2 ff 5e 17 d0 18 3d 8b 17 57 52 33 74 a6 db | |
0040 1f d8 cd 65 6e 13 8b 8d cc 6d 72 a5 a3 c7 c7 ae | |
0050 c2 aa e3 24 e4 bb d1 c7 37 29 5d f1 c6 fa 20 97 | |
0060 50 14 bd 97 b4 4b 3d 85 e5 fb 9f 5f d5 4b 58 2b | |
0070 2b 25 fe ee dc 79 62 9e e0 ec 8d c4 16 3f 0c df | |
0080 26 68 22 b6 07 bf a7 3d 29 15 35 15 39 9f 17 9f | |
0090 25 3b 60 aa d3 f3 70 1b 8b f8 d2 cf d5 4f ac 00 | |
00a0 aa 18 16 30 ce 13 97 e6 3c 1c 51 1f 02 fa 0d 9b | |
00b0 bf be 27 91 10 87 13 90 18 0d 77 69 6f 4c 8a ce | |
00c0 b1 50 f4 24 84 a7 53 01 d2 5f eb 2d 7f 10 8f cc | |
00d0 b8 7e 1e 8a e0 be b2 03 85 e2 08 56 f8 c6 39 87 | |
00e0 88 77 1f 3d ea 07 67 86 80 b8 ca 5e 45 a5 b5 dd | |
00f0 51 8a 39 4e 7e 83 9b 64 b3 e7 5a 68 9e 5e 6f 05 | |
0100 14 dc fb b0 3b 89 a1 e5 a8 d4 b5 7e fb d3 13 4b | |
0110 8e 1d 6e 49 71 00 36 95 76 9e 66 97 40 90 03 59 | |
0120 cc 92 12 88 96 d5 82 4a b4 ad 1a 61 93 e4 e9 c4 | |
0130 3e 13 1e 85 77 78 a9 cb af 06 57 ce e5 9e 10 0f | |
0140 14 0f 87 ce 9b aa fd 20 db ce bd 15 e4 d5 93 e5 | |
0150 49 7d 92 ca df 4b 85 e1 b8 5c 5a 64 29 a4 39 5a | |
0160 85 d4 24 6c bb 44 83 73 c6 b0 6e 85 c4 e5 5e 76 | |
0170 2f e7 af dc a5 82 1c b3 0f a3 ec 71 ed 7d e5 7b | |
0180 0d 4b f5 37 5b ea 87 bb 3f 9a d8 ff 8f ca 98 3a | |
0190 3f 80 ad 06 b8 4c b1 7c 87 cf 9f c0 d7 a5 e4 69 | |
01a0 65 75 37 f4 e2 b0 75 ec 03 05 98 a3 a3 a3 c0 7b | |
01b0 4d c1 c7 16 b5 2f 3c 73 51 ca e5 f8 b0 a1 ed ea | |
01c0 fe 0d db e9 01 70 b8 f3 bb 50 2b 7d f5 05 16 61 | |
01d0 47 be 8d be e8 a2 a5 4e 89 ae eb c2 71 bb 99 0a | |
01e0 cc f3 92 35 b7 2f 5b 05 8e b3 f7 ac e3 a5 eb ae | |
01f0 e6 3e d1 59 5c 26 ca 6a 9a 15 31 d0 26 31 f1 59 | |
Non-root Certificate | |
Key Id Hash(rfc-sha1): b7c4c5ea85c22a695595db058d1fac8c959d1644 | |
Key Id Hash(sha1): 5ed5ccc9b0b2ef8160efe624ce3436d952941dce | |
Key Id Hash(bcrypt-sha1): 15b81dfdcf2911c471deff02c23fbf9b87e03216 | |
Key Id Hash(bcrypt-sha256): 024e1eb6212606f73fdb076b48f32f84ec257bbea9b08314752efffb62eefbde | |
Key Id Hash(md5): a10ce0ac7485193961d4c23e0a6cdcf1 | |
Key Id Hash(sha256): f7cf7dfd26de6d416ea2603d127ed306b1dde6b5cedfba2d25c6d1370dae4de7 | |
Key Id Hash(pin-sha256): 6sAb2FyjRDt5lMYYDOqzi6/tJX4dJUxuC0f9dlstFnE= | |
Key Id Hash(pin-sha256-hex): eac01bd85ca3443b7994c6180ceab38bafed257e1d254c6e0b47fd765b2d1671 | |
Cert Hash(md5): 844ece950cd20497750745a941ce3b15 | |
Cert Hash(sha1): 0612fb97d0ffd0f95aae6533720296cb1c44c5b0 | |
Cert Hash(sha256): 68147986f91c21c092fbbb8e37f268e15fe90862ad20a9f2d8265abe5ea6723a | |
Signature Hash: 6420da167afa9a368f405d7d173133db362269a2ceb500c94026b1b62f0b2363 | |
Performing AT_KEYEXCHANGE public key matching test... | |
Public key matching test succeeded | |
Key Container = Encr 2018-12-18 2021-12-18 07 | |
Simple container name: Encr 2018-12-18 2021-12-18 07 | |
Unique container name: Encr 2018-12-18 2021-12-18 07 | |
Provider = Microsoft Base Smart Card Crypto Provider | |
ProviderType = 1 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 1 -- AT_KEYEXCHANGE | |
Private key verifies | |
Performing cert chain verification... | |
CertGetCertificateChain(dwErrorStatus) = 0x5 | |
Chain on smart card is invalid | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_BASE | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
ChainContext.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
ChainContext.dwRevocationFreshnessTime: 937 Days, 2 Hours, 58 Minutes, 37 Seconds | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
SimpleChain.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
SimpleChain.dwRevocationFreshnessTime: 937 Days, 2 Hours, 58 Minutes, 37 Seconds | |
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=5 | |
Issuer: CN=Siemens Issuing CA EE Enc 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 18/12/2018 10:10 | |
NotAfter: 18/12/2021 10:10 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 30ae49e6 | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: 0612fb97d0ffd0f95aae6533720296cb1c44c5b0 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
Element.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
CRL 0c1d: | |
Issuer: CN=Siemens Issuing CA EE Enc 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
ThisUpdate: 20/04/2021 11:50 | |
NextUpdate: 19/07/2022 11:50 | |
CRL: d7bb7e768759a3108486515cba73c6bde271e29b | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=1 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 20/07/2016 14:24 | |
NotAfter: 20/07/2022 14:24 | |
Subject: CN=Siemens Issuing CA EE Enc 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 4aba7bc8 | |
Cert: 0a9b014fa2e69ab97f6b54b8c07c07b66fa2aa64 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
CRL 23: | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
ThisUpdate: 31/05/2023 10:17 | |
NextUpdate: 30/11/2023 10:17 | |
CRL: f2bd7fa69cadf5206742893c4907628e5fbcaa54 | |
Issuance[0] = 1.3.6.1.4.1.4329.7 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.5.5.7.3.9 OCSP Signing | |
CertContext[0][2]: dwInfoStatus=10a dwErrorStatus=0 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 06/06/2016 14:30 | |
NotAfter: 06/06/2028 14:30 | |
Subject: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 762907e3 | |
Cert: a6ff9adaaa1925d18b1d4076c8d86b22d2557b19 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Exclude leaf cert: | |
Chain: 959c93ce73eb021a8a31887ad21106552dd51799 | |
Full chain: | |
Chain: 18bcaa0386b1b15c615706f57642a8e116183bdf | |
Issuer: CN=Siemens Issuing CA EE Enc 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 18/12/2018 10:10 | |
NotAfter: 18/12/2021 10:10 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 30ae49e6 | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: 0612fb97d0ffd0f95aae6533720296cb1c44c5b0 | |
The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED) | |
------------------------------------ | |
Certificate is REVOKED | |
Displayed AT_KEYEXCHANGE cert for reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
================ Certificate 3 ================ | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Card: CardOS V5.3 | |
Provider = Microsoft Base Smart Card Crypto Provider | |
Key Container = Encr 2020-10-01 2023-10-01 08 | |
No AT_SIGNATURE key for reader: Alcorlink USB Smart Card Reader 0 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 4926847824c7a5932a27122feb70cadd | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=Siemens Issuing CA EE Enc 2020 | |
OU=Siemens Trust Center | |
SERIALNUMBER=ZZZZZZB3 | |
O=Siemens | |
L=Muenchen | |
S=Bayern | |
C=DE | |
Name Hash(sha1): 26edccc791df38a6dd2c6b7ccfd8d5748a350582 | |
Name Hash(md5): c18ae53abdce5d16f28bdc577f0d9e7b | |
NotBefore: 01/10/2020 16:00 | |
NotAfter: 01/10/2023 16:00 | |
Subject: | |
CN=Buschart Rufus | |
O=Siemens | |
SN=Buschart | |
G=Rufus | |
SERIALNUMBER=Z002M76A | |
Name Hash(sha1): c45dd50cb26e622f579d1a94a819002657199ac3 | |
Name Hash(md5): ca22eedd9c77b8e5d8d836fb33d07af2 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 90 34 c2 43 f3 86 40 | |
0010 a6 35 3e b8 cd b2 f8 4b 0c ad e6 e8 18 c9 10 c3 | |
0020 b7 df 25 d3 5c 04 4a 8b a4 9e 4f d7 a3 df 9e f3 | |
0030 2e e4 43 de 79 e1 c1 db 4e 8f 7a f2 58 e8 b9 27 | |
0040 d3 91 d3 c9 c8 38 44 e7 79 a6 50 32 7b 16 eb 55 | |
0050 a7 f7 63 22 6d 97 f2 46 18 c2 b4 73 1c 81 3a 28 | |
0060 1d c0 c9 fd 7e 04 3a f0 c0 03 a5 72 48 56 45 d2 | |
0070 b7 d4 ef b4 d0 74 12 9d eb 64 97 13 43 82 2e 6f | |
0080 8e 0a 6f 18 3a 08 d5 47 5e e6 b9 a5 14 2a 26 a2 | |
0090 97 81 34 be 35 a7 96 34 3a 4a 7f 6c 31 94 ba ae | |
00a0 30 d8 d9 18 1b ec 56 40 a3 a9 2e e9 4b cc 32 d9 | |
00b0 d0 c2 47 0a 32 fa 02 29 2a e7 36 cc 69 07 b2 6a | |
00c0 dd b9 f4 ff 0d 82 dc 30 3c 10 2a 6c 13 d1 4b a3 | |
00d0 f7 e4 0a c9 96 9a 3c 71 bb bb 9f cf 59 f4 16 5c | |
00e0 87 48 08 63 6b ea 05 eb 14 6f c7 8e b4 7e 67 14 | |
00f0 e6 5e 8b 87 bd b8 db bc 95 87 66 a6 c6 9d d0 10 | |
0100 bc 4f f9 b6 66 ca 53 4e f3 02 03 01 00 01 | |
Certificate Extensions: 9 | |
2.5.29.37: Flags = 0, Length = 31 | |
Enhanced Key Usage | |
Secure Email (1.3.6.1.5.5.7.3.4) | |
Encrypting File System (1.3.6.1.4.1.311.10.3.4) | |
File Recovery (1.3.6.1.4.1.311.10.3.4.1) | |
BitLocker Drive Encryption (1.3.6.1.4.1.311.67.1.1) | |
2.5.29.35: Flags = 0, Length = 18 | |
Authority Key Identifier | |
KeyID=b6f991e3859f0c3cb68972539e41348d702af9bd | |
1.3.6.1.5.5.7.1.1: Flags = 0, Length = ea | |
Authority Information Access | |
[1]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=http://ah.siemens.com/pki?ZZZZZZB3.crt | |
[2]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.net/CN=ZZZZZZB3,L=PKI?cACertificate | |
[3]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.com/CN=ZZZZZZB3,o=Trustcenter?cACertificate | |
[4]Authority Info Access | |
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) | |
Alternative Name: | |
URL=http://ocsp.siemens.com | |
2.5.29.32: Flags = 0, Length = 3f | |
Certificate Policies | |
[1]Certificate Policy: | |
Policy Identifier=1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
[1,1]Policy Qualifier Info: | |
Policy Qualifier Id=CPS | |
Qualifier: | |
https://www.siemens.com/pki/ | |
2.5.29.31: Flags = 0, Length = c2 | |
CRL Distribution Points | |
[1]CRL Distribution Point | |
Distribution Point Name: | |
Full Name: | |
URL=http://ch.siemens.com/pki?ZZZZZZB3.crl | |
URL=ldap://cl.siemens.net/CN=ZZZZZZB3,L=PKI?certificateRevocationList | |
URL=ldap://cl.siemens.com/CN=ZZZZZZB3,o=Trustcenter?certificateRevocationList | |
2.5.29.14: Flags = 0, Length = 16 | |
Subject Key Identifier | |
ad2d72d62986d19b3ca351b88ceb120eec56affc | |
2.5.29.15: Flags = 1(Critical), Length = 4 | |
Key Usage | |
Key Encipherment, Data Encipherment (30) | |
2.5.29.17: Flags = 0, Length = 1e | |
Subject Alternative Name | |
RFC822 Name=rufus.buschart@siemens.com | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 5f 1e c3 db 2c 31 2a 9a af 21 36 4a 62 3f 5f 81 | |
0010 4a 1e 39 42 21 b4 90 87 c7 51 74 cc 36 50 b7 04 | |
0020 f6 bf c9 1e 2f 20 cf 72 31 14 ef 9c 03 5b 58 a6 | |
0030 f6 82 3a 35 80 7c e7 62 af 80 bc ba 8d 78 6c b6 | |
0040 a0 5a 80 d7 10 62 e9 8c a3 cd a5 c9 e0 52 82 64 | |
0050 87 2d b4 7c b3 0f d7 96 0f 6d 39 c7 0f 44 1a 30 | |
0060 20 0d 30 b4 79 64 8e c0 a7 ac a2 10 9b e6 a9 05 | |
0070 c5 0f 0f 96 67 77 f1 4a 5f 26 58 b4 88 85 6d e5 | |
0080 84 79 73 60 4c bc 1a 8f 38 e7 7e c3 44 40 70 f6 | |
0090 eb dd 24 85 d8 6d 51 37 f3 4f 0e f9 51 cf 36 06 | |
00a0 a7 24 5c 4c f6 29 31 9d 22 18 52 07 dd 35 a6 a1 | |
00b0 0d 95 6a 78 4e 0a c9 07 46 50 e5 bb fa 48 bc 78 | |
00c0 fc 69 d2 f3 da 20 97 3c a0 40 a2 92 20 1c e8 22 | |
00d0 ac 76 44 42 d9 77 ed 2b 10 c7 e3 13 da a8 b2 b6 | |
00e0 6c ea 8e 4e 8e 46 9c 09 8e f4 e9 15 9d b7 02 ce | |
00f0 69 cc 79 39 f7 d4 fb f7 6e 09 c9 7b 93 9c ec 36 | |
0100 d9 de 87 93 10 eb 8b 40 72 ff 07 a3 82 ff c0 d0 | |
0110 7a 35 00 5f 64 f4 6a f5 ca 53 d1 f6 f0 57 00 1b | |
0120 bd 0b 75 cd 9c 33 9c 9d 97 9e 7b f5 a2 ec e5 44 | |
0130 f9 ed 15 ba 48 08 ae 32 2b ef f0 b2 f9 b2 59 ae | |
0140 2f fe fe de 78 72 3d 37 5c 01 7b 53 6d 55 62 43 | |
0150 3f 98 4a be 53 84 2d bd db 36 0b 95 ca b5 47 47 | |
0160 86 fa 97 78 04 da c3 83 3b b5 55 48 b9 a6 f3 2d | |
0170 55 02 a0 dc a2 ba 62 8f 23 a6 67 c3 75 21 4b 37 | |
0180 6d a6 3a e7 ec a9 73 0e 33 f0 26 f0 40 e6 a2 1a | |
0190 b1 40 3f f6 75 98 0d ab 1c fd 16 38 7a 77 fd 5d | |
01a0 8f 80 e1 82 9b 4f c1 45 74 62 0e 5d d3 cb 12 b4 | |
01b0 5d c8 ed 32 90 22 d4 fd d8 2d 0c 4d 95 ef 8c 38 | |
01c0 ab 06 3e ea 87 86 07 46 62 88 e5 95 7b b0 ab d0 | |
01d0 21 2b 02 c2 c3 b5 17 b6 91 11 b8 50 d1 b5 38 69 | |
01e0 91 8c 70 2c a2 eb c1 48 14 44 09 f2 4a ad 76 46 | |
01f0 d9 a9 78 76 67 d3 bd 50 9f 0e e1 2f 0d 95 c7 26 | |
Non-root Certificate | |
Key Id Hash(rfc-sha1): ad2d72d62986d19b3ca351b88ceb120eec56affc | |
Key Id Hash(sha1): 292fafb82084c3802f5459c9e4975c92099a6a04 | |
Key Id Hash(bcrypt-sha1): de1caa3baa7b8dd478fc92c98d11f93e83bb5d12 | |
Key Id Hash(bcrypt-sha256): 530c93e3d01fc6795c6e50ecd4639e88d02e887262e3d59e73fa97f8b3455728 | |
Key Id Hash(md5): fd528e16080616bbbd3f9d5e153e9536 | |
Key Id Hash(sha256): 9560f3adad3ccb7198b7c4f98a8332d063c87f274cb47e11a4b3dfbec577fcdb | |
Key Id Hash(pin-sha256): ABcYQyxZISLGN6wsPmp1DEumJSOxOwLiriztyve/bzg= | |
Key Id Hash(pin-sha256-hex): 001718432c592122c637ac2c3e6a750c4ba62523b13b02e2ae2cedcaf7bf6f38 | |
Cert Hash(md5): da7ccbf880c14556bcbee1871d7a18c1 | |
Cert Hash(sha1): eee7d167071fd7804f664c6db3cae5ead47ff586 | |
Cert Hash(sha256): ac76484dd10b3378de9ea923748a1e4a0c9a5dd9483aa616d5bd251b8ec2aed0 | |
Signature Hash: 2038885d787207b8952d16a5900fdf551258e123699049ed499b3f251b0c24fd | |
Performing AT_KEYEXCHANGE public key matching test... | |
Public key matching test succeeded | |
Key Container = Encr 2020-10-01 2023-10-01 08 | |
Simple container name: Encr 2020-10-01 2023-10-01 08 | |
Unique container name: Encr 2020-10-01 2023-10-01 08 | |
Provider = Microsoft Base Smart Card Crypto Provider | |
ProviderType = 1 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 1 -- AT_KEYEXCHANGE | |
Private key verifies | |
Performing cert chain verification... | |
CertGetCertificateChain(dwErrorStatus) = 0x1 | |
Chain on smart card is invalid | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_BASE | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
ChainContext.dwRevocationFreshnessTime: 4 Days, 1 Hours, 6 Minutes, 55 Seconds | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
SimpleChain.dwRevocationFreshnessTime: 4 Days, 1 Hours, 6 Minutes, 55 Seconds | |
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1 | |
Issuer: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 01/10/2020 16:00 | |
NotAfter: 01/10/2023 16:00 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 4926847824c7a5932a27122feb70cadd | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: eee7d167071fd7804f664c6db3cae5ead47ff586 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZB3, O=Siemens, C=DE | |
ThisUpdate: 09/11/2023 13:42 | |
NextUpdate: 15/11/2023 13:42 | |
CRL: fdf3376740476c6e554f8267802e8ed71efb07ab | |
Issuance[0] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
CertContext[0][1]: dwInfoStatus=502 dwErrorStatus=0 | |
Issuer: CN=QuoVadis Enterprise Trust CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 29/06/2020 15:35 | |
NotAfter: 29/06/2026 15:35 | |
Subject: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 47bdd59cd76ec23740fd38ddefdc18861b4fdf1d | |
Cert: 9419871ef5ab173ce9c62ed9351d6065e9f1ed66 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
CRL (null): | |
Issuer: CN=QuoVadis OCSP Authority Signature, O=QuoVadis Limited, C=BM | |
ThisUpdate: 13/11/2023 14:35 | |
NextUpdate: 15/11/2023 14:35 | |
CRL: f1b608ab001d5fba07850dcad4466d28d3134da7 | |
Issuance[0] = 1.3.6.1.4.1.8024.0.3.1800.0 | |
Issuance[1] = 1.3.6.1.4.1.4329.7 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.2.3 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.2.4.1.3 | |
Issuance[5] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[6] = 1.3.6.1.4.1.4329.99 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 06/06/2016 15:43 | |
NotAfter: 06/06/2031 15:43 | |
Subject: CN=QuoVadis Enterprise Trust CA 3 G3, O=QuoVadis Limited, C=BM | |
Serial: 0c2163a44924ffb7fcdb675acdcaee7208cca95a | |
Cert: 7e649cce9bf28f62f03b3e0edd4983fe167f9888 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=QuoVadis OCSP Authority Signature, O=QuoVadis Limited, C=BM | |
ThisUpdate: 13/11/2023 14:16 | |
NextUpdate: 15/11/2023 14:16 | |
CRL: ddb134063fc1aa6e532a50b9726bbcde8c352ed7 | |
CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0 | |
Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 12/01/2012 21:26 | |
NotAfter: 12/01/2042 21:26 | |
Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
Serial: 2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d | |
Cert: 4812bd923ca8c43906e7306d2796e6a4cf222e7d | |
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Exclude leaf cert: | |
Chain: 1de2dfc21b201e085496cc6a5940991483157c66 | |
Full chain: | |
Chain: bba85def2e6c858bd3abe512655b962fe8be3f0f | |
Issuer: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 01/10/2020 16:00 | |
NotAfter: 01/10/2023 16:00 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 4926847824c7a5932a27122feb70cadd | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: eee7d167071fd7804f664c6db3cae5ead47ff586 | |
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495 CERT_E_EXPIRED) | |
------------------------------------ | |
Expired certificate | |
Displayed AT_KEYEXCHANGE cert for reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
================ Certificate 4 ================ | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Card: CardOS V5.3 | |
Provider = Microsoft Base Smart Card Crypto Provider | |
Key Container = Encr 2020-12-11 2023-12-11 09 | |
No AT_SIGNATURE key for reader: Alcorlink USB Smart Card Reader 0 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 760eaa9d31aa56bdfd94087f2aa3dad0 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=Siemens Issuing CA EE Enc 2020 | |
OU=Siemens Trust Center | |
SERIALNUMBER=ZZZZZZB3 | |
O=Siemens | |
L=Muenchen | |
S=Bayern | |
C=DE | |
Name Hash(sha1): 26edccc791df38a6dd2c6b7ccfd8d5748a350582 | |
Name Hash(md5): c18ae53abdce5d16f28bdc577f0d9e7b | |
NotBefore: 11/12/2020 14:55 | |
NotAfter: 11/12/2023 14:55 | |
Subject: | |
CN=Buschart Rufus | |
O=Siemens | |
SN=Buschart | |
G=Rufus | |
SERIALNUMBER=Z002M76A | |
Name Hash(sha1): c45dd50cb26e622f579d1a94a819002657199ac3 | |
Name Hash(md5): ca22eedd9c77b8e5d8d836fb33d07af2 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 98 4b 21 c3 56 38 43 | |
0010 03 cc 90 56 4c 6b 46 f6 3b 33 a6 84 ac 9e 2a ce | |
0020 c7 f8 e7 10 38 3d 0a f5 b3 de da cc 3c e5 f3 23 | |
0030 d3 8f cd 43 05 f7 e1 c8 f6 d3 b2 6f d9 17 03 ef | |
0040 c3 5b b8 02 4b d7 45 d2 2d 3c 64 c0 b2 cd e4 a1 | |
0050 58 7c d8 d1 aa 80 4a c8 d2 7f 9a bc 62 0f b1 32 | |
0060 26 a5 99 19 a0 47 ff e8 aa 09 b4 a7 67 64 d0 e3 | |
0070 38 a5 69 b3 97 a0 5d 3a 9f 1a 40 75 7f 93 61 28 | |
0080 fb 61 34 f5 77 be a9 3f 07 4d e8 ab 5e a3 d0 ca | |
0090 f1 2b 7e 15 96 4e 2c 14 71 c7 1b a0 12 e2 b5 40 | |
00a0 7b cf 38 76 58 2e 21 f5 33 62 4f ce bf 0d 51 5d | |
00b0 f9 55 83 4a 5a ef 1a c9 ee cf 24 f5 ef e8 89 c3 | |
00c0 dc 04 57 39 d6 3e e3 b8 b3 df bc d9 fd 97 53 1b | |
00d0 e9 31 3a 3b 11 d6 5e 24 db 0f eb d1 8a 1f 0f 38 | |
00e0 f5 0a f1 45 16 03 69 8f 2e 76 93 f7 27 49 9b 76 | |
00f0 6a 78 aa fb 89 d4 92 4c a4 69 0e 7a 20 19 3e b3 | |
0100 4f 77 fa e2 02 b0 a6 df 0d 02 03 01 00 01 | |
Certificate Extensions: 9 | |
2.5.29.37: Flags = 0, Length = 31 | |
Enhanced Key Usage | |
Secure Email (1.3.6.1.5.5.7.3.4) | |
Encrypting File System (1.3.6.1.4.1.311.10.3.4) | |
File Recovery (1.3.6.1.4.1.311.10.3.4.1) | |
BitLocker Drive Encryption (1.3.6.1.4.1.311.67.1.1) | |
2.5.29.35: Flags = 0, Length = 18 | |
Authority Key Identifier | |
KeyID=b6f991e3859f0c3cb68972539e41348d702af9bd | |
1.3.6.1.5.5.7.1.1: Flags = 0, Length = ea | |
Authority Information Access | |
[1]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=http://ah.siemens.com/pki?ZZZZZZB3.crt | |
[2]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.net/CN=ZZZZZZB3,L=PKI?cACertificate | |
[3]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.com/CN=ZZZZZZB3,o=Trustcenter?cACertificate | |
[4]Authority Info Access | |
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) | |
Alternative Name: | |
URL=http://ocsp.siemens.com | |
2.5.29.32: Flags = 0, Length = 3f | |
Certificate Policies | |
[1]Certificate Policy: | |
Policy Identifier=1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
[1,1]Policy Qualifier Info: | |
Policy Qualifier Id=CPS | |
Qualifier: | |
https://www.siemens.com/pki/ | |
2.5.29.31: Flags = 0, Length = c2 | |
CRL Distribution Points | |
[1]CRL Distribution Point | |
Distribution Point Name: | |
Full Name: | |
URL=http://ch.siemens.com/pki?ZZZZZZB3.crl | |
URL=ldap://cl.siemens.net/CN=ZZZZZZB3,L=PKI?certificateRevocationList | |
URL=ldap://cl.siemens.com/CN=ZZZZZZB3,o=Trustcenter?certificateRevocationList | |
2.5.29.14: Flags = 0, Length = 16 | |
Subject Key Identifier | |
c282709a4d4ae5122b5d0a6e9240d41bff2f0cb3 | |
2.5.29.15: Flags = 1(Critical), Length = 4 | |
Key Usage | |
Key Encipherment, Data Encipherment (30) | |
2.5.29.17: Flags = 0, Length = 1e | |
Subject Alternative Name | |
RFC822 Name=rufus.buschart@siemens.com | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 64 10 d2 c6 e2 f6 d6 ea 9e 4c ad 0d 97 90 65 4f | |
0010 29 da f3 fa df 31 f2 2a b3 56 df fd 87 b1 90 fb | |
0020 7d 40 67 0c 81 05 28 d4 57 00 9b 41 f4 5f f4 29 | |
0030 46 63 25 1d 52 13 7d ae 9f 03 93 cc 77 68 da 4b | |
0040 08 d3 c1 ba a8 ca 75 ed d2 5d 58 92 74 5b fe 30 | |
0050 9f 59 65 be c6 40 d8 71 71 31 e3 e1 59 62 a1 a4 | |
0060 41 38 d4 7f 13 af af c6 bb d7 fe 17 76 ec 50 7f | |
0070 e4 96 20 13 b4 35 13 48 70 19 61 5d 65 88 32 be | |
0080 17 1b 04 aa 83 b0 b9 a6 d8 71 fe a2 1f 96 b4 d6 | |
0090 41 ec 1a 5b 5f f8 52 43 9e f0 e9 2c 69 19 ba c9 | |
00a0 9d 7b e3 b0 a3 e6 88 71 bd d2 a7 01 a3 84 d0 f6 | |
00b0 18 d2 f7 82 64 25 e6 d0 54 8f 9d c7 37 a5 b5 32 | |
00c0 6a d1 f6 8d 6e 69 25 c5 40 ff c5 03 3e af 27 9a | |
00d0 dc d4 e9 39 36 c6 3b 90 f9 b0 e2 34 79 9c cb 02 | |
00e0 ad c4 7f 4c fb 5b b9 c2 0e 87 d6 53 1f d9 eb 2b | |
00f0 fb 45 d5 50 2d 1c d8 41 97 82 1c 7d b2 12 50 13 | |
0100 c9 01 86 4a af 6a 59 49 28 17 ab e6 82 80 b2 76 | |
0110 6b e8 0b 7d 24 7a ac 49 f9 4f ce 18 9a 80 86 f8 | |
0120 b5 a4 3e 97 d3 33 c8 ce f3 a3 45 d5 ef c3 13 c7 | |
0130 04 c6 17 fd 16 6f 70 04 9a 12 21 74 61 cf e9 3e | |
0140 36 4a 50 77 3b 19 63 81 32 88 79 c4 eb 40 77 69 | |
0150 54 8a 0f 92 34 67 be 92 30 98 0b c3 e4 73 89 6e | |
0160 85 b1 3e 27 77 49 84 47 28 cb f9 46 6b d8 07 d3 | |
0170 8b ba 29 ff 48 8c 81 17 ca 1a c3 d2 5a 55 29 f6 | |
0180 7b e4 cf ef 77 8d 4c 07 3f 89 cd 5a 57 9b d8 40 | |
0190 39 bb ff 91 93 81 b0 d8 b7 20 9e 85 5b 82 20 e0 | |
01a0 cc de 4d ce d7 21 2f 75 60 bd e5 70 6f 5c 98 b8 | |
01b0 06 03 a3 63 8d 00 ca 56 9b 0f 29 9f 29 f8 5e 47 | |
01c0 cc 13 8e e1 32 c2 da 4a 01 b4 3a c8 28 93 4c 1f | |
01d0 36 bf 16 84 21 91 32 8a 13 96 70 75 71 95 25 30 | |
01e0 ad b7 4c e7 3c ca b1 fc f7 f5 01 ea 93 2f c2 17 | |
01f0 c1 ae 0c 63 d1 b5 87 18 63 5c 51 24 a6 ea 48 35 | |
Non-root Certificate | |
Key Id Hash(rfc-sha1): c282709a4d4ae5122b5d0a6e9240d41bff2f0cb3 | |
Key Id Hash(sha1): e22bee19d1ecd5a2ed7c9de04743fb7bb1e94e9c | |
Key Id Hash(bcrypt-sha1): 8e860584fd51e8dc8513d2f9ddb9e3c687ee9280 | |
Key Id Hash(bcrypt-sha256): f89b8800771b29c2cdf1ff653abfc584ff1f16a5ce49910f74a3a61cb2d8ae55 | |
Key Id Hash(md5): 7d4df372816a056992c9572b5753f887 | |
Key Id Hash(sha256): a36c68c69ccbd1a2c9bd530dce97804c0e0c7b3678ec4dbcdc9dece2d76d8646 | |
Key Id Hash(pin-sha256): S1JpODNu17cw0OIZpIlzqhkfTAep5MVSvY9RRmsqycY= | |
Key Id Hash(pin-sha256-hex): 4b526938336ed7b730d0e219a48973aa191f4c07a9e4c552bd8f51466b2ac9c6 | |
Cert Hash(md5): 1133dae1942992c05a4822db852d416d | |
Cert Hash(sha1): 99a5dae73e2adf42bb54645ac8b4f03c8637b7e0 | |
Cert Hash(sha256): 6cba612dbbbb6d4996570c3ec19b733d6d0ae8a0b3a0e10ced59cd325406dc4a | |
Signature Hash: ac108c7e9a6021226f4dc96801e473dd0618c20b4263651f3649ecdb64be135f | |
Performing AT_KEYEXCHANGE public key matching test... | |
Public key matching test succeeded | |
Key Container = Encr 2020-12-11 2023-12-11 09 | |
Simple container name: Encr 2020-12-11 2023-12-11 09 | |
Unique container name: Encr 2020-12-11 2023-12-11 09 | |
Provider = Microsoft Base Smart Card Crypto Provider | |
ProviderType = 1 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 1 -- AT_KEYEXCHANGE | |
Private key verifies | |
Performing cert chain verification... | |
CertGetCertificateChain(dwErrorStatus) = 0x4 | |
Chain on smart card is invalid | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_BASE | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
ChainContext.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
ChainContext.dwRevocationFreshnessTime: 3 Days, 14 Hours, 41 Minutes, 56 Seconds | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
SimpleChain.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
SimpleChain.dwRevocationFreshnessTime: 3 Days, 14 Hours, 41 Minutes, 56 Seconds | |
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=4 | |
Issuer: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 11/12/2020 14:55 | |
NotAfter: 11/12/2023 14:55 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 760eaa9d31aa56bdfd94087f2aa3dad0 | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: 99a5dae73e2adf42bb54645ac8b4f03c8637b7e0 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZB3, O=Siemens, C=DE | |
ThisUpdate: 10/11/2023 00:07 | |
NextUpdate: 15/11/2023 13:42 | |
CRL: d212b772276b0b08f0856ae67ab5720dcdca8082 | |
Issuance[0] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
CertContext[0][1]: dwInfoStatus=502 dwErrorStatus=0 | |
Issuer: CN=QuoVadis Enterprise Trust CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 29/06/2020 15:35 | |
NotAfter: 29/06/2026 15:35 | |
Subject: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 47bdd59cd76ec23740fd38ddefdc18861b4fdf1d | |
Cert: 9419871ef5ab173ce9c62ed9351d6065e9f1ed66 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
CRL (null): | |
Issuer: CN=QuoVadis OCSP Authority Signature, O=QuoVadis Limited, C=BM | |
ThisUpdate: 13/11/2023 14:35 | |
NextUpdate: 15/11/2023 14:35 | |
CRL: f1b608ab001d5fba07850dcad4466d28d3134da7 | |
Issuance[0] = 1.3.6.1.4.1.8024.0.3.1800.0 | |
Issuance[1] = 1.3.6.1.4.1.4329.7 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.2.3 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.2.4.1.3 | |
Issuance[5] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[6] = 1.3.6.1.4.1.4329.99 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 06/06/2016 15:43 | |
NotAfter: 06/06/2031 15:43 | |
Subject: CN=QuoVadis Enterprise Trust CA 3 G3, O=QuoVadis Limited, C=BM | |
Serial: 0c2163a44924ffb7fcdb675acdcaee7208cca95a | |
Cert: 7e649cce9bf28f62f03b3e0edd4983fe167f9888 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=QuoVadis OCSP Authority Signature, O=QuoVadis Limited, C=BM | |
ThisUpdate: 13/11/2023 14:16 | |
NextUpdate: 15/11/2023 14:16 | |
CRL: ddb134063fc1aa6e532a50b9726bbcde8c352ed7 | |
CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0 | |
Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 12/01/2012 21:26 | |
NotAfter: 12/01/2042 21:26 | |
Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
Serial: 2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d | |
Cert: 4812bd923ca8c43906e7306d2796e6a4cf222e7d | |
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Exclude leaf cert: | |
Chain: 123026a331a78b1897b9ef03fd2f43faf35b6e15 | |
Full chain: | |
Chain: 42afdb5320211ea39b4d06e23ebbfd5e7f6ff5ba | |
Issuer: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 11/12/2020 14:55 | |
NotAfter: 11/12/2023 14:55 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 760eaa9d31aa56bdfd94087f2aa3dad0 | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: 99a5dae73e2adf42bb54645ac8b4f03c8637b7e0 | |
The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED) | |
------------------------------------ | |
Certificate is REVOKED | |
Displayed AT_KEYEXCHANGE cert for reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
================ Certificate 0 ================ | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Card: CardOS V5.3 | |
Provider = Microsoft Smart Card Key Storage Provider | |
Key Container = Auth 2022-02-04 2025-02-04 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 434ce1e37846f52497c00c95e0e5d917 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=Siemens Issuing CA EE Auth 2021 | |
SERIALNUMBER=ZZZZZZD2 | |
O=Siemens | |
S=Bayern | |
C=DE | |
Name Hash(sha1): a95be6eafc665b5880976c12cd02ac396b36fb32 | |
Name Hash(md5): 4092418ee14171bbe9efdcd9ebedb70b | |
NotBefore: 04/02/2022 17:16 | |
NotAfter: 04/02/2025 17:16 | |
Subject: | |
CN=Buschart Rufus | |
SN=Buschart | |
G=Rufus | |
SERIALNUMBER=Z002M76A | |
E=rufus.buschart@siemens.com | |
O=Siemens | |
S=Bayern | |
C=DE | |
Name Hash(sha1): 727d91b2b0c55a8177b7af69c24f641cb05267d5 | |
Name Hash(md5): a4de8aa19b9b898779ae89f53bbc21e3 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 c8 13 06 c0 ce 85 61 | |
0010 5c 69 21 94 7d 6b c7 5f 69 aa f1 63 af ff 1f 45 | |
0020 cc af 8a f8 b7 1c 46 56 3d a2 cb e4 83 4c 68 2a | |
0030 72 12 00 dd 10 1e 21 13 a2 a0 38 2c 47 70 f0 e3 | |
0040 85 75 66 74 5b 38 52 9b cf 86 e1 37 66 2a 71 7d | |
0050 fc c3 c3 10 ed 9a bb c5 95 34 0d 7b 09 3f dd 92 | |
0060 d4 fd c8 e3 36 5c 06 cd d4 2e b9 35 e3 44 89 a9 | |
0070 37 e4 80 58 af 9c d9 cd 5f be 85 33 b0 8e d7 fd | |
0080 da 31 d5 68 ee 73 bb 21 c5 69 cd cc 45 ec cc a6 | |
0090 74 cb 9a ba 4d fb 36 f0 eb c9 36 3f cf 67 53 1b | |
00a0 18 e8 54 3c c1 f9 86 c9 1d d9 8a e3 53 03 1d 4e | |
00b0 2c 28 a4 e7 c7 6a e9 78 73 28 82 46 ee a3 c0 6e | |
00c0 3e 16 26 f5 6c 68 46 a4 48 ca 80 06 7a 33 06 b1 | |
00d0 48 61 05 4b 90 64 70 a5 10 f8 e2 49 8d 5e be 35 | |
00e0 ee 27 5f 33 1e 75 81 06 e3 8d 03 78 d7 ba 3d 36 | |
00f0 11 cc 5c 23 4b 25 b4 76 2b 18 0a aa e7 3b 8a 00 | |
0100 70 e2 be 99 15 5c e2 42 fd 02 03 01 00 01 | |
Certificate Extensions: 9 | |
1.3.6.1.5.5.7.1.1: Flags = 0, Length = ea | |
Authority Information Access | |
[1]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=http://ah.siemens.com/pki?ZZZZZZD2.crt | |
[2]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.net/CN=ZZZZZZD2,L=PKI?cACertificate | |
[3]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.com/CN=ZZZZZZD2,o=Trustcenter?cACertificate | |
[4]Authority Info Access | |
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) | |
Alternative Name: | |
URL=http://ocsp.siemens.com | |
2.5.29.32: Flags = 0, Length = 3f | |
Certificate Policies | |
[1]Certificate Policy: | |
Policy Identifier=1.3.6.1.4.1.4329.7.2.2.3.1.1 | |
[1,1]Policy Qualifier Info: | |
Policy Qualifier Id=CPS | |
Qualifier: | |
https://www.siemens.com/pki/ | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
2.5.29.37: Flags = 0, Length = 22 | |
Enhanced Key Usage | |
Client Authentication (1.3.6.1.5.5.7.3.2) | |
Secure Email (1.3.6.1.5.5.7.3.4) | |
Smart Card Logon (1.3.6.1.4.1.311.20.2.2) | |
2.5.29.17: Flags = 0, Length = 4a | |
Subject Alternative Name | |
Other Name: | |
Principal Name=rufus.buschart@siemens.com | |
RFC822 Name=rufus.buschart@siemens.com | |
2.5.29.31: Flags = 0, Length = c2 | |
CRL Distribution Points | |
[1]CRL Distribution Point | |
Distribution Point Name: | |
Full Name: | |
URL=http://ch.siemens.com/pki?ZZZZZZD2.crl | |
URL=ldap://cl.siemens.net/CN=ZZZZZZD2,L=PKI?certificateRevocationList | |
URL=ldap://cl.siemens.com/CN=ZZZZZZD2,o=Trustcenter?certificateRevocationList | |
2.5.29.35: Flags = 0, Length = 18 | |
Authority Key Identifier | |
KeyID=dc2ca79241ae419a17ecc6e5303debc2206688dd | |
2.5.29.15: Flags = 1(Critical), Length = 4 | |
Key Usage | |
Digital Signature (80) | |
2.5.29.14: Flags = 0, Length = 16 | |
Subject Key Identifier | |
cb7365da0e1fc1d2c801b84ff3e8f32d4e608da8 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 06 1a 19 21 56 3d e1 a9 60 17 69 ce a7 37 b3 4a | |
0010 59 fa 0f 3c 35 ab 8c 54 0a 1d aa 7f 49 80 cf ef | |
0020 35 29 c0 4b 1b c6 cc d6 c5 74 ba 6d 6c 29 93 8a | |
0030 4a 2a 31 43 26 d4 d2 5c 0c 33 39 4b 74 8c b6 de | |
0040 bd d5 cf 78 55 38 37 86 c0 df fa 2b c3 ed f2 3c | |
0050 c4 f0 d2 7c aa bf 52 97 df c2 20 80 eb 9a 03 81 | |
0060 bc ad 0a b1 f8 73 94 9a 95 bb b7 25 02 71 58 b6 | |
0070 d0 78 9f 32 69 c2 ea 1a 96 63 c8 f9 5c 24 75 35 | |
0080 e1 80 67 fd 52 07 61 3c 19 03 ed 0c 8b 39 94 a5 | |
0090 10 86 f9 05 17 8c 24 a1 83 0d 09 3a 4c 2a 95 a9 | |
00a0 e6 78 43 24 64 d5 89 49 e2 5e bd 38 49 97 13 71 | |
00b0 95 59 13 69 16 65 b3 5d b0 7e 08 49 97 46 f3 d9 | |
00c0 99 bc 88 40 d3 6a ba 52 95 f8 01 e6 6e ea 64 ad | |
00d0 07 be 3a ac 15 28 0d 7d d4 26 b5 53 10 97 de 6e | |
00e0 c6 f3 b1 50 58 fb 55 3b 8f 01 73 bd 31 82 f9 bb | |
00f0 1f 99 f4 f7 66 fb bf 06 f7 0f c2 0e 3e 85 13 ff | |
0100 9e 8e cb ac 35 1e 75 ee f7 76 c3 2a 9d 37 26 20 | |
0110 83 a4 2e f4 bb 26 84 26 57 67 34 4f 82 e1 c1 02 | |
0120 e2 03 e4 4a 3c ef 60 7b 6e cd f8 9f 6a 10 39 d5 | |
0130 1b fa 14 94 09 1f 7a 8c 15 9e a0 35 e5 db da 2b | |
0140 38 97 b7 c7 fa 85 d6 5d 36 a2 45 7d a4 7a 31 ba | |
0150 c6 5d b3 a9 7e 5d 15 a0 17 a2 58 a9 db f7 87 87 | |
0160 9c 81 38 f9 0b 38 49 fc 1f a2 4b c9 80 91 25 5d | |
0170 fe 4b c1 32 3f 6c ee 9f 94 8b d4 51 a9 25 26 70 | |
0180 d3 a5 90 f5 d0 be 5e 75 bf 34 be c7 a9 96 a7 16 | |
0190 68 4d f6 84 38 5e fa 49 72 aa 6f 89 08 75 ef fb | |
01a0 44 04 65 ff e0 2c ae 35 06 60 28 33 bf 5c d0 ac | |
01b0 62 cc 9c eb 1d a0 2d c0 b4 43 c6 29 0b d7 3b b3 | |
01c0 63 22 78 c4 b2 d8 02 68 46 19 c5 ee b3 fd 46 54 | |
01d0 2d b0 66 eb 58 ff f8 b9 be 3d 3a f2 fc 08 cb b0 | |
01e0 2a 31 2a f9 1c 28 4c 3b 62 4e 9c f8 a3 cb a6 0d | |
01f0 64 71 41 d5 be 5a 2e 6e 44 47 30 be fb ac 43 5a | |
Non-root Certificate | |
Key Id Hash(rfc-sha1): cb7365da0e1fc1d2c801b84ff3e8f32d4e608da8 | |
Key Id Hash(sha1): 4e4514b8e0d3189842263637fe20fca01a0d123e | |
Key Id Hash(bcrypt-sha1): 551b339a1ac7af7b8cd4861b1149cc54ec854b20 | |
Key Id Hash(bcrypt-sha256): 16d1e002b9ab3c5ffb031776fe5b9424c500f711ba44b8dd3703edbc21e37fc8 | |
Key Id Hash(md5): 21a4555462cb8ab5fc1784553b060c0f | |
Key Id Hash(sha256): f345f26ecc6c6e8fb6c11fa87c39b63b8a25f4ddc04b01701bb4a43d3c58cf1d | |
Key Id Hash(pin-sha256): hNvEL2bBxZkRe5Wc8bOvJeQa8rjeGqN8qMT3Ph4aDrI= | |
Key Id Hash(pin-sha256-hex): 84dbc42f66c1c599117b959cf1b3af25e41af2b8de1aa37ca8c4f73e1e1a0eb2 | |
Cert Hash(md5): e17a41ec35ca915b8892b6af415a2abf | |
Cert Hash(sha1): 7e591fee55444e23a409d4d4b5aa846ddee5f933 | |
Cert Hash(sha256): 11632d2f5d05d071363a92b05e3acf41a31067382a5646f4ac62af9fd556a428 | |
Signature Hash: 077bf14300b65d81fab7e69195d796c895608d5e26790a498625c6d748c9a8c0 | |
Performing public key matching test... | |
Public key matching test succeeded | |
Key Container = Auth 2022-02-04 2025-02-04 | |
Simple container name: Auth 2022-02-04 2025-02-04 | |
Unique container name: Auth 2022-02-04 2025-02-04 | |
Provider = Microsoft Smart Card Key Storage Provider | |
ProviderType = 0 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 0 -- XCN_AT_NONE | |
Private key verifies | |
Microsoft Smart Card Key Storage Provider: KeySpec=0 | |
AES256+RSAES_OAEP(RSA:CNG) test passed | |
Performing cert chain verification... | |
Chain validates | |
Smart Card Logon: Chain validates | |
dwFlags = CA_VERIFY_FLAGS_NT_AUTH (0x10) | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
Application[0] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_NT_AUTH | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwRevocationFreshnessTime: 166 Days, 4 Hours, 32 Minutes, 8 Seconds | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwRevocationFreshnessTime: 166 Days, 4 Hours, 32 Minutes, 8 Seconds | |
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Issuing CA EE Auth 2021, SERIALNUMBER=ZZZZZZD2, O=Siemens, S=Bayern, C=DE | |
NotBefore: 04/02/2022 17:16 | |
NotAfter: 04/02/2025 17:16 | |
Subject: CN=Buschart Rufus, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A, E=rufus.buschart@siemens.com, O=Siemens, S=Bayern, C=DE | |
Serial: 434ce1e37846f52497c00c95e0e5d917 | |
SubjectAltName: Other Name:Principal Name=rufus.buschart@siemens.com, RFC822 Name=rufus.buschart@siemens.com | |
Cert: 7e591fee55444e23a409d4d4b5aa846ddee5f933 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZD2, O=Siemens, S=Bayern, C=DE | |
ThisUpdate: 13/11/2023 07:32 | |
NextUpdate: 19/11/2023 07:32 | |
CRL: afb659a006dd2d0981d5ce10d957a5c374c9fa46 | |
Issuance[0] = 1.3.6.1.4.1.4329.7.2.2.3.1.1 | |
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
Application[1] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[2] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Intermediate CA 2021, O=Siemens, C=DE | |
NotBefore: 31/05/2021 13:13 | |
NotAfter: 28/07/2025 13:18 | |
Subject: CN=Siemens Issuing CA EE Auth 2021, SERIALNUMBER=ZZZZZZD2, O=Siemens, S=Bayern, C=DE | |
Serial: 435b94f668f3112b56b1f226882ffd29 | |
Cert: 0a1fc331077933449ef400c2987bc28221b41af2 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZD0, O=Siemens, S=Bayern, C=DE | |
ThisUpdate: 06/09/2023 07:29 | |
NextUpdate: 05/12/2023 07:29 | |
CRL: df086115b7ce01d6a7f29623e64144124ac588fc | |
Issuance[0] = 1.3.6.1.4.1.4329.7 | |
Issuance[1] = 1.3.6.1.4.1.4329.7.2.2.3.1.1 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.1.2 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.3.2.1 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.2.3.2.2 | |
Issuance[5] = 1.3.6.1.4.1.4329.7.2.2.4.1.1 | |
Issuance[6] = 1.3.6.1.4.1.4329.7.2.2.4.1.2 | |
Issuance[7] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[8] = 1.3.6.1.4.1.4329.99 | |
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
Application[1] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[2] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 28/05/2021 13:18 | |
NotAfter: 05/06/2028 13:32 | |
Subject: CN=Siemens Intermediate CA 2021, O=Siemens, C=DE | |
Serial: 5119273643dfb6d51792779dbded5eb2 | |
Cert: a2fa475d7594b7155ddd3259215051719b965e07 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL 23: | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
ThisUpdate: 31/05/2023 10:17 | |
NextUpdate: 30/11/2023 10:17 | |
CRL: f2bd7fa69cadf5206742893c4907628e5fbcaa54 | |
Issuance[0] = 1.3.6.1.4.1.4329.7 | |
Issuance[1] = 1.3.6.1.4.1.4329.7.2.2.3.1.1 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.1.2 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.2.3.2.1 | |
Issuance[5] = 1.3.6.1.4.1.4329.7.2.2.3.2.2 | |
Issuance[6] = 1.3.6.1.4.1.4329.7.2.2.3.2.3 | |
Issuance[7] = 1.3.6.1.4.1.4329.7.2.2.4.1.1 | |
Issuance[8] = 1.3.6.1.4.1.4329.7.2.2.4.1.2 | |
Issuance[9] = 1.3.6.1.4.1.4329.7.2.2.4.1.3 | |
Issuance[10] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[11] = 1.3.6.1.4.1.4329.99 | |
Issuance[12] = 2.23.140.1.5.3.1 | |
Issuance[13] = 2.23.140.1.5.3.2 | |
Issuance[14] = 2.23.140.1.5.3.3 | |
Issuance[15] = 2.23.140.1.5.2.1 | |
Issuance[16] = 2.23.140.1.5.2.2 | |
Issuance[17] = 2.23.140.1.5.2.3 | |
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
Application[1] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[2] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[4] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[5] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
CertContext[0][3]: dwInfoStatus=10a dwErrorStatus=0 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 06/06/2016 14:30 | |
NotAfter: 06/06/2028 14:30 | |
Subject: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 762907e3 | |
Cert: a6ff9adaaa1925d18b1d4076c8d86b22d2557b19 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Exclude leaf cert: | |
Chain: 61624c7098de11fceea401d484e74d1b38784361 | |
Full chain: | |
Chain: 6ef4636bb44d4b5ba902537a6b41537217a4bd60 | |
Issuer: CN=Siemens Issuing CA EE Auth 2021, SERIALNUMBER=ZZZZZZD2, O=Siemens, S=Bayern, C=DE | |
NotBefore: 04/02/2022 17:16 | |
NotAfter: 04/02/2025 17:16 | |
Subject: CN=Buschart Rufus, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A, E=rufus.buschart@siemens.com, O=Siemens, S=Bayern, C=DE | |
Serial: 434ce1e37846f52497c00c95e0e5d917 | |
SubjectAltName: Other Name:Principal Name=rufus.buschart@siemens.com, RFC822 Name=rufus.buschart@siemens.com | |
Cert: 7e591fee55444e23a409d4d4b5aa846ddee5f933 | |
A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA) | |
------------------------------------ | |
Displayed cert for reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
================ Certificate 1 ================ | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Card: CardOS V5.3 | |
Provider = Microsoft Smart Card Key Storage Provider | |
Key Container = Encr 2022-02-04 2025-02-04 06 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 59d3799e9313e57be2874d7dc1653615 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=Siemens Issuing CA EE Enc 2021 | |
SERIALNUMBER=ZZZZZZD3 | |
O=Siemens | |
S=Bayern | |
C=DE | |
Name Hash(sha1): d251bf19bb92ff052b43a79e7f62eb151de333ad | |
Name Hash(md5): 4fc6a9759de2974c8ca59e3147e2e2a3 | |
NotBefore: 04/02/2022 17:16 | |
NotAfter: 04/02/2025 17:16 | |
Subject: | |
CN=Buschart Rufus | |
SN=Buschart | |
G=Rufus | |
SERIALNUMBER=Z002M76A | |
E=rufus.buschart@siemens.com | |
O=Siemens | |
S=Bayern | |
C=DE | |
Name Hash(sha1): 727d91b2b0c55a8177b7af69c24f641cb05267d5 | |
Name Hash(md5): a4de8aa19b9b898779ae89f53bbc21e3 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 8a e3 98 5a a0 5f 51 | |
0010 76 b4 0a 72 3a 2c c7 8c 89 17 ed b5 73 9a 9b e7 | |
0020 15 cc 22 ec f8 eb 67 a4 b0 50 c6 be bd c4 a9 dd | |
0030 d9 c8 78 49 b7 45 1e 00 13 7f 4f c6 bf 84 b1 56 | |
0040 a7 43 36 5e 66 ae 22 bc be a7 1a 1d 4a f6 cd 89 | |
0050 9b 4b b8 ed 92 00 d3 40 a0 6a 07 59 cd 11 ae b4 | |
0060 a9 3c 10 35 64 7b 15 96 3f 85 b1 8a 9f 6a c3 af | |
0070 07 8b b3 b7 9d 01 2e 95 b0 d8 f1 db 93 8c cf e1 | |
0080 29 36 4a 93 ec a8 7c 57 8c 06 c4 51 3d 95 3c 65 | |
0090 bd f7 27 28 22 31 3d 15 15 8c d4 a8 8a f4 0a dc | |
00a0 ee 46 26 0e 62 1c 75 78 7d 63 fd b7 83 ba 87 45 | |
00b0 fa 71 62 bc 48 85 74 63 d6 5c c5 2e 46 d0 c2 5c | |
00c0 ad 6e 57 65 33 6f a1 5c 7e ef 7a 9d b4 f3 c8 b1 | |
00d0 be d6 2a 03 00 5a 78 25 84 a9 42 5f fc a2 6d 81 | |
00e0 24 1d eb 86 68 9c 7c 1f ec 30 a2 eb ee 4b 1b b9 | |
00f0 02 7d 22 06 91 0f 0c f7 12 15 3d 53 71 72 1d 43 | |
0100 fc 15 9b a5 29 1f b5 2e 87 02 03 01 00 01 | |
Certificate Extensions: 9 | |
1.3.6.1.5.5.7.1.1: Flags = 0, Length = ea | |
Authority Information Access | |
[1]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=http://ah.siemens.com/pki?ZZZZZZD3.crt | |
[2]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.net/CN=ZZZZZZD3,L=PKI?cACertificate | |
[3]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.com/CN=ZZZZZZD3,o=Trustcenter?cACertificate | |
[4]Authority Info Access | |
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) | |
Alternative Name: | |
URL=http://ocsp.siemens.com | |
2.5.29.32: Flags = 0, Length = 3f | |
Certificate Policies | |
[1]Certificate Policy: | |
Policy Identifier=1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
[1,1]Policy Qualifier Info: | |
Policy Qualifier Id=CPS | |
Qualifier: | |
https://www.siemens.com/pki/ | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
2.5.29.37: Flags = 0, Length = 31 | |
Enhanced Key Usage | |
Secure Email (1.3.6.1.5.5.7.3.4) | |
Encrypting File System (1.3.6.1.4.1.311.10.3.4) | |
File Recovery (1.3.6.1.4.1.311.10.3.4.1) | |
BitLocker Drive Encryption (1.3.6.1.4.1.311.67.1.1) | |
2.5.29.17: Flags = 0, Length = 1e | |
Subject Alternative Name | |
RFC822 Name=rufus.buschart@siemens.com | |
2.5.29.31: Flags = 0, Length = c2 | |
CRL Distribution Points | |
[1]CRL Distribution Point | |
Distribution Point Name: | |
Full Name: | |
URL=http://ch.siemens.com/pki?ZZZZZZD3.crl | |
URL=ldap://cl.siemens.net/CN=ZZZZZZD3,L=PKI?certificateRevocationList | |
URL=ldap://cl.siemens.com/CN=ZZZZZZD3,o=Trustcenter?certificateRevocationList | |
2.5.29.35: Flags = 0, Length = 18 | |
Authority Key Identifier | |
KeyID=08dcfec8119cf53baec8df2b434547f6364cdaa5 | |
2.5.29.15: Flags = 1(Critical), Length = 4 | |
Key Usage | |
Key Encipherment, Data Encipherment (30) | |
2.5.29.14: Flags = 0, Length = 16 | |
Subject Key Identifier | |
254dd58ee98fb28d5a15122c27739aa56118673e | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 b6 20 f0 96 44 f4 bc 12 68 cd c6 b3 38 6a c6 6f | |
0010 74 6d 22 e7 50 54 5f fa c9 6c e9 d1 c9 4b e9 98 | |
0020 fe 4c b2 09 75 33 fe 24 72 a5 a3 23 2b e6 34 a6 | |
0030 4e ef 77 1c 61 b1 16 36 00 99 02 2a 10 7f b3 9b | |
0040 2e 69 3b 00 c4 75 86 d9 19 39 c6 af dd 8e d1 ac | |
0050 ae e9 66 b4 ff e0 4c ac f9 d0 86 2c f4 c5 1e a1 | |
0060 1b de b7 40 63 dc 63 87 26 a4 b0 3b 88 9e cb dc | |
0070 45 23 6b 06 78 05 22 7e 85 3b b6 e9 05 54 02 b8 | |
0080 85 f6 0e 16 f8 ec b8 7c be ce 72 fd 50 24 58 73 | |
0090 cd 18 18 16 92 c5 70 43 2a 46 aa e9 08 32 4f 92 | |
00a0 db 3f e4 54 e8 d0 e7 b3 75 a3 9f 2b 68 a5 a0 3a | |
00b0 84 3d 71 5e e5 eb af 0e 92 45 b2 de 1f fe e6 9d | |
00c0 eb 98 fc 51 4a df 1e d9 31 12 1e 59 67 33 dd 24 | |
00d0 a9 a4 b7 b0 45 86 56 58 6d f6 ff 74 61 8d 5d ac | |
00e0 32 df 17 58 31 46 f9 8d b5 3a 95 e5 ec b3 95 fc | |
00f0 24 c0 3d 41 ef 83 0b 1a 97 a7 ba 36 8f 63 65 91 | |
0100 54 7a b8 45 4b f4 6c 89 05 d4 ca d2 e9 68 22 9e | |
0110 aa de bb 21 0e 64 f1 a8 c3 e0 c3 ad 6d 37 06 1b | |
0120 81 d3 ec 04 0a a0 bb 79 d2 9a 53 c8 c5 a1 60 4b | |
0130 f1 8a 88 48 68 9d c6 e4 cd 8c f0 84 70 f6 82 b9 | |
0140 18 f2 10 34 b5 8d 59 20 0f d2 41 e2 32 03 8a 94 | |
0150 37 ed cc 76 9c c3 3c c4 47 89 04 84 28 fd 4b b1 | |
0160 98 73 c6 09 33 10 0d c8 f6 13 99 73 ef 90 12 72 | |
0170 06 a0 c1 c4 63 58 b8 8a aa cc 56 c0 f6 8f 0a f6 | |
0180 b2 4a 42 89 d6 bb 40 d0 62 65 53 28 fa 47 6b e4 | |
0190 5e 04 58 36 54 8c 38 59 1c e5 ee 36 61 40 65 da | |
01a0 22 de f6 29 61 cc 65 61 4a a4 4f 4f 5e ff ac 97 | |
01b0 50 b2 f5 02 b1 fd 0e 19 79 87 92 fc b0 ee 4b 2d | |
01c0 a0 4d 3e 4c eb 49 fb 3a c1 c4 60 b9 53 78 c3 8d | |
01d0 38 f1 ab 9f e3 07 c8 0b ab 8b ff 69 fc d0 94 70 | |
01e0 10 25 53 bd 06 ab 00 9a f2 30 d5 82 93 26 4b 2c | |
01f0 b2 22 7a f1 b6 44 07 79 5b 0e c7 4c 9e 2a 0a 3b | |
Non-root Certificate | |
Key Id Hash(rfc-sha1): 254dd58ee98fb28d5a15122c27739aa56118673e | |
Key Id Hash(sha1): 713e8a395e1cb9eeaec8eb52a6815756dace9b4d | |
Key Id Hash(bcrypt-sha1): a0eede5b688078daf07fb5fa41a96dec9b5197fc | |
Key Id Hash(bcrypt-sha256): 4e9de7f67cbc533a1d7caaed75182d195c6fc64ae45834040496a8de21af60d5 | |
Key Id Hash(md5): b2a9518998a21d5cb052217f6449c462 | |
Key Id Hash(sha256): 760f206fe0c6283d9dc2699d448ae6c27d84b2875aba06cb6422bf86d59c1510 | |
Key Id Hash(pin-sha256): JAiBPnq9RjbhNjisqwV5/gMcI9iIW/vzNa4weFymVK0= | |
Key Id Hash(pin-sha256-hex): 2408813e7abd4636e13638acab0579fe031c23d8885bfbf335ae30785ca654ad | |
Cert Hash(md5): aa2a6c33006247a626608c83afb2a36f | |
Cert Hash(sha1): dac5b02ba5c26f07e85b56be1fcf336ba96bb0d3 | |
Cert Hash(sha256): 97d2fa6e92784ec995cce23f41a7767afba99129fc7c54714affd8458cd5a2ea | |
Signature Hash: a3bcca08a10cf1e7d1b245d205a02aea60ccac90bcbcf15bb20f8b6bc2737809 | |
Performing public key matching test... | |
Public key matching test succeeded | |
Key Container = Encr 2022-02-04 2025-02-04 06 | |
Simple container name: Encr 2022-02-04 2025-02-04 06 | |
Unique container name: Encr 2022-02-04 2025-02-04 06 | |
Provider = Microsoft Smart Card Key Storage Provider | |
ProviderType = 0 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 0 -- XCN_AT_NONE | |
Private key verifies | |
Microsoft Smart Card Key Storage Provider: KeySpec=0 | |
AES256+RSAES_OAEP(RSA:CNG) test passed | |
Performing cert chain verification... | |
Chain validates | |
Smart Card Logon: Chain on smart card is invalid | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_BASE | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwRevocationFreshnessTime: 166 Days, 4 Hours, 32 Minutes, 9 Seconds | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwRevocationFreshnessTime: 166 Days, 4 Hours, 32 Minutes, 9 Seconds | |
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Issuing CA EE Enc 2021, SERIALNUMBER=ZZZZZZD3, O=Siemens, S=Bayern, C=DE | |
NotBefore: 04/02/2022 17:16 | |
NotAfter: 04/02/2025 17:16 | |
Subject: CN=Buschart Rufus, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A, E=rufus.buschart@siemens.com, O=Siemens, S=Bayern, C=DE | |
Serial: 59d3799e9313e57be2874d7dc1653615 | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: dac5b02ba5c26f07e85b56be1fcf336ba96bb0d3 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZD3, O=Siemens, S=Bayern, C=DE | |
ThisUpdate: 13/11/2023 07:33 | |
NextUpdate: 19/11/2023 07:33 | |
CRL: 92994b66be8096fe929c47a8cb1f06f891de1dc7 | |
Issuance[0] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Intermediate CA 2021, O=Siemens, C=DE | |
NotBefore: 31/05/2021 13:24 | |
NotAfter: 28/07/2025 13:18 | |
Subject: CN=Siemens Issuing CA EE Enc 2021, SERIALNUMBER=ZZZZZZD3, O=Siemens, S=Bayern, C=DE | |
Serial: 50094f56b2286daace7c6aed623f9968 | |
Cert: f876cb6e92dc1331bcd21502ed7684aeceffb634 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZD0, O=Siemens, S=Bayern, C=DE | |
ThisUpdate: 06/09/2023 07:29 | |
NextUpdate: 05/12/2023 07:29 | |
CRL: b986c5285d4fdc38db30960fbf244a22c33ecd5a | |
Issuance[0] = 1.3.6.1.4.1.4329.7 | |
Issuance[1] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.2.3 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.4.1.3 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[5] = 1.3.6.1.4.1.4329.99 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 28/05/2021 13:18 | |
NotAfter: 05/06/2028 13:32 | |
Subject: CN=Siemens Intermediate CA 2021, O=Siemens, C=DE | |
Serial: 5119273643dfb6d51792779dbded5eb2 | |
Cert: a2fa475d7594b7155ddd3259215051719b965e07 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL 23: | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
ThisUpdate: 31/05/2023 10:17 | |
NextUpdate: 30/11/2023 10:17 | |
CRL: f2bd7fa69cadf5206742893c4907628e5fbcaa54 | |
Issuance[0] = 1.3.6.1.4.1.4329.7 | |
Issuance[1] = 1.3.6.1.4.1.4329.7.2.2.3.1.1 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.1.2 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.2.3.2.1 | |
Issuance[5] = 1.3.6.1.4.1.4329.7.2.2.3.2.2 | |
Issuance[6] = 1.3.6.1.4.1.4329.7.2.2.3.2.3 | |
Issuance[7] = 1.3.6.1.4.1.4329.7.2.2.4.1.1 | |
Issuance[8] = 1.3.6.1.4.1.4329.7.2.2.4.1.2 | |
Issuance[9] = 1.3.6.1.4.1.4329.7.2.2.4.1.3 | |
Issuance[10] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[11] = 1.3.6.1.4.1.4329.99 | |
Issuance[12] = 2.23.140.1.5.3.1 | |
Issuance[13] = 2.23.140.1.5.3.2 | |
Issuance[14] = 2.23.140.1.5.3.3 | |
Issuance[15] = 2.23.140.1.5.2.1 | |
Issuance[16] = 2.23.140.1.5.2.2 | |
Issuance[17] = 2.23.140.1.5.2.3 | |
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
Application[1] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[2] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[4] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[5] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
CertContext[0][3]: dwInfoStatus=10a dwErrorStatus=0 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 06/06/2016 14:30 | |
NotAfter: 06/06/2028 14:30 | |
Subject: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 762907e3 | |
Cert: a6ff9adaaa1925d18b1d4076c8d86b22d2557b19 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Exclude leaf cert: | |
Chain: 9c0e626dbab9db4a3d585b4b3f50a94edfc2347d | |
Full chain: | |
Chain: f76f4e1fcdcfad239760524888a698e9e33ee595 | |
------------------------------------ | |
Verified Issuance Policies: | |
1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Verified Application Policies: | |
1.3.6.1.5.5.7.3.4 Secure Email | |
1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
Displayed cert for reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
================ Certificate 2 ================ | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Card: CardOS V5.3 | |
Provider = Microsoft Smart Card Key Storage Provider | |
Key Container = Encr 2018-12-18 2021-12-18 07 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 30ae49e6 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=Siemens Issuing CA EE Enc 2016 | |
OU=Siemens Trust Center | |
SERIALNUMBER=ZZZZZZA3 | |
O=Siemens | |
L=Muenchen | |
S=Bayern | |
C=DE | |
Name Hash(sha1): 2501679e709f6cd270ae4b18214b01eb549853db | |
Name Hash(md5): 5005bc182a93547d8736670530caf830 | |
NotBefore: 18/12/2018 10:10 | |
NotAfter: 18/12/2021 10:10 | |
Subject: | |
CN=Buschart Rufus | |
O=Siemens | |
SN=Buschart | |
G=Rufus | |
SERIALNUMBER=Z002M76A | |
Name Hash(sha1): 4dff57ecd21818024ece1799dd434865dca43675 | |
Name Hash(md5): d5fa4126b8c3df1dd0a013f51a6c9f43 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 b6 90 03 d3 60 6b 5f | |
0010 8e ca f5 da f2 c7 ff 97 cb ee 17 42 26 9b 9a 46 | |
0020 16 b1 aa 2f 31 46 87 83 d6 c9 e2 ca 05 69 47 da | |
0030 9e 14 90 c0 99 c5 16 97 fe c8 a5 40 08 34 27 f6 | |
0040 28 1d a6 be f3 52 d5 c6 7d 27 ba 4c 2b 3a d5 2e | |
0050 dc 24 b5 50 f7 48 ae 3d 01 b7 71 60 43 40 22 39 | |
0060 50 37 27 00 e1 25 c7 09 92 87 e3 2e e9 1e 09 77 | |
0070 94 bb 86 71 ad 84 c0 c6 e9 d1 b7 14 f2 9b cf 5c | |
0080 cc aa 40 d3 a7 1a 8a 97 5f 5b d3 68 6d 38 12 08 | |
0090 ee c0 c5 db c8 6d 3d 2e 2a 13 87 08 9a 37 9c 96 | |
00a0 7c 1c cb 1a 99 e8 58 0f e9 72 cb 00 9f 02 27 4c | |
00b0 a0 6a fd 01 39 30 62 ed 94 a8 ee 23 f4 03 83 40 | |
00c0 1d 69 4f f3 29 e1 6d 59 88 c5 0c 29 a6 e9 c6 e3 | |
00d0 ca c4 64 c3 d5 2b 76 16 f2 73 12 02 75 9c dc 2b | |
00e0 5a 92 de 75 7b 9f f5 33 71 05 b6 1d 91 21 68 37 | |
00f0 ce fa 3d 8f 78 98 bd 62 1b 57 9a d5 6b cd 65 c7 | |
0100 c1 2e 2a fb 38 ae 4a 13 c1 02 03 01 00 01 | |
Certificate Extensions: 9 | |
1.3.6.1.5.5.7.1.1: Flags = 0, Length = f7 | |
Authority Information Access | |
[1]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=http://ah.siemens.com/pki?ZZZZZZA3.crt | |
[2]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.net/CN=ZZZZZZA3,L=PKI?cACertificate | |
[3]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.com/CN=ZZZZZZA3,o=Trustcenter?cACertificate | |
[4]Authority Info Access | |
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) | |
Alternative Name: | |
URL=http://ocsp.pki-services.siemens.com | |
2.5.29.35: Flags = 0, Length = 18 | |
Authority Key Identifier | |
KeyID=a1ab2c6ea07af0d3c24dea1ff11e218afc0cadef | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
2.5.29.32: Flags = 0, Length = 3e | |
Certificate Policies | |
[1]Certificate Policy: | |
Policy Identifier=1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
[1,1]Policy Qualifier Info: | |
Policy Qualifier Id=CPS | |
Qualifier: | |
http://www.siemens.com/pki/ | |
2.5.29.31: Flags = 0, Length = c2 | |
CRL Distribution Points | |
[1]CRL Distribution Point | |
Distribution Point Name: | |
Full Name: | |
URL=http://ch.siemens.com/pki?ZZZZZZA3.crl | |
URL=ldap://cl.siemens.net/CN=ZZZZZZA3,L=PKI?certificateRevocationList | |
URL=ldap://cl.siemens.com/CN=ZZZZZZA3,o=Trustcenter?certificateRevocationList | |
2.5.29.37: Flags = 0, Length = 25 | |
Enhanced Key Usage | |
Secure Email (1.3.6.1.5.5.7.3.4) | |
Encrypting File System (1.3.6.1.4.1.311.10.3.4) | |
File Recovery (1.3.6.1.4.1.311.10.3.4.1) | |
2.5.29.15: Flags = 1(Critical), Length = 4 | |
Key Usage | |
Key Encipherment, Data Encipherment (30) | |
2.5.29.17: Flags = 0, Length = 1e | |
Subject Alternative Name | |
RFC822 Name=rufus.buschart@siemens.com | |
2.5.29.14: Flags = 0, Length = 16 | |
Subject Key Identifier | |
b7c4c5ea85c22a695595db058d1fac8c959d1644 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 01 03 e9 9b 84 75 ec 75 0f 03 fe 95 68 e9 d4 e1 | |
0010 a8 eb 22 e0 9f df 39 80 4b 55 05 fe e2 c2 b3 ff | |
0020 f1 e5 de e9 83 22 0d c3 52 b9 b7 34 f8 47 55 ee | |
0030 d3 d2 ff 5e 17 d0 18 3d 8b 17 57 52 33 74 a6 db | |
0040 1f d8 cd 65 6e 13 8b 8d cc 6d 72 a5 a3 c7 c7 ae | |
0050 c2 aa e3 24 e4 bb d1 c7 37 29 5d f1 c6 fa 20 97 | |
0060 50 14 bd 97 b4 4b 3d 85 e5 fb 9f 5f d5 4b 58 2b | |
0070 2b 25 fe ee dc 79 62 9e e0 ec 8d c4 16 3f 0c df | |
0080 26 68 22 b6 07 bf a7 3d 29 15 35 15 39 9f 17 9f | |
0090 25 3b 60 aa d3 f3 70 1b 8b f8 d2 cf d5 4f ac 00 | |
00a0 aa 18 16 30 ce 13 97 e6 3c 1c 51 1f 02 fa 0d 9b | |
00b0 bf be 27 91 10 87 13 90 18 0d 77 69 6f 4c 8a ce | |
00c0 b1 50 f4 24 84 a7 53 01 d2 5f eb 2d 7f 10 8f cc | |
00d0 b8 7e 1e 8a e0 be b2 03 85 e2 08 56 f8 c6 39 87 | |
00e0 88 77 1f 3d ea 07 67 86 80 b8 ca 5e 45 a5 b5 dd | |
00f0 51 8a 39 4e 7e 83 9b 64 b3 e7 5a 68 9e 5e 6f 05 | |
0100 14 dc fb b0 3b 89 a1 e5 a8 d4 b5 7e fb d3 13 4b | |
0110 8e 1d 6e 49 71 00 36 95 76 9e 66 97 40 90 03 59 | |
0120 cc 92 12 88 96 d5 82 4a b4 ad 1a 61 93 e4 e9 c4 | |
0130 3e 13 1e 85 77 78 a9 cb af 06 57 ce e5 9e 10 0f | |
0140 14 0f 87 ce 9b aa fd 20 db ce bd 15 e4 d5 93 e5 | |
0150 49 7d 92 ca df 4b 85 e1 b8 5c 5a 64 29 a4 39 5a | |
0160 85 d4 24 6c bb 44 83 73 c6 b0 6e 85 c4 e5 5e 76 | |
0170 2f e7 af dc a5 82 1c b3 0f a3 ec 71 ed 7d e5 7b | |
0180 0d 4b f5 37 5b ea 87 bb 3f 9a d8 ff 8f ca 98 3a | |
0190 3f 80 ad 06 b8 4c b1 7c 87 cf 9f c0 d7 a5 e4 69 | |
01a0 65 75 37 f4 e2 b0 75 ec 03 05 98 a3 a3 a3 c0 7b | |
01b0 4d c1 c7 16 b5 2f 3c 73 51 ca e5 f8 b0 a1 ed ea | |
01c0 fe 0d db e9 01 70 b8 f3 bb 50 2b 7d f5 05 16 61 | |
01d0 47 be 8d be e8 a2 a5 4e 89 ae eb c2 71 bb 99 0a | |
01e0 cc f3 92 35 b7 2f 5b 05 8e b3 f7 ac e3 a5 eb ae | |
01f0 e6 3e d1 59 5c 26 ca 6a 9a 15 31 d0 26 31 f1 59 | |
Non-root Certificate | |
Key Id Hash(rfc-sha1): b7c4c5ea85c22a695595db058d1fac8c959d1644 | |
Key Id Hash(sha1): 5ed5ccc9b0b2ef8160efe624ce3436d952941dce | |
Key Id Hash(bcrypt-sha1): 15b81dfdcf2911c471deff02c23fbf9b87e03216 | |
Key Id Hash(bcrypt-sha256): 024e1eb6212606f73fdb076b48f32f84ec257bbea9b08314752efffb62eefbde | |
Key Id Hash(md5): a10ce0ac7485193961d4c23e0a6cdcf1 | |
Key Id Hash(sha256): f7cf7dfd26de6d416ea2603d127ed306b1dde6b5cedfba2d25c6d1370dae4de7 | |
Key Id Hash(pin-sha256): 6sAb2FyjRDt5lMYYDOqzi6/tJX4dJUxuC0f9dlstFnE= | |
Key Id Hash(pin-sha256-hex): eac01bd85ca3443b7994c6180ceab38bafed257e1d254c6e0b47fd765b2d1671 | |
Cert Hash(md5): 844ece950cd20497750745a941ce3b15 | |
Cert Hash(sha1): 0612fb97d0ffd0f95aae6533720296cb1c44c5b0 | |
Cert Hash(sha256): 68147986f91c21c092fbbb8e37f268e15fe90862ad20a9f2d8265abe5ea6723a | |
Signature Hash: 6420da167afa9a368f405d7d173133db362269a2ceb500c94026b1b62f0b2363 | |
Performing public key matching test... | |
Public key matching test succeeded | |
Key Container = Encr 2018-12-18 2021-12-18 07 | |
Simple container name: Encr 2018-12-18 2021-12-18 07 | |
Unique container name: Encr 2018-12-18 2021-12-18 07 | |
Provider = Microsoft Smart Card Key Storage Provider | |
ProviderType = 0 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 0 -- XCN_AT_NONE | |
Private key verifies | |
Microsoft Smart Card Key Storage Provider: KeySpec=0 | |
AES256+RSAES_OAEP(RSA:CNG) test passed | |
Performing cert chain verification... | |
CertGetCertificateChain(dwErrorStatus) = 0x5 | |
Chain on smart card is invalid | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_BASE | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
ChainContext.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
ChainContext.dwRevocationFreshnessTime: 937 Days, 2 Hours, 58 Minutes, 52 Seconds | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
SimpleChain.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
SimpleChain.dwRevocationFreshnessTime: 937 Days, 2 Hours, 58 Minutes, 52 Seconds | |
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=5 | |
Issuer: CN=Siemens Issuing CA EE Enc 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 18/12/2018 10:10 | |
NotAfter: 18/12/2021 10:10 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 30ae49e6 | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: 0612fb97d0ffd0f95aae6533720296cb1c44c5b0 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
Element.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
CRL 0c1d: | |
Issuer: CN=Siemens Issuing CA EE Enc 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
ThisUpdate: 20/04/2021 11:50 | |
NextUpdate: 19/07/2022 11:50 | |
CRL: d7bb7e768759a3108486515cba73c6bde271e29b | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=1 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 20/07/2016 14:24 | |
NotAfter: 20/07/2022 14:24 | |
Subject: CN=Siemens Issuing CA EE Enc 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 4aba7bc8 | |
Cert: 0a9b014fa2e69ab97f6b54b8c07c07b66fa2aa64 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
CRL 23: | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
ThisUpdate: 31/05/2023 10:17 | |
NextUpdate: 30/11/2023 10:17 | |
CRL: f2bd7fa69cadf5206742893c4907628e5fbcaa54 | |
Issuance[0] = 1.3.6.1.4.1.4329.7 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.5.5.7.3.9 OCSP Signing | |
CertContext[0][2]: dwInfoStatus=10a dwErrorStatus=0 | |
Issuer: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 06/06/2016 14:30 | |
NotAfter: 06/06/2028 14:30 | |
Subject: CN=Siemens Root CA V3.0 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA1, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 762907e3 | |
Cert: a6ff9adaaa1925d18b1d4076c8d86b22d2557b19 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Exclude leaf cert: | |
Chain: 959c93ce73eb021a8a31887ad21106552dd51799 | |
Full chain: | |
Chain: 18bcaa0386b1b15c615706f57642a8e116183bdf | |
Issuer: CN=Siemens Issuing CA EE Enc 2016, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZA3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 18/12/2018 10:10 | |
NotAfter: 18/12/2021 10:10 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 30ae49e6 | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: 0612fb97d0ffd0f95aae6533720296cb1c44c5b0 | |
The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED) | |
------------------------------------ | |
Certificate is REVOKED | |
Displayed cert for reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
================ Certificate 3 ================ | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Card: CardOS V5.3 | |
Provider = Microsoft Smart Card Key Storage Provider | |
Key Container = Encr 2020-10-01 2023-10-01 08 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 4926847824c7a5932a27122feb70cadd | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=Siemens Issuing CA EE Enc 2020 | |
OU=Siemens Trust Center | |
SERIALNUMBER=ZZZZZZB3 | |
O=Siemens | |
L=Muenchen | |
S=Bayern | |
C=DE | |
Name Hash(sha1): 26edccc791df38a6dd2c6b7ccfd8d5748a350582 | |
Name Hash(md5): c18ae53abdce5d16f28bdc577f0d9e7b | |
NotBefore: 01/10/2020 16:00 | |
NotAfter: 01/10/2023 16:00 | |
Subject: | |
CN=Buschart Rufus | |
O=Siemens | |
SN=Buschart | |
G=Rufus | |
SERIALNUMBER=Z002M76A | |
Name Hash(sha1): c45dd50cb26e622f579d1a94a819002657199ac3 | |
Name Hash(md5): ca22eedd9c77b8e5d8d836fb33d07af2 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 90 34 c2 43 f3 86 40 | |
0010 a6 35 3e b8 cd b2 f8 4b 0c ad e6 e8 18 c9 10 c3 | |
0020 b7 df 25 d3 5c 04 4a 8b a4 9e 4f d7 a3 df 9e f3 | |
0030 2e e4 43 de 79 e1 c1 db 4e 8f 7a f2 58 e8 b9 27 | |
0040 d3 91 d3 c9 c8 38 44 e7 79 a6 50 32 7b 16 eb 55 | |
0050 a7 f7 63 22 6d 97 f2 46 18 c2 b4 73 1c 81 3a 28 | |
0060 1d c0 c9 fd 7e 04 3a f0 c0 03 a5 72 48 56 45 d2 | |
0070 b7 d4 ef b4 d0 74 12 9d eb 64 97 13 43 82 2e 6f | |
0080 8e 0a 6f 18 3a 08 d5 47 5e e6 b9 a5 14 2a 26 a2 | |
0090 97 81 34 be 35 a7 96 34 3a 4a 7f 6c 31 94 ba ae | |
00a0 30 d8 d9 18 1b ec 56 40 a3 a9 2e e9 4b cc 32 d9 | |
00b0 d0 c2 47 0a 32 fa 02 29 2a e7 36 cc 69 07 b2 6a | |
00c0 dd b9 f4 ff 0d 82 dc 30 3c 10 2a 6c 13 d1 4b a3 | |
00d0 f7 e4 0a c9 96 9a 3c 71 bb bb 9f cf 59 f4 16 5c | |
00e0 87 48 08 63 6b ea 05 eb 14 6f c7 8e b4 7e 67 14 | |
00f0 e6 5e 8b 87 bd b8 db bc 95 87 66 a6 c6 9d d0 10 | |
0100 bc 4f f9 b6 66 ca 53 4e f3 02 03 01 00 01 | |
Certificate Extensions: 9 | |
2.5.29.37: Flags = 0, Length = 31 | |
Enhanced Key Usage | |
Secure Email (1.3.6.1.5.5.7.3.4) | |
Encrypting File System (1.3.6.1.4.1.311.10.3.4) | |
File Recovery (1.3.6.1.4.1.311.10.3.4.1) | |
BitLocker Drive Encryption (1.3.6.1.4.1.311.67.1.1) | |
2.5.29.35: Flags = 0, Length = 18 | |
Authority Key Identifier | |
KeyID=b6f991e3859f0c3cb68972539e41348d702af9bd | |
1.3.6.1.5.5.7.1.1: Flags = 0, Length = ea | |
Authority Information Access | |
[1]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=http://ah.siemens.com/pki?ZZZZZZB3.crt | |
[2]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.net/CN=ZZZZZZB3,L=PKI?cACertificate | |
[3]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.com/CN=ZZZZZZB3,o=Trustcenter?cACertificate | |
[4]Authority Info Access | |
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) | |
Alternative Name: | |
URL=http://ocsp.siemens.com | |
2.5.29.32: Flags = 0, Length = 3f | |
Certificate Policies | |
[1]Certificate Policy: | |
Policy Identifier=1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
[1,1]Policy Qualifier Info: | |
Policy Qualifier Id=CPS | |
Qualifier: | |
https://www.siemens.com/pki/ | |
2.5.29.31: Flags = 0, Length = c2 | |
CRL Distribution Points | |
[1]CRL Distribution Point | |
Distribution Point Name: | |
Full Name: | |
URL=http://ch.siemens.com/pki?ZZZZZZB3.crl | |
URL=ldap://cl.siemens.net/CN=ZZZZZZB3,L=PKI?certificateRevocationList | |
URL=ldap://cl.siemens.com/CN=ZZZZZZB3,o=Trustcenter?certificateRevocationList | |
2.5.29.14: Flags = 0, Length = 16 | |
Subject Key Identifier | |
ad2d72d62986d19b3ca351b88ceb120eec56affc | |
2.5.29.15: Flags = 1(Critical), Length = 4 | |
Key Usage | |
Key Encipherment, Data Encipherment (30) | |
2.5.29.17: Flags = 0, Length = 1e | |
Subject Alternative Name | |
RFC822 Name=rufus.buschart@siemens.com | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 5f 1e c3 db 2c 31 2a 9a af 21 36 4a 62 3f 5f 81 | |
0010 4a 1e 39 42 21 b4 90 87 c7 51 74 cc 36 50 b7 04 | |
0020 f6 bf c9 1e 2f 20 cf 72 31 14 ef 9c 03 5b 58 a6 | |
0030 f6 82 3a 35 80 7c e7 62 af 80 bc ba 8d 78 6c b6 | |
0040 a0 5a 80 d7 10 62 e9 8c a3 cd a5 c9 e0 52 82 64 | |
0050 87 2d b4 7c b3 0f d7 96 0f 6d 39 c7 0f 44 1a 30 | |
0060 20 0d 30 b4 79 64 8e c0 a7 ac a2 10 9b e6 a9 05 | |
0070 c5 0f 0f 96 67 77 f1 4a 5f 26 58 b4 88 85 6d e5 | |
0080 84 79 73 60 4c bc 1a 8f 38 e7 7e c3 44 40 70 f6 | |
0090 eb dd 24 85 d8 6d 51 37 f3 4f 0e f9 51 cf 36 06 | |
00a0 a7 24 5c 4c f6 29 31 9d 22 18 52 07 dd 35 a6 a1 | |
00b0 0d 95 6a 78 4e 0a c9 07 46 50 e5 bb fa 48 bc 78 | |
00c0 fc 69 d2 f3 da 20 97 3c a0 40 a2 92 20 1c e8 22 | |
00d0 ac 76 44 42 d9 77 ed 2b 10 c7 e3 13 da a8 b2 b6 | |
00e0 6c ea 8e 4e 8e 46 9c 09 8e f4 e9 15 9d b7 02 ce | |
00f0 69 cc 79 39 f7 d4 fb f7 6e 09 c9 7b 93 9c ec 36 | |
0100 d9 de 87 93 10 eb 8b 40 72 ff 07 a3 82 ff c0 d0 | |
0110 7a 35 00 5f 64 f4 6a f5 ca 53 d1 f6 f0 57 00 1b | |
0120 bd 0b 75 cd 9c 33 9c 9d 97 9e 7b f5 a2 ec e5 44 | |
0130 f9 ed 15 ba 48 08 ae 32 2b ef f0 b2 f9 b2 59 ae | |
0140 2f fe fe de 78 72 3d 37 5c 01 7b 53 6d 55 62 43 | |
0150 3f 98 4a be 53 84 2d bd db 36 0b 95 ca b5 47 47 | |
0160 86 fa 97 78 04 da c3 83 3b b5 55 48 b9 a6 f3 2d | |
0170 55 02 a0 dc a2 ba 62 8f 23 a6 67 c3 75 21 4b 37 | |
0180 6d a6 3a e7 ec a9 73 0e 33 f0 26 f0 40 e6 a2 1a | |
0190 b1 40 3f f6 75 98 0d ab 1c fd 16 38 7a 77 fd 5d | |
01a0 8f 80 e1 82 9b 4f c1 45 74 62 0e 5d d3 cb 12 b4 | |
01b0 5d c8 ed 32 90 22 d4 fd d8 2d 0c 4d 95 ef 8c 38 | |
01c0 ab 06 3e ea 87 86 07 46 62 88 e5 95 7b b0 ab d0 | |
01d0 21 2b 02 c2 c3 b5 17 b6 91 11 b8 50 d1 b5 38 69 | |
01e0 91 8c 70 2c a2 eb c1 48 14 44 09 f2 4a ad 76 46 | |
01f0 d9 a9 78 76 67 d3 bd 50 9f 0e e1 2f 0d 95 c7 26 | |
Non-root Certificate | |
Key Id Hash(rfc-sha1): ad2d72d62986d19b3ca351b88ceb120eec56affc | |
Key Id Hash(sha1): 292fafb82084c3802f5459c9e4975c92099a6a04 | |
Key Id Hash(bcrypt-sha1): de1caa3baa7b8dd478fc92c98d11f93e83bb5d12 | |
Key Id Hash(bcrypt-sha256): 530c93e3d01fc6795c6e50ecd4639e88d02e887262e3d59e73fa97f8b3455728 | |
Key Id Hash(md5): fd528e16080616bbbd3f9d5e153e9536 | |
Key Id Hash(sha256): 9560f3adad3ccb7198b7c4f98a8332d063c87f274cb47e11a4b3dfbec577fcdb | |
Key Id Hash(pin-sha256): ABcYQyxZISLGN6wsPmp1DEumJSOxOwLiriztyve/bzg= | |
Key Id Hash(pin-sha256-hex): 001718432c592122c637ac2c3e6a750c4ba62523b13b02e2ae2cedcaf7bf6f38 | |
Cert Hash(md5): da7ccbf880c14556bcbee1871d7a18c1 | |
Cert Hash(sha1): eee7d167071fd7804f664c6db3cae5ead47ff586 | |
Cert Hash(sha256): ac76484dd10b3378de9ea923748a1e4a0c9a5dd9483aa616d5bd251b8ec2aed0 | |
Signature Hash: 2038885d787207b8952d16a5900fdf551258e123699049ed499b3f251b0c24fd | |
Performing public key matching test... | |
Public key matching test succeeded | |
Key Container = Encr 2020-10-01 2023-10-01 08 | |
Simple container name: Encr 2020-10-01 2023-10-01 08 | |
Unique container name: Encr 2020-10-01 2023-10-01 08 | |
Provider = Microsoft Smart Card Key Storage Provider | |
ProviderType = 0 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 0 -- XCN_AT_NONE | |
Private key verifies | |
Microsoft Smart Card Key Storage Provider: KeySpec=0 | |
AES256+RSAES_OAEP(RSA:CNG) test passed | |
Performing cert chain verification... | |
CertGetCertificateChain(dwErrorStatus) = 0x1 | |
Chain on smart card is invalid | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_BASE | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
ChainContext.dwRevocationFreshnessTime: 4 Days, 1 Hours, 7 Minutes, 10 Seconds | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
SimpleChain.dwRevocationFreshnessTime: 4 Days, 1 Hours, 7 Minutes, 10 Seconds | |
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1 | |
Issuer: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 01/10/2020 16:00 | |
NotAfter: 01/10/2023 16:00 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 4926847824c7a5932a27122feb70cadd | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: eee7d167071fd7804f664c6db3cae5ead47ff586 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZB3, O=Siemens, C=DE | |
ThisUpdate: 09/11/2023 13:42 | |
NextUpdate: 15/11/2023 13:42 | |
CRL: fdf3376740476c6e554f8267802e8ed71efb07ab | |
Issuance[0] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
CertContext[0][1]: dwInfoStatus=502 dwErrorStatus=0 | |
Issuer: CN=QuoVadis Enterprise Trust CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 29/06/2020 15:35 | |
NotAfter: 29/06/2026 15:35 | |
Subject: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 47bdd59cd76ec23740fd38ddefdc18861b4fdf1d | |
Cert: 9419871ef5ab173ce9c62ed9351d6065e9f1ed66 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
CRL (null): | |
Issuer: CN=QuoVadis OCSP Authority Signature, O=QuoVadis Limited, C=BM | |
ThisUpdate: 13/11/2023 14:35 | |
NextUpdate: 15/11/2023 14:35 | |
CRL: f1b608ab001d5fba07850dcad4466d28d3134da7 | |
Issuance[0] = 1.3.6.1.4.1.8024.0.3.1800.0 | |
Issuance[1] = 1.3.6.1.4.1.4329.7 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.2.3 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.2.4.1.3 | |
Issuance[5] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[6] = 1.3.6.1.4.1.4329.99 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 06/06/2016 15:43 | |
NotAfter: 06/06/2031 15:43 | |
Subject: CN=QuoVadis Enterprise Trust CA 3 G3, O=QuoVadis Limited, C=BM | |
Serial: 0c2163a44924ffb7fcdb675acdcaee7208cca95a | |
Cert: 7e649cce9bf28f62f03b3e0edd4983fe167f9888 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=QuoVadis OCSP Authority Signature, O=QuoVadis Limited, C=BM | |
ThisUpdate: 13/11/2023 14:16 | |
NextUpdate: 15/11/2023 14:16 | |
CRL: ddb134063fc1aa6e532a50b9726bbcde8c352ed7 | |
CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0 | |
Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 12/01/2012 21:26 | |
NotAfter: 12/01/2042 21:26 | |
Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
Serial: 2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d | |
Cert: 4812bd923ca8c43906e7306d2796e6a4cf222e7d | |
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Exclude leaf cert: | |
Chain: 1de2dfc21b201e085496cc6a5940991483157c66 | |
Full chain: | |
Chain: bba85def2e6c858bd3abe512655b962fe8be3f0f | |
Issuer: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 01/10/2020 16:00 | |
NotAfter: 01/10/2023 16:00 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 4926847824c7a5932a27122feb70cadd | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: eee7d167071fd7804f664c6db3cae5ead47ff586 | |
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495 CERT_E_EXPIRED) | |
------------------------------------ | |
Expired certificate | |
Displayed cert for reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
================ Certificate 4 ================ | |
--- Reader: Alcorlink USB Smart Card Reader 0 | |
--- Card: CardOS V5.3 | |
Provider = Microsoft Smart Card Key Storage Provider | |
Key Container = Encr 2020-12-11 2023-12-11 09 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 760eaa9d31aa56bdfd94087f2aa3dad0 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=Siemens Issuing CA EE Enc 2020 | |
OU=Siemens Trust Center | |
SERIALNUMBER=ZZZZZZB3 | |
O=Siemens | |
L=Muenchen | |
S=Bayern | |
C=DE | |
Name Hash(sha1): 26edccc791df38a6dd2c6b7ccfd8d5748a350582 | |
Name Hash(md5): c18ae53abdce5d16f28bdc577f0d9e7b | |
NotBefore: 11/12/2020 14:55 | |
NotAfter: 11/12/2023 14:55 | |
Subject: | |
CN=Buschart Rufus | |
O=Siemens | |
SN=Buschart | |
G=Rufus | |
SERIALNUMBER=Z002M76A | |
Name Hash(sha1): c45dd50cb26e622f579d1a94a819002657199ac3 | |
Name Hash(md5): ca22eedd9c77b8e5d8d836fb33d07af2 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 98 4b 21 c3 56 38 43 | |
0010 03 cc 90 56 4c 6b 46 f6 3b 33 a6 84 ac 9e 2a ce | |
0020 c7 f8 e7 10 38 3d 0a f5 b3 de da cc 3c e5 f3 23 | |
0030 d3 8f cd 43 05 f7 e1 c8 f6 d3 b2 6f d9 17 03 ef | |
0040 c3 5b b8 02 4b d7 45 d2 2d 3c 64 c0 b2 cd e4 a1 | |
0050 58 7c d8 d1 aa 80 4a c8 d2 7f 9a bc 62 0f b1 32 | |
0060 26 a5 99 19 a0 47 ff e8 aa 09 b4 a7 67 64 d0 e3 | |
0070 38 a5 69 b3 97 a0 5d 3a 9f 1a 40 75 7f 93 61 28 | |
0080 fb 61 34 f5 77 be a9 3f 07 4d e8 ab 5e a3 d0 ca | |
0090 f1 2b 7e 15 96 4e 2c 14 71 c7 1b a0 12 e2 b5 40 | |
00a0 7b cf 38 76 58 2e 21 f5 33 62 4f ce bf 0d 51 5d | |
00b0 f9 55 83 4a 5a ef 1a c9 ee cf 24 f5 ef e8 89 c3 | |
00c0 dc 04 57 39 d6 3e e3 b8 b3 df bc d9 fd 97 53 1b | |
00d0 e9 31 3a 3b 11 d6 5e 24 db 0f eb d1 8a 1f 0f 38 | |
00e0 f5 0a f1 45 16 03 69 8f 2e 76 93 f7 27 49 9b 76 | |
00f0 6a 78 aa fb 89 d4 92 4c a4 69 0e 7a 20 19 3e b3 | |
0100 4f 77 fa e2 02 b0 a6 df 0d 02 03 01 00 01 | |
Certificate Extensions: 9 | |
2.5.29.37: Flags = 0, Length = 31 | |
Enhanced Key Usage | |
Secure Email (1.3.6.1.5.5.7.3.4) | |
Encrypting File System (1.3.6.1.4.1.311.10.3.4) | |
File Recovery (1.3.6.1.4.1.311.10.3.4.1) | |
BitLocker Drive Encryption (1.3.6.1.4.1.311.67.1.1) | |
2.5.29.35: Flags = 0, Length = 18 | |
Authority Key Identifier | |
KeyID=b6f991e3859f0c3cb68972539e41348d702af9bd | |
1.3.6.1.5.5.7.1.1: Flags = 0, Length = ea | |
Authority Information Access | |
[1]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=http://ah.siemens.com/pki?ZZZZZZB3.crt | |
[2]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.net/CN=ZZZZZZB3,L=PKI?cACertificate | |
[3]Authority Info Access | |
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) | |
Alternative Name: | |
URL=ldap://al.siemens.com/CN=ZZZZZZB3,o=Trustcenter?cACertificate | |
[4]Authority Info Access | |
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) | |
Alternative Name: | |
URL=http://ocsp.siemens.com | |
2.5.29.32: Flags = 0, Length = 3f | |
Certificate Policies | |
[1]Certificate Policy: | |
Policy Identifier=1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
[1,1]Policy Qualifier Info: | |
Policy Qualifier Id=CPS | |
Qualifier: | |
https://www.siemens.com/pki/ | |
2.5.29.31: Flags = 0, Length = c2 | |
CRL Distribution Points | |
[1]CRL Distribution Point | |
Distribution Point Name: | |
Full Name: | |
URL=http://ch.siemens.com/pki?ZZZZZZB3.crl | |
URL=ldap://cl.siemens.net/CN=ZZZZZZB3,L=PKI?certificateRevocationList | |
URL=ldap://cl.siemens.com/CN=ZZZZZZB3,o=Trustcenter?certificateRevocationList | |
2.5.29.14: Flags = 0, Length = 16 | |
Subject Key Identifier | |
c282709a4d4ae5122b5d0a6e9240d41bff2f0cb3 | |
2.5.29.15: Flags = 1(Critical), Length = 4 | |
Key Usage | |
Key Encipherment, Data Encipherment (30) | |
2.5.29.17: Flags = 0, Length = 1e | |
Subject Alternative Name | |
RFC822 Name=rufus.buschart@siemens.com | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 64 10 d2 c6 e2 f6 d6 ea 9e 4c ad 0d 97 90 65 4f | |
0010 29 da f3 fa df 31 f2 2a b3 56 df fd 87 b1 90 fb | |
0020 7d 40 67 0c 81 05 28 d4 57 00 9b 41 f4 5f f4 29 | |
0030 46 63 25 1d 52 13 7d ae 9f 03 93 cc 77 68 da 4b | |
0040 08 d3 c1 ba a8 ca 75 ed d2 5d 58 92 74 5b fe 30 | |
0050 9f 59 65 be c6 40 d8 71 71 31 e3 e1 59 62 a1 a4 | |
0060 41 38 d4 7f 13 af af c6 bb d7 fe 17 76 ec 50 7f | |
0070 e4 96 20 13 b4 35 13 48 70 19 61 5d 65 88 32 be | |
0080 17 1b 04 aa 83 b0 b9 a6 d8 71 fe a2 1f 96 b4 d6 | |
0090 41 ec 1a 5b 5f f8 52 43 9e f0 e9 2c 69 19 ba c9 | |
00a0 9d 7b e3 b0 a3 e6 88 71 bd d2 a7 01 a3 84 d0 f6 | |
00b0 18 d2 f7 82 64 25 e6 d0 54 8f 9d c7 37 a5 b5 32 | |
00c0 6a d1 f6 8d 6e 69 25 c5 40 ff c5 03 3e af 27 9a | |
00d0 dc d4 e9 39 36 c6 3b 90 f9 b0 e2 34 79 9c cb 02 | |
00e0 ad c4 7f 4c fb 5b b9 c2 0e 87 d6 53 1f d9 eb 2b | |
00f0 fb 45 d5 50 2d 1c d8 41 97 82 1c 7d b2 12 50 13 | |
0100 c9 01 86 4a af 6a 59 49 28 17 ab e6 82 80 b2 76 | |
0110 6b e8 0b 7d 24 7a ac 49 f9 4f ce 18 9a 80 86 f8 | |
0120 b5 a4 3e 97 d3 33 c8 ce f3 a3 45 d5 ef c3 13 c7 | |
0130 04 c6 17 fd 16 6f 70 04 9a 12 21 74 61 cf e9 3e | |
0140 36 4a 50 77 3b 19 63 81 32 88 79 c4 eb 40 77 69 | |
0150 54 8a 0f 92 34 67 be 92 30 98 0b c3 e4 73 89 6e | |
0160 85 b1 3e 27 77 49 84 47 28 cb f9 46 6b d8 07 d3 | |
0170 8b ba 29 ff 48 8c 81 17 ca 1a c3 d2 5a 55 29 f6 | |
0180 7b e4 cf ef 77 8d 4c 07 3f 89 cd 5a 57 9b d8 40 | |
0190 39 bb ff 91 93 81 b0 d8 b7 20 9e 85 5b 82 20 e0 | |
01a0 cc de 4d ce d7 21 2f 75 60 bd e5 70 6f 5c 98 b8 | |
01b0 06 03 a3 63 8d 00 ca 56 9b 0f 29 9f 29 f8 5e 47 | |
01c0 cc 13 8e e1 32 c2 da 4a 01 b4 3a c8 28 93 4c 1f | |
01d0 36 bf 16 84 21 91 32 8a 13 96 70 75 71 95 25 30 | |
01e0 ad b7 4c e7 3c ca b1 fc f7 f5 01 ea 93 2f c2 17 | |
01f0 c1 ae 0c 63 d1 b5 87 18 63 5c 51 24 a6 ea 48 35 | |
Non-root Certificate | |
Key Id Hash(rfc-sha1): c282709a4d4ae5122b5d0a6e9240d41bff2f0cb3 | |
Key Id Hash(sha1): e22bee19d1ecd5a2ed7c9de04743fb7bb1e94e9c | |
Key Id Hash(bcrypt-sha1): 8e860584fd51e8dc8513d2f9ddb9e3c687ee9280 | |
Key Id Hash(bcrypt-sha256): f89b8800771b29c2cdf1ff653abfc584ff1f16a5ce49910f74a3a61cb2d8ae55 | |
Key Id Hash(md5): 7d4df372816a056992c9572b5753f887 | |
Key Id Hash(sha256): a36c68c69ccbd1a2c9bd530dce97804c0e0c7b3678ec4dbcdc9dece2d76d8646 | |
Key Id Hash(pin-sha256): S1JpODNu17cw0OIZpIlzqhkfTAep5MVSvY9RRmsqycY= | |
Key Id Hash(pin-sha256-hex): 4b526938336ed7b730d0e219a48973aa191f4c07a9e4c552bd8f51466b2ac9c6 | |
Cert Hash(md5): 1133dae1942992c05a4822db852d416d | |
Cert Hash(sha1): 99a5dae73e2adf42bb54645ac8b4f03c8637b7e0 | |
Cert Hash(sha256): 6cba612dbbbb6d4996570c3ec19b733d6d0ae8a0b3a0e10ced59cd325406dc4a | |
Signature Hash: ac108c7e9a6021226f4dc96801e473dd0618c20b4263651f3649ecdb64be135f | |
Performing public key matching test... | |
Public key matching test succeeded | |
Key Container = Encr 2020-12-11 2023-12-11 09 | |
Simple container name: Encr 2020-12-11 2023-12-11 09 | |
Unique container name: Encr 2020-12-11 2023-12-11 09 | |
Provider = Microsoft Smart Card Key Storage Provider | |
ProviderType = 0 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 0 -- XCN_AT_NONE | |
Private key verifies | |
Microsoft Smart Card Key Storage Provider: KeySpec=0 | |
AES256+RSAES_OAEP(RSA:CNG) test passed | |
Performing cert chain verification... | |
CertGetCertificateChain(dwErrorStatus) = 0x4 | |
Chain on smart card is invalid | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_BASE | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
ChainContext.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
ChainContext.dwRevocationFreshnessTime: 3 Days, 14 Hours, 42 Minutes, 12 Seconds | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
SimpleChain.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
SimpleChain.dwRevocationFreshnessTime: 3 Days, 14 Hours, 42 Minutes, 12 Seconds | |
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=4 | |
Issuer: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 11/12/2020 14:55 | |
NotAfter: 11/12/2023 14:55 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 760eaa9d31aa56bdfd94087f2aa3dad0 | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: 99a5dae73e2adf42bb54645ac8b4f03c8637b7e0 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwErrorStatus = CERT_TRUST_IS_REVOKED (0x4) | |
CRL (null): | |
Issuer: CN=Siemens CPKI OCSP Signer ZZZZZZB3, O=Siemens, C=DE | |
ThisUpdate: 10/11/2023 00:07 | |
NextUpdate: 15/11/2023 13:42 | |
CRL: d212b772276b0b08f0856ae67ab5720dcdca8082 | |
Issuance[0] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
CertContext[0][1]: dwInfoStatus=502 dwErrorStatus=0 | |
Issuer: CN=QuoVadis Enterprise Trust CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 29/06/2020 15:35 | |
NotAfter: 29/06/2026 15:35 | |
Subject: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
Serial: 47bdd59cd76ec23740fd38ddefdc18861b4fdf1d | |
Cert: 9419871ef5ab173ce9c62ed9351d6065e9f1ed66 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwInfoStatus = CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS (0x400) | |
CRL (null): | |
Issuer: CN=QuoVadis OCSP Authority Signature, O=QuoVadis Limited, C=BM | |
ThisUpdate: 13/11/2023 14:35 | |
NextUpdate: 15/11/2023 14:35 | |
CRL: f1b608ab001d5fba07850dcad4466d28d3134da7 | |
Issuance[0] = 1.3.6.1.4.1.8024.0.3.1800.0 | |
Issuance[1] = 1.3.6.1.4.1.4329.7 | |
Issuance[2] = 1.3.6.1.4.1.4329.7.2.2.3.2.3 | |
Issuance[3] = 1.3.6.1.4.1.4329.7.2.2.3.1.3 | |
Issuance[4] = 1.3.6.1.4.1.4329.7.2.2.4.1.3 | |
Issuance[5] = 1.3.6.1.4.1.4329.7.2.5 | |
Issuance[6] = 1.3.6.1.4.1.4329.99 | |
Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email | |
Application[1] = 1.3.6.1.4.1.311.67.1.1 BitLocker Drive Encryption | |
Application[2] = 1.3.6.1.4.1.311.10.3.4.1 File Recovery | |
Application[3] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0 | |
Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 06/06/2016 15:43 | |
NotAfter: 06/06/2031 15:43 | |
Subject: CN=QuoVadis Enterprise Trust CA 3 G3, O=QuoVadis Limited, C=BM | |
Serial: 0c2163a44924ffb7fcdb675acdcaee7208cca95a | |
Cert: 7e649cce9bf28f62f03b3e0edd4983fe167f9888 | |
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
CRL (null): | |
Issuer: CN=QuoVadis OCSP Authority Signature, O=QuoVadis Limited, C=BM | |
ThisUpdate: 13/11/2023 14:16 | |
NextUpdate: 15/11/2023 14:16 | |
CRL: ddb134063fc1aa6e532a50b9726bbcde8c352ed7 | |
CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0 | |
Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
NotBefore: 12/01/2012 21:26 | |
NotAfter: 12/01/2042 21:26 | |
Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM | |
Serial: 2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d | |
Cert: 4812bd923ca8c43906e7306d2796e6a4cf222e7d | |
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Exclude leaf cert: | |
Chain: 123026a331a78b1897b9ef03fd2f43faf35b6e15 | |
Full chain: | |
Chain: 42afdb5320211ea39b4d06e23ebbfd5e7f6ff5ba | |
Issuer: CN=Siemens Issuing CA EE Enc 2020, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB3, O=Siemens, L=Muenchen, S=Bayern, C=DE | |
NotBefore: 11/12/2020 14:55 | |
NotAfter: 11/12/2023 14:55 | |
Subject: CN=Buschart Rufus, O=Siemens, SN=Buschart, G=Rufus, SERIALNUMBER=Z002M76A | |
Serial: 760eaa9d31aa56bdfd94087f2aa3dad0 | |
SubjectAltName: RFC822 Name=rufus.buschart@siemens.com | |
Cert: 99a5dae73e2adf42bb54645ac8b4f03c8637b7e0 | |
The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED) | |
------------------------------------ | |
Certificate is REVOKED | |
Displayed cert for reader: Alcorlink USB Smart Card Reader 0 | |
--------------===========================-------------- | |
======================================================= | |
Analyzing card in reader: Certgate GmbH AirID 2 USB 0 | |
--------------===========================-------------- | |
======================================================= | |
Analyzing card in reader: certgate GmbH AirID BLE F4B3B1AA3B3B 0 | |
--------------===========================-------------- | |
======================================================= | |
Analyzing card in reader: Microsoft UICC ISO Reader f8e64934 0 | |
SCardGetCardTypeProviderName: The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND) | |
Cannot retrieve Provider Name for SCardGetCardTypeProviderName: The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND) | |
Cannot retrieve Provider Name for | |
--------------===========================-------------- | |
======================================================= | |
Analyzing card in reader: Windows Hello for Business 1 | |
--------------===========================-------------- | |
================ Certificate 0 ================ | |
--- Reader: Windows Hello for Business 1 | |
--- Card: Identity Device (Microsoft Generic Profile) | |
Provider = Microsoft Base Smart Card Crypto Provider | |
Key Container = {2D0FE290-28CA-4D90-7EF9-49B1CE1C3CED} [Default Container] | |
No AT_SIGNATURE key for reader: Windows Hello for Business 1 | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 1f0787fda7faef814f55a001655b7ea5 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
Name Hash(sha1): c1c0c8ee51a1249fc26b528dd0485d5d1d432b7c | |
Name Hash(md5): a1112b11888a699e9ee682541b0e22f9 | |
NotBefore: 06/05/2022 15:19 | |
NotAfter: 06/05/2052 15:29 | |
Subject: | |
CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
Name Hash(sha1): c1c0c8ee51a1249fc26b528dd0485d5d1d432b7c | |
Name Hash(md5): a1112b11888a699e9ee682541b0e22f9 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN) | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 b2 a3 04 3e 31 fe 19 | |
0010 8d f7 67 60 c6 a8 47 76 a7 00 5e a6 b0 e0 55 fd | |
0020 7a 4e cb 0a 9b a2 2d 0f 25 72 79 87 4f 65 66 63 | |
0030 3d 87 24 e8 25 6b 56 88 c2 92 c0 1c 06 60 b4 4c | |
0040 39 d0 2b 3e db cb b0 2b 95 d3 f0 05 6a 8b 9d 59 | |
0050 ab b8 45 0f b6 ac e6 cc 6b 36 9f 75 54 0f c7 1c | |
0060 d4 6a 50 30 9f 05 64 0e 2b 85 6a 0d ec fb 70 4c | |
0070 49 0d 2c a3 8b cd cd f4 be d9 39 01 1d ab f7 13 | |
0080 8b bd 31 a0 ff 8b f3 b0 3e 4a 9a 90 32 3d 04 6c | |
0090 cc 72 96 a2 c3 07 cd 9c c7 0c 74 3e ff c2 ec fe | |
00a0 d3 49 ac f3 88 22 c2 7a 56 38 88 fb 33 68 fd d6 | |
00b0 24 12 35 ae 79 45 18 ba 9b ce fb 8f 0f 21 3a 63 | |
00c0 98 5e 33 96 9c 42 f7 fb 03 30 46 fc 12 99 28 e1 | |
00d0 c1 46 22 2d 39 54 0b 71 1b b6 29 cd 69 be 99 bf | |
00e0 9c 88 42 81 9a 7f 1b 55 d3 3a 1e c6 ea 40 bb 0a | |
00f0 25 d7 22 79 90 b2 63 a6 c1 55 cb 77 5d 9d e0 91 | |
0100 59 a6 92 a0 1c 59 97 ca 61 02 03 01 00 01 | |
Certificate Extensions: 2 | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
2.5.29.37: Flags = 0, Length = e | |
Enhanced Key Usage | |
Smart Card Logon (1.3.6.1.4.1.311.20.2.2) | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 d7 ef d3 76 f5 a0 dc dc 64 3d c3 d0 41 49 04 45 | |
0010 23 f3 f3 f4 8f 51 0e a4 c5 9d 58 58 70 c9 1b 30 | |
0020 93 65 91 a2 b1 0f fa 78 22 0f 8b c0 c0 a7 48 c9 | |
0030 4b 9a a1 6e 5b b3 d8 6b 89 39 d8 05 1d f4 1f b7 | |
0040 f2 29 4e 24 cc 33 5b e5 dd 54 b6 b8 8e 1e fd 25 | |
0050 48 01 bb 3b 7a ea 3c a6 66 54 37 5a 94 42 8d 1f | |
0060 4b 82 8e 92 be fe 7e b8 e8 97 01 57 61 e6 64 64 | |
0070 d4 e2 be b8 f3 e3 ea 16 30 5f 41 70 fa f2 37 96 | |
0080 ee 9c 87 1b a5 fe a3 c2 cb 37 12 80 1b ae 79 4b | |
0090 19 3e c6 fd b3 53 7e 09 5d 7f 96 a8 85 43 90 4f | |
00a0 3d 07 b5 fd 0f b6 1f ad ae ec 0e f5 7f 5d c9 ff | |
00b0 20 d0 d4 51 5c 5f e5 5a be 1a 8d 33 c0 3c 54 7b | |
00c0 81 9e f1 2a 61 c5 54 d9 a0 bc 10 a2 3c 74 fa a4 | |
00d0 7b 3d 51 06 f3 77 df 31 4b 91 0d 3d 8f 0e 19 94 | |
00e0 80 62 7f a9 92 3d 0d ec e1 52 9e ab 14 06 2a fc | |
00f0 cb 07 de ea 29 18 36 42 1f 57 1e 57 5b 72 70 79 | |
Signature matches Public Key | |
Root Certificate: Subject matches Issuer | |
Key Id Hash(rfc-sha1): d34c50139818c0b3bd472d48ecf760446a2b5d81 | |
Key Id Hash(sha1): 2250d7e61a064a98564a77bb4cefcb3e0e39c683 | |
Key Id Hash(bcrypt-sha1): c86a6211c4c757f3ac51ac6f27ef680e2190e3f2 | |
Key Id Hash(bcrypt-sha256): 9ba5f7ce61ce3dd81a9976aa289fdb28e7fab14a3edc7bcbbf745ad62f48dc63 | |
Key Id Hash(md5): 709306a944fdf138a26e33a55854d947 | |
Key Id Hash(sha256): ec05e9945196bb5a8c1a5be0cc9eeaf01ac14023a767a8d8cfbd8c688981c835 | |
Key Id Hash(pin-sha256): Ow5B19nOadEKEeY7dJOA8PUje3C0ITrFEw95WL3Dqho= | |
Key Id Hash(pin-sha256-hex): 3b0e41d7d9ce69d10a11e63b749380f0f5237b70b4213ac5130f7958bdc3aa1a | |
Cert Hash(md5): 98ddf10faffac9f598d10d437d4bb578 | |
Cert Hash(sha1): 0f89913a5aa0bbe848213e23105643a5ca5ff5c2 | |
Cert Hash(sha256): 40b88aee5e52e13874438060b9872455fd6d94d02b81da7b0c1491c0ad3e2a16 | |
Signature Hash: e6b6febb89f469c62625a893728c255f9508cf57016d30690eef020d115182f3 | |
Performing AT_KEYEXCHANGE public key matching test... | |
Public key matching test succeeded | |
Key Container = {2D0FE290-28CA-4D90-7EF9-49B1CE1C3CED} | |
Simple container name: {2D0FE290-28CA-4D90-7EF9-49B1CE1C3CED} | |
Unique container name: {2D0FE290-28CA-4D90-7EF9-49B1CE1C3CED} | |
Provider = Microsoft Base Smart Card Crypto Provider | |
ProviderType = 1 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 1 -- AT_KEYEXCHANGE | |
Private key verifies | |
Performing cert chain verification... | |
CertGetCertificateChain(dwErrorStatus) = 0x20 | |
Chain on smart card is invalid | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_BASE | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) | |
CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=20 | |
Issuer: CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
NotBefore: 06/05/2022 15:19 | |
NotAfter: 06/05/2052 15:29 | |
Subject: CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
Serial: 1f0787fda7faef814f55a001655b7ea5 | |
Cert: 0f89913a5aa0bbe848213e23105643a5ca5ff5c2 | |
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) | |
Application[0] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
Exclude leaf cert: | |
Chain: da39a3ee5e6b4b0d3255bfef95601890afd80709 | |
Full chain: | |
Chain: 0f89913a5aa0bbe848213e23105643a5ca5ff5c2 | |
Issuer: CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
NotBefore: 06/05/2022 15:19 | |
NotAfter: 06/05/2052 15:29 | |
Subject: CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
Serial: 1f0787fda7faef814f55a001655b7ea5 | |
Cert: 0f89913a5aa0bbe848213e23105643a5ca5ff5c2 | |
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT) | |
------------------------------------ | |
Verifies against UNTRUSTED root | |
Displayed AT_KEYEXCHANGE cert for reader: Windows Hello for Business 1 | |
--------------===========================-------------- | |
================ Certificate 0 ================ | |
--- Reader: Windows Hello for Business 1 | |
--- Card: Identity Device (Microsoft Generic Profile) | |
Provider = Microsoft Smart Card Key Storage Provider | |
Key Container = {2D0FE290-28CA-4D90-7EF9-49B1CE1C3CED} | |
X509 Certificate: | |
Version: 3 | |
Serial Number: 1f0787fda7faef814f55a001655b7ea5 | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Issuer: | |
CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
Name Hash(sha1): c1c0c8ee51a1249fc26b528dd0485d5d1d432b7c | |
Name Hash(md5): a1112b11888a699e9ee682541b0e22f9 | |
NotBefore: 06/05/2022 15:19 | |
NotAfter: 06/05/2052 15:29 | |
Subject: | |
CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
Name Hash(sha1): c1c0c8ee51a1249fc26b528dd0485d5d1d432b7c | |
Name Hash(md5): a1112b11888a699e9ee682541b0e22f9 | |
Public Key Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN) | |
Algorithm Parameters: | |
05 00 | |
Public Key Length: 2048 bits | |
Public Key: UnusedBits = 0 | |
0000 30 82 01 0a 02 82 01 01 00 b2 a3 04 3e 31 fe 19 | |
0010 8d f7 67 60 c6 a8 47 76 a7 00 5e a6 b0 e0 55 fd | |
0020 7a 4e cb 0a 9b a2 2d 0f 25 72 79 87 4f 65 66 63 | |
0030 3d 87 24 e8 25 6b 56 88 c2 92 c0 1c 06 60 b4 4c | |
0040 39 d0 2b 3e db cb b0 2b 95 d3 f0 05 6a 8b 9d 59 | |
0050 ab b8 45 0f b6 ac e6 cc 6b 36 9f 75 54 0f c7 1c | |
0060 d4 6a 50 30 9f 05 64 0e 2b 85 6a 0d ec fb 70 4c | |
0070 49 0d 2c a3 8b cd cd f4 be d9 39 01 1d ab f7 13 | |
0080 8b bd 31 a0 ff 8b f3 b0 3e 4a 9a 90 32 3d 04 6c | |
0090 cc 72 96 a2 c3 07 cd 9c c7 0c 74 3e ff c2 ec fe | |
00a0 d3 49 ac f3 88 22 c2 7a 56 38 88 fb 33 68 fd d6 | |
00b0 24 12 35 ae 79 45 18 ba 9b ce fb 8f 0f 21 3a 63 | |
00c0 98 5e 33 96 9c 42 f7 fb 03 30 46 fc 12 99 28 e1 | |
00d0 c1 46 22 2d 39 54 0b 71 1b b6 29 cd 69 be 99 bf | |
00e0 9c 88 42 81 9a 7f 1b 55 d3 3a 1e c6 ea 40 bb 0a | |
00f0 25 d7 22 79 90 b2 63 a6 c1 55 cb 77 5d 9d e0 91 | |
0100 59 a6 92 a0 1c 59 97 ca 61 02 03 01 00 01 | |
Certificate Extensions: 2 | |
2.5.29.19: Flags = 1(Critical), Length = 2 | |
Basic Constraints | |
Subject Type=End Entity | |
Path Length Constraint=None | |
2.5.29.37: Flags = 0, Length = e | |
Enhanced Key Usage | |
Smart Card Logon (1.3.6.1.4.1.311.20.2.2) | |
Signature Algorithm: | |
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA | |
Algorithm Parameters: | |
05 00 | |
Signature: UnusedBits=0 | |
0000 d7 ef d3 76 f5 a0 dc dc 64 3d c3 d0 41 49 04 45 | |
0010 23 f3 f3 f4 8f 51 0e a4 c5 9d 58 58 70 c9 1b 30 | |
0020 93 65 91 a2 b1 0f fa 78 22 0f 8b c0 c0 a7 48 c9 | |
0030 4b 9a a1 6e 5b b3 d8 6b 89 39 d8 05 1d f4 1f b7 | |
0040 f2 29 4e 24 cc 33 5b e5 dd 54 b6 b8 8e 1e fd 25 | |
0050 48 01 bb 3b 7a ea 3c a6 66 54 37 5a 94 42 8d 1f | |
0060 4b 82 8e 92 be fe 7e b8 e8 97 01 57 61 e6 64 64 | |
0070 d4 e2 be b8 f3 e3 ea 16 30 5f 41 70 fa f2 37 96 | |
0080 ee 9c 87 1b a5 fe a3 c2 cb 37 12 80 1b ae 79 4b | |
0090 19 3e c6 fd b3 53 7e 09 5d 7f 96 a8 85 43 90 4f | |
00a0 3d 07 b5 fd 0f b6 1f ad ae ec 0e f5 7f 5d c9 ff | |
00b0 20 d0 d4 51 5c 5f e5 5a be 1a 8d 33 c0 3c 54 7b | |
00c0 81 9e f1 2a 61 c5 54 d9 a0 bc 10 a2 3c 74 fa a4 | |
00d0 7b 3d 51 06 f3 77 df 31 4b 91 0d 3d 8f 0e 19 94 | |
00e0 80 62 7f a9 92 3d 0d ec e1 52 9e ab 14 06 2a fc | |
00f0 cb 07 de ea 29 18 36 42 1f 57 1e 57 5b 72 70 79 | |
Signature matches Public Key | |
Root Certificate: Subject matches Issuer | |
Key Id Hash(rfc-sha1): d34c50139818c0b3bd472d48ecf760446a2b5d81 | |
Key Id Hash(sha1): 2250d7e61a064a98564a77bb4cefcb3e0e39c683 | |
Key Id Hash(bcrypt-sha1): c86a6211c4c757f3ac51ac6f27ef680e2190e3f2 | |
Key Id Hash(bcrypt-sha256): 9ba5f7ce61ce3dd81a9976aa289fdb28e7fab14a3edc7bcbbf745ad62f48dc63 | |
Key Id Hash(md5): 709306a944fdf138a26e33a55854d947 | |
Key Id Hash(sha256): ec05e9945196bb5a8c1a5be0cc9eeaf01ac14023a767a8d8cfbd8c688981c835 | |
Key Id Hash(pin-sha256): Ow5B19nOadEKEeY7dJOA8PUje3C0ITrFEw95WL3Dqho= | |
Key Id Hash(pin-sha256-hex): 3b0e41d7d9ce69d10a11e63b749380f0f5237b70b4213ac5130f7958bdc3aa1a | |
Cert Hash(md5): 98ddf10faffac9f598d10d437d4bb578 | |
Cert Hash(sha1): 0f89913a5aa0bbe848213e23105643a5ca5ff5c2 | |
Cert Hash(sha256): 40b88aee5e52e13874438060b9872455fd6d94d02b81da7b0c1491c0ad3e2a16 | |
Signature Hash: e6b6febb89f469c62625a893728c255f9508cf57016d30690eef020d115182f3 | |
Performing public key matching test... | |
Public key matching test succeeded | |
Key Container = {2D0FE290-28CA-4D90-7EF9-49B1CE1C3CED} | |
Simple container name: {2D0FE290-28CA-4D90-7EF9-49B1CE1C3CED} | |
Unique container name: {2D0FE290-28CA-4D90-7EF9-49B1CE1C3CED} | |
Provider = Microsoft Smart Card Key Storage Provider | |
ProviderType = 0 | |
Flags = 1 | |
(CRYPT_MACHINE_KEYSET -- 20 (32)) | |
(CRYPT_SILENT -- 40 (64)) | |
0x1 (1) | |
KeySpec = 0 -- XCN_AT_NONE | |
Private key verifies | |
Microsoft Smart Card Key Storage Provider: KeySpec=0 | |
AES256+RSAES_OAEP(RSA:CNG) test FAILED: Cannot find the certificate and private key to use for decryption. 0x8009200c (-2146885620 CRYPT_E_NO_DECRYPT_CERT) | |
Performing cert chain verification... | |
CertGetCertificateChain(dwErrorStatus) = 0x20 | |
Chain on smart card is invalid | |
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) | |
HCCE_LOCAL_MACHINE | |
CERT_CHAIN_POLICY_BASE | |
-------- CERT_CHAIN_CONTEXT -------- | |
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) | |
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) | |
CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=20 | |
Issuer: CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
NotBefore: 06/05/2022 15:19 | |
NotAfter: 06/05/2052 15:29 | |
Subject: CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
Serial: 1f0787fda7faef814f55a001655b7ea5 | |
Cert: 0f89913a5aa0bbe848213e23105643a5ca5ff5c2 | |
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) | |
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) | |
Application[0] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon | |
Exclude leaf cert: | |
Chain: da39a3ee5e6b4b0d3255bfef95601890afd80709 | |
Full chain: | |
Chain: 0f89913a5aa0bbe848213e23105643a5ca5ff5c2 | |
Issuer: CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
NotBefore: 06/05/2022 15:19 | |
NotAfter: 06/05/2052 15:29 | |
Subject: CN=S-1-12-1-2113999623-1167893922-3306789278-1074894023/53e71ba7-afb2-45a9-9592-7e9878eb365a/login.windows.net/38ae3bcd-9579-4fd4-adda-b42e1495d55a/rufus.buschart@siemens.com | |
Serial: 1f0787fda7faef814f55a001655b7ea5 | |
Cert: 0f89913a5aa0bbe848213e23105643a5ca5ff5c2 | |
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT) | |
------------------------------------ | |
Verifies against UNTRUSTED root | |
Displayed cert for reader: Windows Hello for Business 1 | |
--------------===========================-------------- | |
CertUtil: -SCInfo command FAILED: 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND) | |
CertUtil: The system cannot find the file specified. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment