Skip to content

Instantly share code, notes, and snippets.

@film42
Created Apr 3, 2019
Embed
What would you like to do?
-----BEGIN CERTIFICATE-----
MIIFujCCA6KgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFQdXBw
ZXQgQ0E6IHNiLXNhbmQtcHVwcGV0bWFzdGVyMS5zYW5kLmludGVybmFsLm14MB4X
DTE2MTEyODIzNTMxOFoXDTIxMTEyODIzNTMxOFowPDE6MDgGA1UEAwwxUHVwcGV0
IENBOiBzYi1zYW5kLXB1cHBldG1hc3RlcjEuc2FuZC5pbnRlcm5hbC5teDCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKNxo2xDfAlcgHLWIxJR501nCpzn
k9fcX1/o3XRPJSc7OqJ0SjnYJ7e78EDdfIhH03buQQInHOCOEO2IET+F+//4F16M
UIif7S/h0FrV52/rludVwd3j8+JDy1XE9YOHIeR0PiRmVU2wuhaj6CpU5EdxtFMG
zK84gfofsokzq5UXg4UrZdLvw0sufZLOkEMP8DjZwcH9IKfCNKEGa7HsPvg5qp2H
Tg9kJ7h6BfKTg1FD38gUQVgqBY6UC265luNVBfa7F42fHC6E9MIN6VAZLbQtnUyw
LtXIy3mgawvcm1G+J1rYJke7VkE2mvbTZC/JCVbyJe1/uqw/g9NmSFOHkTOc3+Xu
zN1OfR9Rdgu7EhlLQ6OVylRWO74Wz0N6MaxOsWjcq5z7H+dxgyOT1Cxfn8WtIDy+
gTljL2vRVCcjbZTDlr4e1OGWHKzQZunVQHZfOcJoWfjXjcr6ur4fHvbCPGMEAQ57
KNdUpMEpzwAYhlG6LyzweFa+BhJ+I2JStcJcmnTtCqEfWa50EPTaz6DrvaUxJeex
eRkXWBJ+fKYSHaqeOa/nR5XEeyPw0feWKUKnmeitsZ85E9JBhOvGZDIo3p3Y3jl4
3MWpZeXCu3BAtjwqy2GTUiu2oIWO8/avSBF5GyLzhsDpHDPXI4VS+2nHxqx6/Z35
lLRC6nvN6JjggYDTAgMBAAGjgcYwgcMwMQYJYIZIAYb4QgENBCQWIlB1cHBldCBT
ZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwTgYDVR0jBEcwRaFApD4wPDE6MDgG
A1UEAwwxUHVwcGV0IENBOiBzYi1zYW5kLXB1cHBldG1hc3RlcjEuc2FuZC5pbnRl
cm5hbC5teIIBATAdBgNVHQ4EFgQUPhFPLbUwlf/YnAC7YZL38hVizy8wDwYDVR0T
AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAIeG
Mu3LsNYYxlTimQtJ8+6xNbtW5oDS8a6EKd4UDKfh9fu1wMTG4dzQk39bsb8+Tdnv
6AixVH5kSq3Ik/XA7nR+w6jdFN4jJGweEu6A4NrsQoq5ZGDiNr50opSYwgyoln8o
Bs9KKN3f7S3UEh+JSgUbMV605S8Dc+nmlRJj1OnGmDpwJpkVmUGHqh+LY9HYgjgf
ILL/hDw6ZncUxAlLc17YdRhzuTXttkdG7V/TiR2l7DMMg3zfgRamvY+6x+ZxjAUH
hxcGosgFWi/lUoEPy6kZveTwqZ4vz6JB7PCAl5xxwQY0TdFkgkIZ5IdcLf7yruy9
cX/7BWMp/i4wOM3bhM1DXafn0zSKH9y5ARbZPxMhVSIHeskSdePmVFrJMqLgvqpu
+LEcOq5sIHXpIJHMbw+Rdx1IDLSotPeZUfi1h4Ck+tSOgFvr0Azajns7SQn43gPe
Yslg6hvzHxHCgKPmnEj2dClSnl6mWDtA7u43sRdzXl2TmbVpPcr383wIixi/MYwK
BLbCNxqWCKDc/+DN/2yHNIfExS7nLOSCGSlLyqWtumNwNCCQAyorLUWlV1WNdOkX
VadSSxQB2phahPO495EQ7+monTT28WNgRrLv9UNj0GVobiD/JK7LdiTzrumXEcz+
gpBQpew3tF8J48ZZj5oMw3xSjwm+JLaj/e8hHwOj
-----END CERTIFICATE-----
$ openssl x509 -in /etc/puppetlabs/puppet/ssl/certs/sb-sand-peter1.sand.internal.mx.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 317 (0x13d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Puppet CA: sb-sand-puppetmaster1.sand.internal.mx
Validity
Not Before: Nov 5 22:45:09 2018 GMT
Not After : Nov 5 22:45:09 2023 GMT
Subject: CN=sb-sand-peter1.sand.internal.mx
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c3:79:a6:c6:eb:1d:c1:ff:d2:ec:19:48:26:02:
8b:88:57:95:20:83:b7:68:62:20:99:51:96:01:d6:
6f:32:4b:0d:06:e4:75:99:a8:38:23:f6:7e:c0:68:
2d:d9:2b:fd:fa:de:53:be:f6:28:a0:7a:f8:e2:a9:
5f:10:c4:9d:a2:9a:67:20:55:24:ae:49:27:6e:af:
7d:17:0d:c8:71:c6:88:ea:09:d6:6e:47:ff:a9:3f:
08:4c:e1:2c:6a:f4:fb:27:da:8c:ac:0e:f0:0e:0b:
16:b0:09:84:c4:e6:74:e8:b7:98:45:e0:0a:87:f1:
6e:39:dd:9b:d8:f7:b0:00:03:79:d6:ee:21:3b:33:
d8:7c:b4:25:42:e7:43:f3:44:48:65:02:61:3f:90:
ba:f2:90:9c:d0:00:70:7e:60:21:76:2e:b1:0c:ae:
17:6a:3b:36:04:fb:66:70:55:06:de:86:0a:d8:9e:
13:9e:9f:0f:5d:ce:99:73:62:b4:8a:0b:a1:66:0c:
fb:63:c9:31:ef:28:7c:4c:00:4d:8f:85:9c:58:cb:
f0:f0:ba:07:8c:03:16:0e:87:6b:55:2e:fe:2c:d7:
5e:31:e8:20:22:da:3e:18:02:0e:2f:58:cc:38:02:
fc:cb:e8:1e:28:ba:26:16:94:13:85:cf:6b:5c:53:
8e:c1:c0:74:1e:8e:14:28:5f:5f:c9:94:c3:37:0b:
7a:64:82:88:7f:4d:31:b4:68:d3:be:c8:e4:97:56:
bc:ed:1d:7c:dc:4a:21:08:df:08:b6:86:bb:98:dc:
17:8e:b4:df:9a:45:fc:fd:09:9f:99:8a:44:73:22:
c2:54:c7:c3:1b:e5:5e:be:a2:09:21:70:3b:b6:8d:
7a:72:69:81:23:74:81:3d:3a:3c:01:41:6e:7b:64:
06:1c:d8:8c:d3:e9:42:f1:5d:38:c5:77:07:12:76:
09:e6:e3:e3:94:ff:13:9e:2d:4d:10:b8:25:05:ce:
e4:11:b5:28:8e:4c:8d:95:ec:a1:8c:43:4a:f7:ff:
ee:38:97:9c:b2:91:8f:a1:2d:56:0e:72:b5:96:b6:
34:4d:da:78:e6:a4:86:ae:27:ee:fb:e4:1a:b9:44:
75:28:de:82:e8:77:c9:19:77:39:3f:7e:dc:d0:b7:
02:90:41:18:ea:d9:2c:ec:33:25:01:e5:5b:0c:76:
c0:e4:93:a9:6a:92:db:62:9c:b2:73:36:6e:06:9b:
3f:32:b0:09:18:45:f3:01:a7:ae:c1:2b:07:6b:58:
62:a2:b9:47:e3:5d:bb:68:49:a5:37:4f:96:32:1b:
b4:2e:55:da:c1:63:97:a4:5a:64:41:52:b5:4d:63:
29:7c:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Comment:
.(Puppet Ruby/OpenSSL Internal Certificate
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage: critical
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
F0:E7:7A:B6:98:17:C2:64:13:3F:D7:95:BB:88:1D:0C:D6:B0:41:41
X509v3 Authority Key Identifier:
keyid:3E:11:4F:2D:B5:30:95:FF:D8:9C:00:BB:61:92:F7:F2:15:62:CF:2F
Signature Algorithm: sha256WithRSAEncryption
5c:c3:39:e3:c8:0c:31:87:f4:ad:86:e6:22:83:ba:a1:36:03:
50:2c:6f:90:8b:8d:72:84:fb:2e:68:6a:c2:02:25:17:00:1f:
0d:3c:7e:44:57:df:b9:57:c4:d3:7f:00:eb:64:82:02:be:30:
8a:82:04:52:2f:2a:aa:0d:f2:4b:f8:24:d5:7e:84:f9:b6:1e:
59:53:68:1f:3e:44:38:89:ee:06:c9:3b:6c:37:10:5c:8c:ad:
a3:50:e1:fb:44:78:a4:cf:db:41:8e:01:5a:bb:ff:8a:b3:c4:
6e:0c:08:60:6c:ba:0a:22:42:a3:68:11:50:b5:15:72:db:50:
91:ec:c3:e3:1e:e0:39:d1:3c:02:30:cb:b7:9e:39:e1:95:1d:
c9:82:09:f8:df:14:16:2f:50:ba:1e:26:f4:9c:ff:2d:ce:9e:
25:7a:cc:f8:e7:10:e2:f1:60:2d:7c:61:c8:c0:02:cc:2f:bb:
56:8c:f1:e5:fc:87:fc:c2:30:9b:2d:e4:99:dd:2d:78:52:49:
2d:72:fc:9e:80:9e:3d:e0:71:2c:23:e7:66:52:2c:f2:22:e8:
11:88:24:90:a2:15:ca:e4:58:20:40:27:f8:5d:16:70:b5:90:
b4:29:d2:ad:75:f4:3b:3b:4f:02:7b:cf:76:1e:9e:d6:4f:f3:
f0:f6:dd:ec:51:75:8e:b4:da:c2:8d:58:01:05:bc:2b:6d:66:
89:42:d1:f4:8f:45:9c:44:2a:c8:13:4d:e1:d0:a7:ef:96:d4:
61:b0:05:87:b2:cc:78:15:b4:ef:b1:de:d3:56:7e:80:8d:9c:
89:d0:44:a5:51:08:83:ba:6e:c4:e2:db:cb:01:a3:86:19:7f:
ec:53:b7:27:ff:15:32:61:77:d2:9a:52:cd:30:82:fa:60:7f:
f4:cd:3b:46:07:3c:d6:3a:e8:b0:f5:a4:86:4b:3d:3e:c7:14:
f9:d2:59:c5:44:78:17:5b:17:4c:1b:1b:15:77:1e:9c:a5:d7:
3f:5a:c6:59:60:25:d1:ce:eb:1b:be:fd:28:62:1e:0b:00:7f:
2d:01:40:f6:c4:c7:37:50:42:5e:75:bf:c3:24:29:2a:38:b1:
4f:f6:d8:f3:f6:a5:09:3f:36:6b:a1:09:af:a5:57:c8:dc:21:
ff:49:b1:a6:36:20:8a:69:69:00:6e:a3:96:fc:48:16:a7:0d:
79:3a:46:e9:2b:f5:19:1d:6b:28:07:73:c8:be:af:6e:29:4a:
ec:07:bb:79:05:c9:ce:34:e9:dc:68:cd:b4:e3:c4:61:63:e3:
0a:78:41:fc:5e:41:65:e9:32:da:55:c8:0d:69:65:f7:5e:58:
3a:55:c6:f1:82:08:59:c4
$ openssl asn1parse -in /etc/puppetlabs/puppet/ssl/certs/ca.pem
0:d=0 hl=4 l=1466 cons: SEQUENCE
4:d=1 hl=4 l= 930 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 1 prim: INTEGER :01
16:d=2 hl=2 l= 13 cons: SEQUENCE
18:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
29:d=3 hl=2 l= 0 prim: NULL
31:d=2 hl=2 l= 60 cons: SEQUENCE
33:d=3 hl=2 l= 58 cons: SET
35:d=4 hl=2 l= 56 cons: SEQUENCE
37:d=5 hl=2 l= 3 prim: OBJECT :commonName
42:d=5 hl=2 l= 49 prim: UTF8STRING :Puppet CA: sb-sand-puppetmaster1.sand.internal.mx
93:d=2 hl=2 l= 30 cons: SEQUENCE
95:d=3 hl=2 l= 13 prim: UTCTIME :161128235318Z
110:d=3 hl=2 l= 13 prim: UTCTIME :211128235318Z
125:d=2 hl=2 l= 60 cons: SEQUENCE
127:d=3 hl=2 l= 58 cons: SET
129:d=4 hl=2 l= 56 cons: SEQUENCE
131:d=5 hl=2 l= 3 prim: OBJECT :commonName
136:d=5 hl=2 l= 49 prim: UTF8STRING :Puppet CA: sb-sand-puppetmaster1.sand.internal.mx
187:d=2 hl=4 l= 546 cons: SEQUENCE
191:d=3 hl=2 l= 13 cons: SEQUENCE
193:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
204:d=4 hl=2 l= 0 prim: NULL
206:d=3 hl=4 l= 527 prim: BIT STRING
737:d=2 hl=3 l= 198 cons: cont [ 3 ]
740:d=3 hl=3 l= 195 cons: SEQUENCE
743:d=4 hl=2 l= 49 cons: SEQUENCE
745:d=5 hl=2 l= 9 prim: OBJECT :Netscape Comment
756:d=5 hl=2 l= 36 prim: OCTET STRING [HEX DUMP]:16225075707065742053657276657220496E7465726E616C204365727469666963617465
794:d=4 hl=2 l= 78 cons: SEQUENCE
796:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
801:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:3045A140A43E303C313A303806035504030C315075707065742043413A2073622D73616E642D7075707065746D6173746572312E73616E642E696E7465726E616C2E6D78820101
874:d=4 hl=2 l= 29 cons: SEQUENCE
876:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
881:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04143E114F2DB53095FFD89C00BB6192F7F21562CF2F
905:d=4 hl=2 l= 15 cons: SEQUENCE
907:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
912:d=5 hl=2 l= 1 prim: BOOLEAN :255
915:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
922:d=4 hl=2 l= 14 cons: SEQUENCE
924:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
929:d=5 hl=2 l= 1 prim: BOOLEAN :255
932:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020106
938:d=1 hl=2 l= 13 cons: SEQUENCE
940:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
951:d=2 hl=2 l= 0 prim: NULL
953:d=1 hl=4 l= 513 prim: BIT STRING
irb(main):003:0> cert = OpenSSL::X509::Certificate.new(File.read("/etc/puppetlabs/puppet/ssl/certs/sb-sand-peter1.sand.internal.mx.pem"))
=> #<OpenSSL::X509::Certificate subject=/CN=sb-sand-peter1.sand.internal.mx, issuer=/CN=Puppet CA: sb-sand-puppetmaster1.sand.internal.mx, serial=317, not_before=2018-11-05 22:45:09 UTC, not_after=2023-11-05 22:45:09 UTC>
irb(main):004:0> pp cert.extensions.map(&:value)
[".(Puppet Ruby/OpenSSL Internal Certificate",
"Digital Signature, Key Encipherment",
"TLS Web Server Authentication, TLS Web Client Authentication",
"CA:FALSE",
"F0:E7:7A:B6:98:17:C2:64:13:3F:D7:95:BB:88:1D:0C:D6:B0:41:41",
"keyid:3E:11:4F:2D:B5:30:95:FF:D8:9C:00:BB:61:92:F7:F2:15:62:CF:2F\n"]
irb(main):005:0> pp cert.extensions.map(&:to_h)
[{"oid"=>"nsComment",
"value"=>".(Puppet Ruby/OpenSSL Internal Certificate",
"critical"=>false},
{"oid"=>"keyUsage",
"value"=>"Digital Signature, Key Encipherment",
"critical"=>true},
{"oid"=>"extendedKeyUsage",
"value"=>"TLS Web Server Authentication, TLS Web Client Authentication",
"critical"=>true},
{"oid"=>"basicConstraints", "value"=>"CA:FALSE", "critical"=>true},
{"oid"=>"subjectKeyIdentifier",
"value"=>"F0:E7:7A:B6:98:17:C2:64:13:3F:D7:95:BB:88:1D:0C:D6:B0:41:41",
"critical"=>false},
{"oid"=>"authorityKeyIdentifier",
"value"=>
"keyid:3E:11:4F:2D:B5:30:95:FF:D8:9C:00:BB:61:92:F7:F2:15:62:CF:2F\n",
"critical"=>false}]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment