Skip to content

Instantly share code, notes, and snippets.

@headius

headius/gist:e66ac70e2559827a940bf1419a91c847

Created October 30, 2016 18:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save headius/e66ac70e2559827a940bf1419a91c847 to your computer and use it in GitHub Desktop.
Save headius/e66ac70e2559827a940bf1419a91c847 to your computer and use it in GitHub Desktop.
Download ZIP
jruby/jruby#3502 example script and output
Raw
gistfile1.txt
$ cat gen_ca2.rb
require 'openssl'
require 'securerandom'
ca_key = OpenSSL::PKey::RSA.new(4096)
public_key = ca_key.public_key
subject = "/C=BE/O=Test/OU=Test/CN=test"
ca = OpenSSL::X509::Certificate.new
ca.subject = ca.issuer = OpenSSL::X509::Name.parse(subject)
ca.not_before = Time.now
ca.not_after = Time.now + 365 * 24 * 60 * 60
ca.public_key = public_key
charset = (0..9).to_a + ('a'..'f').to_a
ca.serial = (1..20).collect{|a| charset[SecureRandom.random_number(charset.size)] }.join.to_s.to_i(16)
ca.version = 2
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = ca
ef.issuer_certificate = ca
ca.add_extension ef.create_extension("subjectKeyIdentifier", "hash")
ca.add_extension ef.create_extension("basicConstraints","CA:TRUE", true)
ca.add_extension ef.create_extension("keyUsage", "keyCertSign, cRLSign, nonRepudiation, digitalSignature, keyEncipherment", true)
ca.add_extension ef.create_extension("nameConstraints","permitted;DNS:.example.com",true)
ca.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
ca.sign ca_key, OpenSSL::Digest::SHA256.new
puts ca.to_text
puts ca.to_pem
puts "Cert ========================="
key = OpenSSL::PKey::RSA.new(4096)
public_key = key.public_key
subject = "/C=BE/O=Test/OU=test.example.com/CN=test"
cert = OpenSSL::X509::Certificate.new
cert.subject = OpenSSL::X509::Name.parse(subject)
cert.issuer = ca.subject
cert.not_before = Time.now
cert.not_after = Time.now + 365 * 24 * 60 * 60
cert.public_key = public_key
charset = (0..9).to_a + ('a'..'f').to_a
cert.serial = (1..20).collect{|a| charset[SecureRandom.random_number(charset.size)] }.join.to_s.to_i(16)
cert.version = 2
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = ca
cert.add_extension ef.create_extension("subjectKeyIdentifier", "hash")
cert.add_extension ef.create_extension("basicConstraints","CA:FALSE", true)
cert.add_extension ef.create_extension("subjectAltName", "DNS:test.example.com", true)
cert.add_extension ef.create_extension("keyUsage", "nonRepudiation, digitalSignature, keyEncipherment", true)
cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
cert.sign ca_key, OpenSSL::Digest::SHA256.new
puts cert.to_text
puts cert.to_pem
store = OpenSSL::X509::Store.new
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
store.add_cert(ca)
r = store.verify(cert)
unless r
puts "Error: #{store.error}"
puts "Error Str: #{store.error_string}"
else
puts "ok!"
end
puts "Cert 2 ========================="
key = OpenSSL::PKey::RSA.new(4096)
public_key = key.public_key
subject = "/C=BE/O=Test/OU=test.example.net/CN=test"
cert2 = OpenSSL::X509::Certificate.new
cert2.subject = OpenSSL::X509::Name.parse(subject)
cert2.issuer = ca.subject
cert2.not_before = Time.now
cert2.not_after = Time.now + 365 * 24 * 60 * 60
cert2.public_key = public_key
charset = (0..9).to_a + ('a'..'f').to_a
cert2.serial = (1..20).collect{|a| charset[SecureRandom.random_number(charset.size)] }.join.to_s.to_i(16)
cert2.version = 2
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert2
ef.issuer_certificate = ca
cert2.add_extension ef.create_extension("subjectKeyIdentifier", "hash")
cert2.add_extension ef.create_extension("basicConstraints","CA:FALSE", true)
cert2.add_extension ef.create_extension("subjectAltName", "DNS:test.example.net", true)
cert2.add_extension ef.create_extension("keyUsage", "nonRepudiation, digitalSignature, keyEncipherment", true)
cert2.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
cert2.sign ca_key, OpenSSL::Digest::SHA256.new
puts cert2.to_text
puts cert2.to_pem
store = OpenSSL::X509::Store.new
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
store.add_cert(ca)
r = store.verify(cert2)
unless r
puts "Error: #{store.error}"
puts "Error Str: #{store.error_string}"
else
puts "ok!"
end
$ rvm use 2.2.0
Using /home/duritong/.rvm/gems/ruby-2.2.0
$ ruby gen_ca2.rb
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bf:52:03:e5:d1:3c:45:3a:7e:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=Test, OU=Test, CN=test
Validity
Not Before: Nov 28 22:26:21 2015 GMT
Not After : Nov 27 22:26:21 2016 GMT
Subject: C=BE, O=Test, OU=Test, CN=test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ba:7d:07:91:c9:97:91:a0:04:21:0c:25:9e:07:
1a:68:c2:4f:f6:1b:ee:2e:aa:ac:d0:b2:3b:cf:0f:
d9:fc:ce:b6:81:91:26:64:da:eb:98:c5:c9:9e:95:
1f:2a:fd:0d:c0:bf:84:4e:f1:64:fd:d4:0a:fd:f9:
fc:a3:ea:78:ee:90:06:09:e9:c7:4b:a4:c3:32:ca:
b0:30:c0:63:e5:b4:43:d6:7a:06:6f:5b:21:f9:cc:
66:98:87:be:4a:55:54:9b:77:5a:d5:ec:93:56:0f:
ef:22:b7:b9:56:ea:75:34:4b:a3:6c:d7:db:f1:ea:
98:1e:a3:58:1b:d4:0a:b3:58:8a:e7:29:83:98:b9:
c5:39:5b:b7:33:25:81:1d:c1:87:bd:53:4b:92:cf:
9b:26:e4:a1:41:74:2e:1c:e7:3c:dd:cf:6e:3a:00:
37:2e:65:ac:8c:68:6c:0b:4a:e4:a9:50:f6:7e:87:
0e:be:f3:8a:9c:76:97:9c:0d:cb:21:d2:43:0e:c7:
07:3f:83:9b:f3:50:b7:b7:25:b5:dc:7c:42:a2:14:
ef:cc:ce:28:40:e3:08:1c:1d:c9:52:ea:4e:f1:ce:
f4:e2:33:cf:38:c0:b5:23:46:b3:33:5c:10:ba:db:
31:e7:7f:a0:b3:0d:2b:0e:a4:90:0e:89:4d:98:4b:
c5:2a:b6:2d:b8:9e:a5:70:5c:09:9b:fd:f2:e9:55:
78:bf:17:77:24:65:30:90:c2:da:37:b5:5b:61:b5:
68:8f:e0:88:fd:65:55:a4:27:33:e0:40:6c:6d:cf:
76:e5:4e:3c:4a:01:89:95:7a:b4:03:28:64:03:f6:
e0:1a:ae:b6:9c:4e:06:cd:6f:ff:36:57:73:40:bf:
6c:28:91:b9:d2:0a:88:4d:82:83:ab:78:e0:64:10:
0f:71:e1:85:33:a1:fd:c4:cb:c3:74:e1:b7:2d:1f:
e2:f8:66:b9:9f:b5:a3:41:16:09:df:75:af:06:3f:
7f:f3:f0:9e:3f:ac:ce:e7:3f:7d:52:4a:77:64:39:
dc:6b:46:09:1b:12:36:22:f8:9a:a5:2e:58:de:fa:
58:b5:e1:89:47:a1:12:5b:f1:a4:4b:32:a2:ec:4f:
37:b2:a1:e1:33:c2:8a:ad:1d:10:6f:9c:de:e9:4f:
ea:8a:f5:93:e0:43:32:08:82:91:a8:3c:9e:6c:61:
aa:08:4e:ac:f2:c3:17:54:f7:b3:82:47:01:50:3e:
c0:2a:82:9a:1d:15:07:9c:50:d6:af:82:9e:da:e9:
08:5d:01:eb:3a:4b:e7:c0:35:a9:00:c0:b0:06:16:
82:11:ce:fb:81:f9:84:cd:14:b8:21:3b:cc:c1:f3:
a3:d8:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:D8:96:A9:70:B0:FA:8A:3A:F0:39:39:73:96:15:0D:E0:11:6C:23
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
X509v3 Name Constraints: critical
Permitted:
DNS:.example.com
X509v3 Authority Key Identifier:
keyid:6A:D8:96:A9:70:B0:FA:8A:3A:F0:39:39:73:96:15:0D:E0:11:6C:23
DirName:/C=BE/O=Test/OU=Test/CN=test
serial:BF:52:03:E5:D1:3C:45:3A:7E:D8
Signature Algorithm: sha256WithRSAEncryption
9b:63:0c:cc:2a:28:5d:3c:fc:27:12:59:08:c6:c4:18:84:15:
14:e2:bb:26:02:15:7a:d5:ae:a9:50:5c:6b:4a:03:ce:27:71:
4a:cb:28:82:96:b4:1b:a6:57:32:65:72:c6:93:8f:32:d7:3b:
a1:dd:ec:6f:3e:c5:d7:20:a5:ac:85:4e:4b:78:8b:20:d0:a9:
8a:91:1c:25:f0:55:a8:ed:7e:2c:04:2d:b5:78:3a:25:ab:2d:
19:14:82:52:68:ce:c8:95:a6:05:d9:77:9b:26:1a:85:bb:ab:
d5:b6:44:b7:a2:62:35:7d:7a:9f:79:dc:ae:1b:1a:4d:bf:46:
4c:9e:d4:6f:34:51:00:d7:90:0a:bf:db:f8:a4:24:df:77:48:
5f:93:11:6b:57:8d:67:df:be:ad:f5:78:c8:cb:ba:f5:02:b5:
fa:42:08:fd:e7:59:ca:00:c4:46:cf:ce:80:f3:cb:92:8c:68:
93:5a:79:a9:73:e0:8a:94:76:bb:e0:60:00:e0:53:27:39:3f:
f1:33:84:75:31:cc:3e:96:48:37:18:7d:2c:ab:ac:60:b3:f9:
95:31:e2:e8:1a:05:a5:0b:d0:35:e7:82:ce:9e:3a:6f:86:d6:
87:8c:24:b5:6e:65:79:e9:89:8f:4a:4f:91:45:24:8e:45:89:
57:9c:42:92:55:04:68:90:62:8b:1e:41:da:b2:89:86:3f:81:
15:a4:33:ec:af:12:04:a4:ac:30:2a:c1:50:3c:74:02:68:d1:
a5:03:e1:72:c1:58:cb:8e:66:35:54:65:59:a3:2a:74:8d:ec:
ea:6a:cf:b2:42:18:5d:88:0b:05:ee:77:bd:a4:34:c4:c2:6c:
1b:0d:12:c7:ce:95:86:2d:85:d6:e6:83:0b:da:da:3b:6d:20:
75:30:bf:7f:f3:85:44:d2:d9:93:42:92:06:50:6b:94:26:7d:
ca:f7:18:72:8c:ac:cf:47:39:64:47:6e:03:06:45:12:30:00:
c2:50:89:22:ff:f5:4d:8d:82:d8:90:1b:88:fa:16:56:32:f6:
59:9f:14:59:34:03:ae:5d:79:46:19:d8:cd:6c:72:b1:af:3e:
62:a7:ff:b1:38:6d:23:1c:cf:cc:0f:18:a2:61:66:c9:2e:b5:
44:e0:d8:87:96:bb:b0:60:55:90:b9:b0:dd:9e:66:fa:27:d9:
74:f4:b4:1b:d5:b1:ed:81:b9:7e:b8:07:c9:bc:be:cf:d4:ab:
97:90:68:e4:19:4c:ca:d0:bd:be:c2:3e:72:a0:7a:5a:d9:f8:
a8:e5:45:39:57:8f:1c:57:3b:2f:31:ff:54:c3:79:bb:84:6a:
4b:0f:5b:23:0f:8e:4f:6c
-----BEGIN CERTIFICATE-----
MIIFyzCCA7OgAwIBAgILAL9SA+XRPEU6ftgwDQYJKoZIhvcNAQELBQAwOjELMAkG
A1UEBhMCQkUxDTALBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3QxDTALBgNVBAMM
BHRlc3QwHhcNMTUxMTI4MjIyNjIxWhcNMTYxMTI3MjIyNjIxWjA6MQswCQYDVQQG
EwJCRTENMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEdGVz
dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALp9B5HJl5GgBCEMJZ4H
GmjCT/Yb7i6qrNCyO88P2fzOtoGRJmTa65jFyZ6VHyr9DcC/hE7xZP3UCv35/KPq
eO6QBgnpx0ukwzLKsDDAY+W0Q9Z6Bm9bIfnMZpiHvkpVVJt3WtXsk1YP7yK3uVbq
dTRLo2zX2/HqmB6jWBvUCrNYiucpg5i5xTlbtzMlgR3Bh71TS5LPmybkoUF0Lhzn
PN3PbjoANy5lrIxobAtK5KlQ9n6HDr7zipx2l5wNyyHSQw7HBz+Dm/NQt7cltdx8
QqIU78zOKEDjCBwdyVLqTvHO9OIzzzjAtSNGszNcELrbMed/oLMNKw6kkA6JTZhL
xSq2LbiepXBcCZv98ulVeL8XdyRlMJDC2je1W2G1aI/giP1lVaQnM+BAbG3PduVO
PEoBiZV6tAMoZAP24BqutpxOBs1v/zZXc0C/bCiRudIKiE2Cg6t44GQQD3HhhTOh
/cTLw3Thty0f4vhmuZ+1o0EWCd91rwY/f/Pwnj+szuc/fVJKd2Q53GtGCRsSNiL4
mqUuWN76WLXhiUehElvxpEsyouxPN7Kh4TPCiq0dEG+c3ulP6or1k+BDMgiCkag8
nmxhqghOrPLDF1T3s4JHAVA+wCqCmh0VB5xQ1q+CntrpCF0B6zpL58A1qQDAsAYW
ghHO+4H5hM0UuCE7zMHzo9hFAgMBAAGjgdEwgc4wHQYDVR0OBBYEFGrYlqlwsPqK
OvA5OXOWFQ3gEWwjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHmMB4G
A1UdHgEB/wQUMBKgEDAOggwuZXhhbXBsZS5jb20wbAYDVR0jBGUwY4AUatiWqXCw
+oo68Dk5c5YVDeARbCOhPqQ8MDoxCzAJBgNVBAYTAkJFMQ0wCwYDVQQKDARUZXN0
MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDAR0ZXN0ggsAv1ID5dE8RTp+2DANBgkq
hkiG9w0BAQsFAAOCAgEAm2MMzCooXTz8JxJZCMbEGIQVFOK7JgIVetWuqVBca0oD
zidxSssogpa0G6ZXMmVyxpOPMtc7od3sbz7F1yClrIVOS3iLINCpipEcJfBVqO1+
LAQttXg6JastGRSCUmjOyJWmBdl3myYahbur1bZEt6JiNX16n3ncrhsaTb9GTJ7U
bzRRANeQCr/b+KQk33dIX5MRa1eNZ9++rfV4yMu69QK1+kII/edZygDERs/OgPPL
koxok1p5qXPgipR2u+BgAOBTJzk/8TOEdTHMPpZINxh9LKusYLP5lTHi6BoFpQvQ
NeeCzp46b4bWh4wktW5leemJj0pPkUUkjkWJV5xCklUEaJBiix5B2rKJhj+BFaQz
7K8SBKSsMCrBUDx0AmjRpQPhcsFYy45mNVRlWaMqdI3s6mrPskIYXYgLBe53vaQ0
xMJsGw0Sx86Vhi2F1uaDC9raO20gdTC/f/OFRNLZk0KSBlBrlCZ9yvcYcoysz0c5
ZEduAwZFEjAAwlCJIv/1TY2C2JAbiPoWVjL2WZ8UWTQDrl15RhnYzWxysa8+Yqf/
sThtIxzPzA8YomFmyS61RODYh5a7sGBVkLmw3Z5m+ifZdPS0G9Wx7YG5frgHyby+
z9Srl5Bo5BlMytC9vsI+cqB6Wtn4qOVFOVePHFc7LzH/VMN5u4RqSw9bIw+OT2w=
-----END CERTIFICATE-----
Cert =========================
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:f9:f0:08:b3:3e:99:d9:b3:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=Test, OU=Test, CN=test
Validity
Not Before: Nov 28 22:26:21 2015 GMT
Not After : Nov 27 22:26:21 2016 GMT
Subject: C=BE, O=Test, OU=test.example.com, CN=test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b4:cc:bf:6a:aa:a4:bb:a6:f9:40:04:9a:18:3c:
b1:48:b5:72:a9:bd:39:8b:75:3f:39:f6:13:f6:f6:
cc:9e:6a:9b:d5:e2:f7:d3:84:98:bb:99:ab:2c:53:
da:1d:13:b3:56:72:ef:22:39:4f:08:cc:4e:a9:cf:
88:10:d4:56:af:64:46:3e:81:bf:81:73:93:68:36:
34:da:ce:a1:d3:2a:23:8d:ed:53:1b:c5:c4:85:38:
75:02:61:33:68:08:ea:0a:ed:10:89:29:f2:3a:23:
4e:20:16:8e:35:a7:64:e7:67:96:e3:14:c9:3c:52:
8d:4b:14:c7:14:bf:93:91:9d:b3:8d:13:95:12:4e:
17:47:2e:25:1f:20:3b:c9:dd:88:e7:d4:14:c4:74:
90:58:25:1e:38:ab:94:03:a0:35:55:4c:b6:b0:cf:
5a:ab:2c:aa:dc:69:97:02:0a:68:9b:56:5b:02:76:
1a:a3:54:4e:b3:0c:ff:d2:cb:cb:41:72:be:b0:5b:
28:18:e3:4e:37:b1:97:07:73:79:b4:8d:fd:19:22:
28:ec:2c:3b:aa:7f:58:c7:0e:33:87:e4:f3:4a:db:
d5:77:45:66:4d:1c:d8:f4:7e:c6:a4:38:d5:f4:0d:
4a:df:15:cd:c1:b0:fc:ca:9f:db:bc:6f:59:f6:b4:
6f:c0:13:ba:e2:cb:12:95:4f:8a:12:2f:52:8f:52:
9e:39:92:94:62:dd:36:5d:f0:2a:4f:f2:9b:ca:1d:
50:fc:eb:1e:21:28:f8:51:02:3b:a4:8a:15:08:d7:
df:77:e8:c4:e0:6b:03:ac:a6:d0:3a:e9:f8:7d:b2:
ec:53:ff:7a:dd:78:1d:0b:53:9a:25:e2:80:b5:ae:
60:4e:bd:cb:23:09:ad:0e:d2:55:6a:1f:b3:7c:fe:
84:93:fa:dd:5b:d5:6a:9f:c8:db:61:e2:62:96:91:
dc:62:68:0e:ed:b0:9f:de:3d:d8:0c:4d:2d:37:0f:
1e:f6:fc:72:b0:47:6b:82:59:6a:30:31:b8:10:56:
ad:66:7a:87:cd:f2:ac:20:fe:5b:58:bb:41:6a:64:
db:18:57:e8:2c:d6:9f:93:23:b6:4b:71:9b:10:9d:
b5:3c:2d:a6:ac:26:52:14:23:63:83:c5:4f:02:96:
69:aa:28:c0:94:77:d8:05:a2:78:bc:01:e2:88:66:
a0:60:b4:a2:96:76:4e:00:36:b9:16:3d:92:3f:60:
15:58:19:42:30:0a:21:f3:f5:1d:30:61:f3:01:d1:
df:64:0a:ed:4e:a4:31:81:ce:04:b6:23:39:63:59:
8b:e5:32:88:c2:e1:3a:d8:b2:ea:97:49:1f:8a:9a:
9b:5f:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:B7:F1:48:59:45:AE:25:6D:63:3A:6D:9B:92:79:72:79:13:D1:9F
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name: critical
DNS:test.example.com
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Authority Key Identifier:
keyid:6A:D8:96:A9:70:B0:FA:8A:3A:F0:39:39:73:96:15:0D:E0:11:6C:23
DirName:/C=BE/O=Test/OU=Test/CN=test
serial:BF:52:03:E5:D1:3C:45:3A:7E:D8
Signature Algorithm: sha256WithRSAEncryption
67:60:6a:63:18:88:c4:6e:68:d3:b7:ec:25:a9:fb:1d:28:57:
94:59:0b:3f:08:cd:05:8e:9b:48:c4:63:6f:74:a2:d5:eb:f6:
38:77:88:ed:5b:f3:9c:f1:e7:79:70:1d:67:04:cd:d0:8c:01:
e7:6e:c2:53:1e:a9:ec:24:48:1e:97:79:a2:9f:3d:a3:a4:c4:
47:07:ca:08:c2:55:cb:9c:70:ba:ea:6f:f5:82:8a:73:92:eb:
ae:90:74:e9:c6:5f:46:14:fe:a4:b9:4a:ee:d7:6e:26:74:79:
9e:c7:4a:55:a7:cf:54:de:c2:93:f6:fb:94:4a:54:58:9a:35:
d7:b2:12:e8:57:a4:e2:10:ce:0c:1b:9a:ae:cb:04:64:86:e5:
8d:76:93:fe:c8:a3:9c:03:9e:58:eb:b3:d0:a1:0c:56:f4:28:
54:41:26:14:0a:c8:26:84:d7:bc:2d:e2:4e:cf:67:cd:32:5c:
6d:ef:66:c4:4f:84:6a:09:40:bc:c7:f7:c3:67:c6:ef:e0:a0:
b7:ca:8c:c7:a6:c9:75:bd:6b:a9:ea:23:ec:9f:86:9e:10:56:
57:9d:cb:c6:8c:93:50:54:39:e1:9e:25:69:0b:2b:26:36:ad:
bf:96:5d:36:90:7e:05:17:c3:de:ef:18:95:75:74:e2:ed:d3:
1d:41:33:be:9b:62:e8:16:88:08:7c:2d:58:79:56:e0:63:ca:
b2:5a:89:ec:fd:e9:10:7c:c8:12:a7:c0:6b:17:84:1d:eb:41:
1a:23:cf:0e:39:44:1a:ef:1e:3d:14:6d:ed:e9:a9:47:46:78:
9b:c5:02:3e:ef:c1:10:38:63:bf:ef:b6:df:37:1a:43:60:5e:
c9:9a:5a:7c:fc:58:30:e8:ca:11:89:bb:fb:1c:6f:24:ed:a1:
6c:bc:d7:5f:11:39:94:09:31:e5:17:21:55:6d:85:8f:0e:86:
a9:36:d9:d7:d9:70:d2:88:98:19:b1:2b:5b:ed:45:24:c6:43:
bc:4f:54:7c:e4:18:55:8e:54:48:75:b7:e0:0d:f2:3e:54:82:
2e:57:ba:52:1a:c6:7c:15:56:32:48:bf:12:56:85:21:1e:23:
81:2e:80:32:04:c2:56:09:01:70:17:fb:c1:e8:bb:ab:7e:4e:
b6:1f:8d:d5:10:2e:16:ae:15:9a:da:72:53:95:5b:2c:87:99:
62:07:42:82:05:14:c8:05:f7:52:63:eb:86:b0:7c:35:2f:8a:
8d:ed:ec:ac:40:07:a4:2d:b7:37:7f:2a:74:6f:71:81:ae:9c:
c1:be:9f:fa:88:e9:fe:d7:4d:9b:dd:6c:03:0b:fd:f8:9b:a1:
8c:c0:35:55:77:e5:5b:db
-----BEGIN CERTIFICATE-----
MIIF0zCCA7ugAwIBAgIKB/nwCLM+mdmzMTANBgkqhkiG9w0BAQsFADA6MQswCQYD
VQQGEwJCRTENMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwE
dGVzdDAeFw0xNTExMjgyMjI2MjFaFw0xNjExMjcyMjI2MjFaMEYxCzAJBgNVBAYT
AkJFMQ0wCwYDVQQKDARUZXN0MRkwFwYDVQQLDBB0ZXN0LmV4YW1wbGUuY29tMQ0w
CwYDVQQDDAR0ZXN0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtMy/
aqqku6b5QASaGDyxSLVyqb05i3U/OfYT9vbMnmqb1eL304SYu5mrLFPaHROzVnLv
IjlPCMxOqc+IENRWr2RGPoG/gXOTaDY02s6h0yojje1TG8XEhTh1AmEzaAjqCu0Q
iSnyOiNOIBaONadk52eW4xTJPFKNSxTHFL+TkZ2zjROVEk4XRy4lHyA7yd2I59QU
xHSQWCUeOKuUA6A1VUy2sM9aqyyq3GmXAgpom1ZbAnYao1ROswz/0svLQXK+sFso
GONON7GXB3N5tI39GSIo7Cw7qn9Yxw4zh+TzStvVd0VmTRzY9H7GpDjV9A1K3xXN
wbD8yp/bvG9Z9rRvwBO64ssSlU+KEi9Sj1KeOZKUYt02XfAqT/Kbyh1Q/OseISj4
UQI7pIoVCNffd+jE4GsDrKbQOun4fbLsU/963XgdC1OaJeKAta5gTr3LIwmtDtJV
ah+zfP6Ek/rdW9Vqn8jbYeJilpHcYmgO7bCf3j3YDE0tNw8e9vxysEdrgllqMDG4
EFatZnqHzfKsIP5bWLtBamTbGFfoLNafkyO2S3GbEJ21PC2mrCZSFCNjg8VPApZp
qijAlHfYBaJ4vAHiiGagYLSilnZOADa5Fj2SP2AVWBlCMAoh8/UdMGHzAdHfZArt
TqQxgc4EtiM5Y1mL5TKIwuE62LLql0kfipqbXwcCAwEAAaOBzjCByzAdBgNVHQ4E
FgQU1LfxSFlFriVtYzptm5J5cnkT0Z8wDAYDVR0TAQH/BAIwADAeBgNVHREBAf8E
FDASghB0ZXN0LmV4YW1wbGUuY29tMA4GA1UdDwEB/wQEAwIF4DBsBgNVHSMEZTBj
gBRq2JapcLD6ijrwOTlzlhUN4BFsI6E+pDwwOjELMAkGA1UEBhMCQkUxDTALBgNV
BAoMBFRlc3QxDTALBgNVBAsMBFRlc3QxDTALBgNVBAMMBHRlc3SCCwC/UgPl0TxF
On7YMA0GCSqGSIb3DQEBCwUAA4ICAQBnYGpjGIjEbmjTt+wlqfsdKFeUWQs/CM0F
jptIxGNvdKLV6/Y4d4jtW/Oc8ed5cB1nBM3QjAHnbsJTHqnsJEgel3minz2jpMRH
B8oIwlXLnHC66m/1gopzkuuukHTpxl9GFP6kuUru124mdHmex0pVp89U3sKT9vuU
SlRYmjXXshLoV6TiEM4MG5quywRkhuWNdpP+yKOcA55Y67PQoQxW9ChUQSYUCsgm
hNe8LeJOz2fNMlxt72bET4RqCUC8x/fDZ8bv4KC3yozHpsl1vWup6iPsn4aeEFZX
ncvGjJNQVDnhniVpCysmNq2/ll02kH4FF8Pe7xiVdXTi7dMdQTO+m2LoFogIfC1Y
eVbgY8qyWons/ekQfMgSp8BrF4Qd60EaI88OOUQa7x49FG3t6alHRnibxQI+78EQ
OGO/77bfNxpDYF7Jmlp8/Fgw6MoRibv7HG8k7aFsvNdfETmUCTHlFyFVbYWPDoap
NtnX2XDSiJgZsStb7UUkxkO8T1R85BhVjlRIdbfgDfI+VIIuV7pSGsZ8FVYySL8S
VoUhHiOBLoAyBMJWCQFwF/vB6Lurfk62H43VEC4WrhWa2nJTlVssh5liB0KCBRTI
BfdSY+uGsHw1L4qN7eysQAekLbc3fyp0b3GBrpzBvp/6iOn+102b3WwDC/34m6GM
wDVVd+Vb2w==
-----END CERTIFICATE-----
ok!
Cert 2 =========================
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
83:ba:6b:91:5c:44:89:b4:92:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=Test, OU=Test, CN=test
Validity
Not Before: Nov 28 22:26:21 2015 GMT
Not After : Nov 27 22:26:21 2016 GMT
Subject: C=BE, O=Test, OU=test.example.net, CN=test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c2:bc:74:90:03:dd:3d:18:2b:e6:63:dc:61:14:
df:04:16:1f:6d:1c:10:aa:58:b6:17:b2:6f:d9:16:
55:dc:9e:71:5e:4d:42:d2:f3:2d:b2:c6:c0:9f:9c:
b6:b1:20:a3:cf:5e:86:0e:0f:a5:c7:e1:10:18:de:
d3:38:e1:fd:26:19:31:9c:88:92:56:09:26:c6:a7:
94:05:9e:fc:f9:ab:cb:84:58:53:2d:f2:d1:f4:89:
9a:d6:be:2a:33:b9:bb:f1:76:51:55:06:e6:d8:b4:
27:d4:b4:3a:58:32:c7:48:7d:ab:15:9b:6d:3d:45:
14:a0:73:4d:f6:32:03:92:38:a5:86:f8:88:5b:0e:
53:43:cb:18:9b:02:db:d4:29:dc:2a:e5:0c:62:6c:
84:d3:38:14:38:2a:c8:30:31:86:5a:36:19:40:11:
7f:d9:5f:f5:10:91:1a:27:d4:67:5f:fb:ae:ca:05:
ea:fc:23:95:4a:29:7c:bc:05:d9:1d:9f:f3:65:e5:
7a:7d:14:2f:c3:94:16:47:23:8a:85:3c:a6:34:c6:
4e:da:9d:dd:4e:c7:9e:1c:59:a9:15:bb:6a:dc:3c:
c9:24:99:29:c3:3b:53:ab:29:bc:88:d1:9b:a7:28:
89:de:b1:57:82:c3:63:54:1e:2f:ea:9b:d7:f8:11:
be:0a:15:b8:e8:68:7c:e6:2a:d3:3a:7a:ef:26:07:
e3:ff:99:18:74:c2:35:1d:b1:ce:10:50:ab:e8:74:
cc:4d:b7:c5:93:62:54:d5:1b:6e:bb:c8:af:a0:68:
d5:4c:b0:e4:b6:bb:9a:dd:a2:5f:72:74:13:d1:43:
c7:87:31:ed:5a:c6:d6:a3:f9:84:1f:e6:53:85:e4:
16:a9:c1:39:af:d6:0b:f7:de:90:c2:af:cc:39:2c:
ee:34:41:8d:07:96:4e:95:21:c2:07:95:41:07:63:
56:33:6a:97:c3:0b:35:4c:46:e8:51:47:56:e9:08:
71:ab:ed:ef:ec:75:f1:4a:d1:f8:f4:6c:1c:20:a0:
65:10:21:0b:2f:fa:3a:05:2f:3c:d2:82:d9:f7:4f:
b4:ec:a0:3e:89:f6:0d:e9:d3:22:65:62:32:9c:3c:
e0:93:ef:44:30:fc:86:c3:43:a8:64:8d:b2:70:16:
01:4a:62:e6:ea:4f:8e:e1:bb:92:53:c4:e2:b6:1e:
1b:02:ef:56:4c:6d:44:2d:f4:e8:eb:ab:bd:ca:53:
69:b4:85:b1:ac:e2:08:49:f8:cc:2c:c5:eb:e5:0c:
6f:91:4d:e6:65:2d:30:df:72:cf:43:8f:8c:4b:dc:
f5:22:9e:df:2a:d4:fa:e5:ba:19:e4:a7:16:0c:40:
2f:fb:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:6C:6C:8F:93:82:DE:60:24:D2:91:C9:5C:D5:11:A3:3D:B2:69:98
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name: critical
DNS:test.example.net
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Authority Key Identifier:
keyid:6A:D8:96:A9:70:B0:FA:8A:3A:F0:39:39:73:96:15:0D:E0:11:6C:23
DirName:/C=BE/O=Test/OU=Test/CN=test
serial:BF:52:03:E5:D1:3C:45:3A:7E:D8
Signature Algorithm: sha256WithRSAEncryption
10:fa:1f:57:62:33:35:f5:99:c6:f0:a3:20:9e:76:9d:6a:8d:
37:8f:ee:c0:e2:fe:4a:d9:24:02:7d:3c:8b:94:ca:ec:9e:6c:
3a:95:e4:4f:2a:e6:fb:d8:dd:3c:56:8a:ba:15:46:15:09:56:
76:8a:f0:d1:e0:d4:a1:d2:3b:08:89:1d:a2:1b:52:18:dd:f0:
c4:c2:2e:7e:91:98:f1:e7:93:5d:4e:96:f3:52:43:c3:ca:35:
a2:ec:12:8b:06:61:62:e2:f2:04:cc:9b:c9:0a:34:d2:7a:0d:
d9:1c:b3:72:28:3f:dd:f7:99:e1:95:d3:f2:21:17:9c:39:70:
77:29:a5:1d:4f:a4:5d:2a:e5:b0:31:99:62:8a:b3:92:1e:63:
3e:a6:48:61:85:60:05:00:aa:f2:f4:55:d0:89:18:5b:69:08:
c6:43:64:e9:45:c4:fd:76:2c:3d:e2:e9:f3:47:07:38:82:85:
8f:a9:a6:8f:7b:85:37:77:e0:f9:3c:8b:c1:80:ed:82:7d:e2:
6c:77:0f:65:d7:2d:6d:31:e7:e8:8b:df:d2:3d:0e:3b:62:9a:
60:f9:c3:c1:dc:4a:fc:6c:eb:6f:05:7b:4e:98:1d:58:e0:76:
f5:7a:43:30:9a:98:42:0a:e4:e8:5e:68:e7:c2:92:55:50:cd:
64:64:21:d3:9f:30:75:d8:58:0b:eb:80:4a:3e:cc:d8:c6:47:
b8:3f:1f:1c:56:80:a2:cf:79:bb:e8:40:f4:23:dd:c5:b6:70:
0f:25:8e:ed:40:e8:44:26:c8:19:46:f8:14:01:d4:1f:bd:99:
c1:bf:c0:19:0f:9d:71:79:f6:f3:ab:55:6a:e8:23:f1:89:ca:
69:9b:6e:83:f3:bd:a3:5b:88:94:92:da:44:41:6b:17:0e:d2:
3f:42:4f:22:4a:cd:f0:31:f8:31:5f:86:9a:33:9c:40:0c:9e:
f0:88:17:84:c7:f0:03:24:db:52:fa:09:82:5a:75:4d:c0:b2:
10:c7:44:e0:1b:14:53:1e:1c:fd:3f:cd:55:b0:d0:4c:82:f4:
5d:fd:dd:14:ba:c5:29:07:a5:5f:74:cb:9b:de:d5:6b:b9:9d:
60:7e:09:a5:31:1b:bb:33:c2:db:6e:e3:da:fb:3e:3d:ea:e7:
2d:5d:92:d7:cd:da:f8:b3:da:d3:9b:00:ae:be:36:9b:7f:f9:
c8:e7:4f:41:18:12:87:62:dc:42:aa:af:b9:fb:b0:1e:ff:07:
dc:af:87:dc:d0:64:d7:d2:4e:c3:7d:ee:ed:d1:ef:00:3a:1d:
9b:c0:ae:66:35:b2:24:e3:96:ad:11:0b:a4:35:bc:cf:04:64:
a6:e9:d9:82:ce:57:0b:75
-----BEGIN CERTIFICATE-----
MIIF1DCCA7ygAwIBAgILAIO6a5FcRIm0knAwDQYJKoZIhvcNAQELBQAwOjELMAkG
A1UEBhMCQkUxDTALBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3QxDTALBgNVBAMM
BHRlc3QwHhcNMTUxMTI4MjIyNjIxWhcNMTYxMTI3MjIyNjIxWjBGMQswCQYDVQQG
EwJCRTENMAsGA1UECgwEVGVzdDEZMBcGA1UECwwQdGVzdC5leGFtcGxlLm5ldDEN
MAsGA1UEAwwEdGVzdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK8
dJAD3T0YK+Zj3GEU3wQWH20cEKpYtheyb9kWVdyecV5NQtLzLbLGwJ+ctrEgo89e
hg4PpcfhEBje0zjh/SYZMZyIklYJJsanlAWe/Pmry4RYUy3y0fSJmta+KjO5u/F2
UVUG5ti0J9S0Olgyx0h9qxWbbT1FFKBzTfYyA5I4pYb4iFsOU0PLGJsC29Qp3Crl
DGJshNM4FDgqyDAxhlo2GUARf9lf9RCRGifUZ1/7rsoF6vwjlUopfLwF2R2f82Xl
en0UL8OUFkcjioU8pjTGTtqd3U7HnhxZqRW7atw8ySSZKcM7U6spvIjRm6coid6x
V4LDY1QeL+qb1/gRvgoVuOhofOYq0zp67yYH4/+ZGHTCNR2xzhBQq+h0zE23xZNi
VNUbbrvIr6Bo1Uyw5La7mt2iX3J0E9FDx4cx7VrG1qP5hB/mU4XkFqnBOa/WC/fe
kMKvzDks7jRBjQeWTpUhwgeVQQdjVjNql8MLNUxG6FFHVukIcavt7+x18UrR+PRs
HCCgZRAhCy/6OgUvPNKC2fdPtOygPon2DenTImViMpw84JPvRDD8hsNDqGSNsnAW
AUpi5upPjuG7klPE4rYeGwLvVkxtRC306OurvcpTabSFsaziCEn4zCzF6+UMb5FN
5mUtMN9yz0OPjEvc9SKe3yrU+uW6GeSnFgxAL/tnAgMBAAGjgc4wgcswHQYDVR0O
BBYEFKNsbI+Tgt5gJNKRyVzVEaM9smmYMAwGA1UdEwEB/wQCMAAwHgYDVR0RAQH/
BBQwEoIQdGVzdC5leGFtcGxlLm5ldDAOBgNVHQ8BAf8EBAMCBeAwbAYDVR0jBGUw
Y4AUatiWqXCw+oo68Dk5c5YVDeARbCOhPqQ8MDoxCzAJBgNVBAYTAkJFMQ0wCwYD
VQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDAR0ZXN0ggsAv1ID5dE8
RTp+2DANBgkqhkiG9w0BAQsFAAOCAgEAEPofV2IzNfWZxvCjIJ52nWqNN4/uwOL+
StkkAn08i5TK7J5sOpXkTyrm+9jdPFaKuhVGFQlWdorw0eDUodI7CIkdohtSGN3w
xMIufpGY8eeTXU6W81JDw8o1ouwSiwZhYuLyBMybyQo00noN2Ryzcig/3feZ4ZXT
8iEXnDlwdymlHU+kXSrlsDGZYoqzkh5jPqZIYYVgBQCq8vRV0IkYW2kIxkNk6UXE
/XYsPeLp80cHOIKFj6mmj3uFN3fg+TyLwYDtgn3ibHcPZdctbTHn6Ivf0j0OO2Ka
YPnDwdxK/GzrbwV7TpgdWOB29XpDMJqYQgrk6F5o58KSVVDNZGQh058wddhYC+uA
Sj7M2MZHuD8fHFaAos95u+hA9CPdxbZwDyWO7UDoRCbIGUb4FAHUH72Zwb/AGQ+d
cXn286tVaugj8YnKaZtug/O9o1uIlJLaREFrFw7SP0JPIkrN8DH4MV+GmjOcQAye
8IgXhMfwAyTbUvoJglp1TcCyEMdE4BsUUx4c/T/NVbDQTIL0Xf3dFLrFKQelX3TL
m97Va7mdYH4JpTEbuzPC227j2vs+PernLV2S183a+LPa05sArr42m3/5yOdPQRgS
h2LcQqqvufuwHv8H3K+H3NBk19JOw33u7dHvADodm8CuZjWyJOOWrRELpDW8zwRk
punZgs5XC3U=
-----END CERTIFICATE-----
Error: 47
Error Str: permitted subtree violation
$ rvm use jruby
Using /home/duritong/.rvm/gems/jruby-1.7.19
$ ruby gen_ca2.rb
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
eb:58:02:8d:c5:27:a2:43:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=BE/O=Test/OU=Test/CN=test
Validity
Not Before: Nov 28 22:26:51 2015 GMT
Not After : Nov 27 22:26:51 2016 GMT
Subject: /C=BE/O=Test/OU=Test/CN=test
Subject Public Key Info:
Public Key Algorithm: RSA
Public-Key: (4096 bit)
Modulus:
00:9f:c6:9e:e2:43:92:42:d4:49:01:de:5a:b5:60:
da:b5:24:d7:71:c7:ee:9e:0e:c9:a6:73:07:5e:9a:
85:74:07:3b:6d:e3:0b:be:fc:3e:7c:ff:74:47:31:
a1:3b:e3:82:01:40:65:e0:f6:1a:dc:78:e9:29:b0:
27:0f:52:20:3c:68:91:b3:5b:8d:b1:cd:b6:98:30:
af:6f:23:42:b4:37:2c:e4:04:bf:41:5c:a9:95:11:
e0:38:39:a7:7e:58:83:53:0c:e6:a3:fa:b4:49:df:
c5:19:62:61:88:90:83:91:ae:87:5a:24:91:cd:95:
ac:77:53:be:14:50:38:92:66:1b:89:a9:fe:de:47:
31:c3:d4:9f:9e:a5:81:b4:dd:e8:5f:ba:c8:00:3b:
a4:6b:21:35:83:9c:9e:9d:55:23:70:3b:80:85:7f:
b4:2a:47:81:48:ee:c3:61:15:f8:0e:4f:cb:ef:54:
38:b9:17:86:6a:0d:3f:b2:c7:79:7c:31:6a:40:31:
41:78:fa:81:74:27:64:72:55:aa:14:79:c9:03:0c:
03:25:51:e7:9a:f5:06:24:49:47:56:fc:9c:ba:9e:
11:c1:b0:3a:a7:ad:55:e1:3a:01:ea:4d:6c:93:fa:
6c:d8:1e:ae:20:6c:23:da:35:29:d2:4d:49:f2:25:
de:df:2d:0a:bb:23:90:cc:59:b1:9c:67:a9:50:4b:
6f:c3:d9:d6:fe:70:c7:fb:d6:1f:ae:52:5f:9d:95:
7e:bd:e5:0a:4c:ce:73:95:c4:54:68:a6:16:84:fd:
4e:63:da:d2:93:db:8e:07:66:7d:21:b6:a1:29:ee:
82:98:8c:38:6b:71:8d:76:75:7a:d0:29:bb:36:8c:
47:e2:e4:f0:34:86:ac:ef:d8:82:48:50:a2:ea:fd:
ed:24:dc:b1:80:ba:d2:18:d9:fd:99:a2:6c:bb:96:
88:80:99:25:05:08:24:ce:c3:70:41:b0:7b:7c:38:
61:ee:d2:cd:d8:81:ed:91:9d:cf:7b:a9:3c:3c:21:
a7:1f:be:e7:01:93:f6:bc:cb:08:dc:b4:9e:d4:04:
c9:e2:fd:0a:e6:28:48:f2:6a:58:58:86:42:08:f9:
48:d1:d1:86:69:1f:f7:2e:4e:92:ac:4f:1a:35:41:
6d:9c:f7:69:9b:8b:58:2c:a0:e5:f2:aa:4f:31:62:
fe:36:ca:74:f4:f9:2b:ea:6b:b1:c1:6d:7f:b0:16:
45:f0:b0:20:cc:47:9e:66:d5:f7:8c:32:66:59:ce:
61:2e:98:31:4f:4d:2c:5a:95:8c:63:63:d4:1e:ad:
d4:74:2e:d0:fc:29:b9:5b:45:0b:93:8c:19:24:a1:
0f:87:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:12:0B:29:32:28:94:12:88:48:E6:B9:C1:49:5A:CD:C0:A9:1A:2C
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
nameConstraints: critical
permitted;DNS:.example.com
X509v3 Authority Key Identifier:
keyid:B3:12:0B:29:32:28:94:12:88:48:E6:B9:C1:49:5A:CD:C0:A9:1A:2C
Signature Algorithm: sha256WithRSAEncryption
15:72:c6:d5:d1:16:7f:bd:05:d4:17:1a:08:2a:43:d3:5a:b2:
7f:b5:4b:12:67:75:1c:d5:b5:c9:53:ec:fb:a1:dd:c2:58:9a:
e7:b7:03:da:ab:5d:23:64:af:a8:13:b4:16:50:57:83:17:38:
c4:87:85:9f:5d:f4:3c:f9:c4:2d:bd:4b:fc:98:1e:e3:bb:f1:
34:f6:2c:28:56:46:b2:80:8b:ab:6a:d4:b5:13:f2:21:c2:88:
0e:04:5a:c1:17:d7:26:b7:4c:dc:46:e5:91:21:b2:26:d2:f3:
45:02:a2:00:ee:ec:12:1e:24:9a:8f:c5:ab:38:5b:a1:a3:40:
f1:5f:b0:ea:5a:d6:1e:64:42:96:df:10:51:f9:8d:0a:40:8a:
6d:ad:70:7d:0e:79:cf:aa:0f:8c:22:76:39:41:31:02:99:16:
d8:33:b8:41:45:c3:83:78:a6:88:eb:55:c1:57:32:85:25:a2:
1a:0f:b9:82:30:e8:ae:7a:04:d4:80:34:07:f9:c7:d0:bc:61:
61:06:79:67:aa:30:05:24:84:8e:4c:f5:48:c0:d7:02:be:7c:
b6:2c:80:d0:56:37:60:e4:ea:c1:ec:c3:e4:bd:ba:ba:4a:f2:
04:1d:2e:53:8c:cc:81:51:eb:58:68:c4:80:b1:7e:a8:78:b9:
de:ce:20:48:45:b5:1c:17:a0:c8:4e:69:24:7a:89:65:72:46:
56:16:03:e3:88:8e:a8:c0:15:8a:5b:42:fc:d4:75:98:d0:16:
57:6e:85:f1:62:54:37:e2:8a:0c:68:e3:25:c9:3d:8e:e6:54:
84:e3:55:73:35:d9:a0:9d:d6:86:c7:1f:4b:c7:ae:59:5b:ea:
76:ad:da:2a:5e:8e:46:c5:50:6f:fa:00:a6:12:0e:6f:cb:48:
ee:b0:08:ca:70:ee:c8:1d:d2:8d:98:44:fc:c8:d8:c5:29:cb:
60:b4:8e:b6:28:f4:4b:81:6a:a3:e1:df:cf:ae:fd:a9:a3:08:
45:c3:96:50:31:fd:1e:ac:74:42:2e:bf:d0:10:c3:98:04:b3:
8a:e9:88:02:69:a5:6e:57:32:ce:a3:54:b9:e6:76:65:fa:b9:
91:7d:14:c9:e3:14:af:a5:7e:d3:59:05:33:fa:65:c4:b9:cd:
43:40:e9:df:6a:d5:e6:10:e7:94:55:a9:48:66:4d:9a:ae:cf:
58:fb:01:30:b1:38:d0:17:e5:5b:67:73:5e:0f:73:8b:b1:1c:
d0:d4:76:05:28:14:bf:26:f7:35:37:e5:86:bb:c7:d1:9f:c2:
7c:b7:8c:28:7b:9f:05:c1:7e:5f:ee:7c:3b:be:7b:a4:77:af:
eb:69:d2:03:ff:ab:a6:93
-----BEGIN CERTIFICATE-----
MIIFhTCCA22gAwIBAgIKMetYAo3FJ6JDHjANBgkqhkiG9w0BAQsFADA6MQswCQYD
VQQGEwJCRTENMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwE
dGVzdDAeFw0xNTExMjgyMjI2NTFaFw0xNjExMjcyMjI2NTFaMDoxCzAJBgNVBAYT
AkJFMQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDAR0ZXN0
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAn8ae4kOSQtRJAd5atWDa
tSTXccfung7JpnMHXpqFdAc7beMLvvw+fP90RzGhO+OCAUBl4PYa3HjpKbAnD1Ig
PGiRs1uNsc22mDCvbyNCtDcs5AS/QVyplRHgODmnfliDUwzmo/q0Sd/FGWJhiJCD
ka6HWiSRzZWsd1O+FFA4kmYbian+3kcxw9SfnqWBtN3oX7rIADukayE1g5yenVUj
cDuAhX+0KkeBSO7DYRX4Dk/L71Q4uReGag0/ssd5fDFqQDFBePqBdCdkclWqFHnJ
AwwDJVHnmvUGJElHVvycup4RwbA6p61V4ToB6k1sk/ps2B6uIGwj2jUp0k1J8iXe
3y0KuyOQzFmxnGepUEtvw9nW/nDH+9YfrlJfnZV+veUKTM5zlcRUaKYWhP1OY9rS
k9uOB2Z9IbahKe6CmIw4a3GNdnV60Cm7NoxH4uTwNIas79iCSFCi6v3tJNyxgLrS
GNn9maJsu5aIgJklBQgkzsNwQbB7fDhh7tLN2IHtkZ3Pe6k8PCGnH77nAZP2vMsI
3LSe1ATJ4v0K5ihI8mpYWIZCCPlI0dGGaR/3Lk6SrE8aNUFtnPdpm4tYLKDl8qpP
MWL+Nsp09Pkr6muxwW1/sBZF8LAgzEeeZtX3jDJmWc5hLpgxT00sWpWMY2PUHq3U
dC7Q/Cm5W0ULk4wZJKEPhz8CAwEAAaOBjDCBiTAdBgNVHQ4EFgQUsxILKTIolBKI
SOa5wUlazcCpGiwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAeYwJgYD
VR0eAQH/BBwEGnBlcm1pdHRlZDtETlM6LmV4YW1wbGUuY29tMB8GA1UdIwQYMBYE
FLMSCykyKJQSiEjmucFJWs3AqRosMA0GCSqGSIb3DQEBCwUAA4ICAQAVcsbV0RZ/
vQXUFxoIKkPTWrJ/tUsSZ3Uc1bXJU+z7od3CWJrntwPaq10jZK+oE7QWUFeDFzjE
h4WfXfQ8+cQtvUv8mB7ju/E09iwoVkaygIuratS1E/IhwogOBFrBF9cmt0zcRuWR
IbIm0vNFAqIA7uwSHiSaj8WrOFuho0DxX7DqWtYeZEKW3xBR+Y0KQIptrXB9DnnP
qg+MInY5QTECmRbYM7hBRcODeKaI61XBVzKFJaIaD7mCMOiuegTUgDQH+cfQvGFh
BnlnqjAFJISOTPVIwNcCvny2LIDQVjdg5OrB7MPkvbq6SvIEHS5TjMyBUetYaMSA
sX6oeLneziBIRbUcF6DITmkkeollckZWFgPjiI6owBWKW0L81HWY0BZXboXxYlQ3
4ooMaOMlyT2O5lSE41VzNdmgndaGxx9Lx65ZW+p2rdoqXo5GxVBv+gCmEg5vy0ju
sAjKcO7IHdKNmET8yNjFKctgtI62KPRLgWqj4d/Prv2powhFw5ZQMf0erHRCLr/Q
EMOYBLOK6YgCaaVuVzLOo1S55nZl+rmRfRTJ4xSvpX7TWQUz+mXEuc1DQOnfatXm
EOeUValIZk2ars9Y+wEwsTjQF+VbZ3NeD3OLsRzQ1HYFKBS/Jvc1N+WGu8fRn8J8
t4woe58FwX5f7nw7vnukd6/radID/6umkw==
-----END CERTIFICATE-----
Cert =========================
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ce:7a:f5:ef:b2:d2:da:dd:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=BE/O=Test/OU=Test/CN=test
Validity
Not Before: Nov 28 22:26:53 2015 GMT
Not After : Nov 27 22:26:53 2016 GMT
Subject: /C=BE/O=Test/OU=test.example.com/CN=test
Subject Public Key Info:
Public Key Algorithm: RSA
Public-Key: (4096 bit)
Modulus:
00:a6:f4:62:42:e4:4f:70:d7:d1:fc:6f:12:56:49:
1a:95:34:ce:2a:5d:d4:2e:d0:cc:6d:2c:b6:53:ec:
47:d9:dd:aa:4a:81:5d:cc:3a:55:7d:cc:65:2b:d9:
84:6e:c9:df:5a:d8:dc:05:e4:f2:06:c2:65:b8:5b:
e2:65:b7:b2:ab:3c:6b:f8:d6:7a:f0:de:74:bb:28:
e2:ed:f3:1d:85:53:d0:2d:73:ae:ab:81:ef:5d:5f:
fe:e8:e5:c2:7e:ca:8f:e9:16:db:5f:4e:49:16:98:
59:6a:de:b1:0a:98:af:20:db:51:f6:64:fc:2f:72:
1c:05:a8:35:86:63:32:71:9e:de:57:6b:dc:2b:b5:
84:46:94:71:15:6e:3f:c0:96:7a:2e:e9:83:f2:52:
db:f2:68:19:52:23:5f:e4:0b:7f:bf:a0:ed:52:98:
af:4e:08:7c:1d:e7:d3:ee:12:a6:d1:78:85:2d:b8:
7b:dd:06:62:70:3b:66:e2:8b:7a:cc:01:cc:6d:11:
57:b8:3b:76:78:80:67:21:2b:06:14:c4:c1:34:ad:
e6:98:30:bc:03:13:f9:2b:36:39:f4:80:84:d4:80:
4e:df:78:fe:27:ea:02:c4:17:00:0f:bd:55:2e:e0:
d6:0f:9c:9a:10:47:bf:2d:47:2a:7e:45:e7:90:96:
e7:90:94:c3:91:46:c6:6c:1d:ab:d3:2a:85:9a:d0:
af:eb:1f:13:12:60:0c:0a:ac:51:85:bb:22:63:df:
59:ec:ce:cb:eb:ad:ad:a6:e4:76:b0:9c:59:09:64:
05:47:98:ae:06:bd:00:2e:72:f5:8f:a9:de:b5:e1:
d2:d7:98:a8:b0:d5:93:8b:3e:da:5c:4c:ce:26:4e:
ef:af:40:9d:cd:4d:65:c8:32:c4:f6:f2:09:f2:f3:
25:90:ca:ab:ef:88:a2:80:c6:a2:0f:11:d4:fb:86:
32:d1:ba:2b:8b:5a:ce:5f:b4:c4:e5:9e:bc:66:4e:
86:97:92:48:42:21:63:dd:59:41:c4:7c:01:37:4a:
aa:0c:98:60:bd:18:52:3c:8b:60:45:ab:fe:d8:50:
90:6c:0b:f8:e9:54:f7:f7:80:6f:24:0e:18:b6:b0:
37:aa:59:20:0e:a9:e8:e2:d9:a0:51:01:c9:25:82:
03:c7:88:5f:f9:71:cb:00:c2:11:04:80:e2:f6:0a:
57:4a:b0:98:74:a1:6d:df:b9:b6:6b:57:57:38:b4:
23:86:53:97:12:69:b8:ac:0d:ac:bf:d2:1b:6b:d3:
5e:68:24:79:65:fb:f1:2a:29:56:75:47:12:5d:c6:
c7:33:90:55:47:62:aa:a1:4c:72:0c:38:1a:9f:36:
56:8f:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:12:0B:29:32:28:94:12:88:48:E6:B9:C1:49:5A:CD:C0:A9:1A:2C
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name: critical
DNS:test.example.com
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Authority Key Identifier:
keyid:B3:12:0B:29:32:28:94:12:88:48:E6:B9:C1:49:5A:CD:C0:A9:1A:2C
Signature Algorithm: sha256WithRSAEncryption
5f:d9:9d:f4:38:2a:91:85:1c:8a:71:69:e8:03:f2:f8:3a:3d:
ee:24:2c:68:72:6d:99:14:6f:6c:15:da:9f:7c:50:cb:95:60:
5b:93:44:21:81:79:49:75:db:23:88:72:f1:4f:3c:3a:26:cc:
06:c1:6c:0b:89:54:08:d9:04:7c:c7:c0:2e:b5:14:77:b5:3e:
f9:6e:4d:57:c7:18:36:a0:99:cd:01:59:75:1e:42:b3:ed:1e:
78:7d:91:88:b3:19:1d:9f:26:22:b2:3b:83:8a:5f:b9:6b:46:
c6:32:b9:b6:3c:be:74:48:34:cb:36:70:17:90:c6:ff:f9:66:
ad:91:27:18:45:49:ab:87:4a:3f:b2:6c:20:3f:22:dc:47:44:
c0:b1:df:d1:c4:37:c2:57:b0:e3:ef:93:0a:f4:e8:06:60:0a:
51:d8:cd:20:a8:f3:1b:00:71:1f:40:82:53:c0:e8:2b:26:00:
29:c7:9d:9f:45:32:a0:d1:ff:70:8f:b8:1a:ce:85:38:53:da:
cc:73:81:ab:f5:9a:ab:d4:d2:73:0f:e4:8a:c7:2c:56:d7:0d:
26:be:f2:0c:d9:f3:24:24:c3:c3:d7:74:3f:a5:ad:1f:3b:ee:
02:83:90:95:cd:08:b5:42:b9:55:46:07:bd:af:8f:25:28:5a:
7f:60:3d:e8:8d:1b:1a:e8:8b:a0:ba:19:eb:d9:0e:43:38:c0:
09:4f:18:b6:67:9d:bd:68:b8:0e:c5:c2:ee:2d:87:6a:48:04:
38:3e:97:eb:2b:f7:cf:c6:3e:92:a9:72:1f:ff:0b:69:04:5c:
27:20:6e:00:8b:9c:0a:b0:9b:42:d2:50:57:32:bf:8c:eb:21:
73:37:39:6f:3d:53:7a:f8:cf:b5:42:f9:1e:dd:16:6a:23:c6:
67:db:ca:f7:1e:8e:a8:92:fb:5e:d9:97:e0:c5:13:ec:ef:d2:
04:3f:f1:b2:94:9c:06:bc:ba:2c:d3:61:71:9b:3e:fc:32:2a:
23:93:8d:74:18:24:95:99:e8:83:4f:54:b1:0d:7c:b2:47:f2:
9c:b0:a4:0f:24:84:50:6c:42:07:a4:86:6c:30:ea:2c:71:0b:
a2:7c:93:38:ee:db:f3:aa:f9:93:9b:8e:66:02:c7:b8:ba:5d:
e9:04:8a:ae:6b:06:17:a5:4f:f9:1f:f3:5a:02:c5:48:8e:62:
17:ac:2d:a8:d0:b2:2b:ad:97:6c:8e:56:b1:9d:49:32:fc:6d:
0b:15:57:c0:23:5d:cf:70:85:da:6a:54:f8:10:2c:52:03:2e:
b7:ce:a0:ae:e4:6c:c4:a3:9b:ec:34:7e:c6:ff:22:31:93:be:
6e:ed:ce:cb:95:51:b3:27
-----BEGIN CERTIFICATE-----
MIIFhjCCA26gAwIBAgIKM8569e+y0trdwzANBgkqhkiG9w0BAQsFADA6MQswCQYD
VQQGEwJCRTENMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwE
dGVzdDAeFw0xNTExMjgyMjI2NTNaFw0xNjExMjcyMjI2NTNaMEYxCzAJBgNVBAYT
AkJFMQ0wCwYDVQQKDARUZXN0MRkwFwYDVQQLDBB0ZXN0LmV4YW1wbGUuY29tMQ0w
CwYDVQQDDAR0ZXN0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApvRi
QuRPcNfR/G8SVkkalTTOKl3ULtDMbSy2U+xH2d2qSoFdzDpVfcxlK9mEbsnfWtjc
BeTyBsJluFviZbeyqzxr+NZ68N50uyji7fMdhVPQLXOuq4HvXV/+6OXCfsqP6Rbb
X05JFphZat6xCpivINtR9mT8L3IcBag1hmMycZ7eV2vcK7WERpRxFW4/wJZ6LumD
8lLb8mgZUiNf5At/v6DtUpivTgh8HefT7hKm0XiFLbh73QZicDtm4ot6zAHMbRFX
uDt2eIBnISsGFMTBNK3mmDC8AxP5KzY59ICE1IBO33j+J+oCxBcAD71VLuDWD5ya
EEe/LUcqfkXnkJbnkJTDkUbGbB2r0yqFmtCv6x8TEmAMCqxRhbsiY99Z7M7L662t
puR2sJxZCWQFR5iuBr0ALnL1j6neteHS15iosNWTiz7aXEzOJk7vr0CdzU1lyDLE
9vIJ8vMlkMqr74iigMaiDxHU+4Yy0bori1rOX7TE5Z68Zk6Gl5JIQiFj3VlBxHwB
N0qqDJhgvRhSPItgRav+2FCQbAv46VT394BvJA4YtrA3qlkgDqno4tmgUQHJJYID
x4hf+XHLAMIRBIDi9gpXSrCYdKFt37m2a1dXOLQjhlOXEmm4rA2sv9Iba9NeaCR5
ZfvxKilWdUcSXcbHM5BVR2KqoUxyDDganzZWj4ECAwEAAaOBgTB/MB0GA1UdDgQW
BBSzEgspMiiUEohI5rnBSVrNwKkaLDAPBgNVHRMBAf8EBTADAQEAMBwGA1UdEQEB
/wQSghB0ZXN0LmV4YW1wbGUuY29tMA4GA1UdDwEB/wQEAwIF4DAfBgNVHSMEGDAW
BBSzEgspMiiUEohI5rnBSVrNwKkaLDANBgkqhkiG9w0BAQsFAAOCAgEAX9md9Dgq
kYUcinFp6APy+Do97iQsaHJtmRRvbBXan3xQy5VgW5NEIYF5SXXbI4hy8U88OibM
BsFsC4lUCNkEfMfALrUUd7U++W5NV8cYNqCZzQFZdR5Cs+0eeH2RiLMZHZ8mIrI7
g4pfuWtGxjK5tjy+dEg0yzZwF5DG//lmrZEnGEVJq4dKP7JsID8i3EdEwLHf0cQ3
wlew4++TCvToBmAKUdjNIKjzGwBxH0CCU8DoKyYAKcedn0UyoNH/cI+4Gs6FOFPa
zHOBq/Waq9TScw/kiscsVtcNJr7yDNnzJCTDw9d0P6WtHzvuAoOQlc0ItUK5VUYH
va+PJShaf2A96I0bGuiLoLoZ69kOQzjACU8YtmedvWi4DsXC7i2HakgEOD6X6yv3
z8Y+kqlyH/8LaQRcJyBuAIucCrCbQtJQVzK/jOshczc5bz1TevjPtUL5Ht0WaiPG
Z9vK9x6OqJL7XtmX4MUT7O/SBD/xspScBry6LNNhcZs+/DIqI5ONdBgklZnog09U
sQ18skfynLCkDySEUGxCB6SGbDDqLHELonyTOO7b86r5k5uOZgLHuLpd6QSKrmsG
F6VP+R/zWgLFSI5iF6wtqNCyK62XbI5WsZ1JMvxtCxVXwCNdz3CF2mpU+BAsUgMu
t86gruRsxKOb7DR+xv8iMZO+bu3Oy5VRsyc=
-----END CERTIFICATE-----
ok!
Cert 2 =========================
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8f:06:9b:86:b2:7b:12:39:5e:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=BE/O=Test/OU=Test/CN=test
Validity
Not Before: Nov 28 22:26:58 2015 GMT
Not After : Nov 27 22:26:58 2016 GMT
Subject: /C=BE/O=Test/OU=test.example.net/CN=test
Subject Public Key Info:
Public Key Algorithm: RSA
Public-Key: (4096 bit)
Modulus:
00:ca:f4:6a:77:58:28:5a:19:aa:d6:d8:eb:18:b1:
33:2e:84:f6:23:58:a7:b7:ce:77:a9:3f:9e:41:13:
1a:5e:f7:8b:32:ec:e2:36:63:43:aa:17:e7:48:6c:
94:28:47:65:b6:2d:1f:12:67:fd:7d:27:5d:12:60:
f2:d4:51:3c:f2:60:03:f8:a0:c1:a6:79:8e:b7:45:
d6:7d:2c:e6:7a:c9:19:ad:8a:e8:44:fa:e6:00:2d:
3e:6d:05:0b:7e:81:18:5d:19:fd:17:d3:0f:e8:29:
1e:c0:ea:e4:ae:87:d9:5b:f4:5b:d8:ac:2d:50:0d:
16:ec:bb:66:89:8b:0b:5e:0e:23:a3:86:00:2d:b5:
d2:a7:eb:7b:e6:50:8d:a5:74:4a:fe:38:a9:1a:70:
64:88:c3:54:09:eb:1c:41:1e:c4:e1:f4:76:e8:30:
2d:b0:7a:04:73:ad:46:2d:92:5c:6c:4f:20:9f:15:
c5:e5:55:a6:6d:33:89:3f:12:6b:7f:81:22:35:7b:
34:f8:71:72:1f:c8:b5:d2:8d:d8:42:5b:79:5a:c6:
12:d8:b7:dd:23:60:6a:c9:20:36:0e:0d:be:30:54:
76:5d:8e:2e:d3:0f:26:3f:70:5a:14:da:5d:47:d5:
8a:6b:05:b4:ec:fb:5e:d5:ab:33:cc:76:6a:e7:b1:
fe:0b:8a:37:85:72:6f:f7:bc:e3:c6:90:b3:13:92:
ed:9e:f0:ce:7c:2f:0e:10:b3:61:05:00:e8:05:5c:
d8:0b:75:d2:d6:72:06:a8:4b:ab:ab:98:81:31:e5:
b3:4c:29:ba:c3:60:94:8a:9b:a4:6e:a0:7a:62:ea:
eb:d5:6d:39:d7:a3:20:bc:10:9f:d7:32:5e:03:fb:
db:37:e8:1a:79:ec:a9:b9:a6:6f:a2:b7:fa:3f:17:
04:83:c1:73:76:39:fe:28:f7:79:af:fb:55:16:57:
26:fc:a4:79:49:7d:1a:c4:60:87:68:dc:e4:c6:93:
cf:e7:83:a4:ac:1e:c7:ee:39:ef:32:6a:e1:b7:da:
ed:74:0a:be:84:6f:e2:5c:0a:58:e6:c6:ec:5d:70:
2e:ca:35:af:6e:aa:e8:2d:8b:24:d7:2d:44:16:78:
12:47:5c:a9:5c:b7:6f:cd:87:56:7e:e2:ce:23:84:
35:7e:fa:ad:cf:22:dd:06:0e:7e:6b:ab:72:50:10:
1d:d5:ca:16:d0:ec:fb:df:45:eb:d8:35:43:28:c1:
4e:f3:cc:21:17:a6:26:12:83:b7:22:7b:50:b6:95:
4a:0d:95:72:e6:b9:b4:76:5a:71:c3:27:cd:bb:f8:
05:e6:4d:c9:da:27:16:f6:b9:0a:3f:c3:87:a9:26:
57:0a:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:12:0B:29:32:28:94:12:88:48:E6:B9:C1:49:5A:CD:C0:A9:1A:2C
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name: critical
DNS:test.example.net
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Authority Key Identifier:
keyid:B3:12:0B:29:32:28:94:12:88:48:E6:B9:C1:49:5A:CD:C0:A9:1A:2C
Signature Algorithm: sha256WithRSAEncryption
4d:a9:9c:af:d9:cc:4d:63:64:4a:16:b8:c7:15:13:c0:d2:25:
a0:88:73:99:49:3a:4f:10:c0:18:e5:e9:fb:5f:dc:ef:af:ad:
5a:72:e9:ba:d9:23:b9:5e:cc:1e:d5:17:39:24:1d:80:c7:2c:
f8:ce:b9:cc:c7:88:be:44:c6:d7:6e:a6:8f:33:79:94:db:82:
d6:45:2f:33:76:b3:1f:85:c2:62:49:b3:4a:51:74:40:69:76:
ed:13:e5:fe:d9:1c:68:92:fc:3c:3a:6b:36:4b:04:fe:6a:e0:
e7:28:e1:b7:40:0a:a2:ce:c1:1d:8a:cb:90:0b:5a:50:c5:10:
36:33:47:4f:37:69:77:56:5a:61:ad:aa:b1:1b:c6:06:e2:cf:
17:12:4a:1e:bb:3a:f0:f9:f8:7d:34:d5:0f:7e:34:5a:1e:6b:
32:63:d7:01:4e:b6:9c:50:a5:c3:61:03:76:16:16:fc:a3:59:
68:2b:b5:74:17:b3:fe:fa:21:e0:19:fc:0b:c3:f5:4a:f3:97:
12:52:53:5c:20:bf:c9:df:5e:02:5f:cf:4f:dc:52:7f:fb:1a:
38:95:91:8d:d0:8c:19:43:83:e8:36:d0:73:fd:ab:55:b6:30:
ea:ed:0f:b4:fc:7f:05:c4:43:38:dc:7b:f0:f9:18:03:21:28:
85:d2:0d:31:f0:17:88:a0:db:ac:e3:84:c4:bc:66:fc:c1:b6:
d8:14:dc:44:3e:db:50:a5:15:28:0a:0e:81:ac:8b:85:88:c4:
9f:3b:1f:92:b3:49:98:47:50:e3:07:e9:ec:07:a4:77:8b:d9:
60:8f:e4:da:24:98:ec:a4:24:ea:33:77:4b:af:52:35:00:96:
eb:b6:c5:d8:3c:d4:ea:27:c7:06:68:64:b2:c7:10:87:8c:4b:
73:19:a9:81:33:6d:0a:2a:32:9c:0f:1b:9b:db:7f:d7:85:e6:
e9:68:92:85:fc:ac:2b:1f:bf:7f:b1:61:40:6d:8e:09:b1:d0:
ab:a0:5d:68:3e:54:b2:50:c6:69:00:5e:a8:91:ed:54:b6:ac:
98:d1:1c:02:31:ae:23:b2:b7:7c:4b:7b:10:d7:9b:24:0c:18:
b5:56:b4:93:e5:1b:b6:7d:7c:8c:5e:55:0d:36:34:16:71:ba:
17:ed:59:cf:08:8f:8f:0a:28:de:7a:37:3c:68:39:ea:4a:fa:
09:1c:2f:d8:ae:d1:e5:d2:a2:3d:9d:96:a4:f4:e9:38:ac:a1:
88:5d:21:e9:ac:8d:3a:54:30:86:9c:8d:d9:1b:a1:b3:b8:92:
2f:76:75:ab:40:20:b6:81:0b:0d:79:28:d9:c4:97:8e:ec:46:
a5:ce:07:96:04:16:f1:b2
-----BEGIN CERTIFICATE-----
MIIFhzCCA2+gAwIBAgILAI8Gm4ayexI5XnkwDQYJKoZIhvcNAQELBQAwOjELMAkG
A1UEBhMCQkUxDTALBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3QxDTALBgNVBAMM
BHRlc3QwHhcNMTUxMTI4MjIyNjU4WhcNMTYxMTI3MjIyNjU4WjBGMQswCQYDVQQG
EwJCRTENMAsGA1UECgwEVGVzdDEZMBcGA1UECwwQdGVzdC5leGFtcGxlLm5ldDEN
MAsGA1UEAwwEdGVzdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMr0
andYKFoZqtbY6xixMy6E9iNYp7fOd6k/nkETGl73izLs4jZjQ6oX50hslChHZbYt
HxJn/X0nXRJg8tRRPPJgA/igwaZ5jrdF1n0s5nrJGa2K6ET65gAtPm0FC36BGF0Z
/RfTD+gpHsDq5K6H2Vv0W9isLVANFuy7ZomLC14OI6OGAC210qfre+ZQjaV0Sv44
qRpwZIjDVAnrHEEexOH0dugwLbB6BHOtRi2SXGxPIJ8VxeVVpm0ziT8Sa3+BIjV7
NPhxch/ItdKN2EJbeVrGEti33SNgaskgNg4NvjBUdl2OLtMPJj9wWhTaXUfVimsF
tOz7XtWrM8x2auex/guKN4Vyb/e848aQsxOS7Z7wznwvDhCzYQUA6AVc2At10tZy
BqhLq6uYgTHls0wpusNglIqbpG6gemLq69VtOdejILwQn9cyXgP72zfoGnnsqbmm
b6K3+j8XBIPBc3Y5/ij3ea/7VRZXJvykeUl9GsRgh2jc5MaTz+eDpKwex+457zJq
4bfa7XQKvoRv4lwKWObG7F1wLso1r26q6C2LJNctRBZ4EkdcqVy3b82HVn7iziOE
NX76rc8i3QYOfmurclAQHdXKFtDs+99F69g1QyjBTvPMIRemJhKDtyJ7ULaVSg2V
cua5tHZaccMnzbv4BeZNydonFva5Cj/Dh6kmVwrZAgMBAAGjgYEwfzAdBgNVHQ4E
FgQUsxILKTIolBKISOa5wUlazcCpGiwwDwYDVR0TAQH/BAUwAwEBADAcBgNVHREB
Af8EEoIQdGVzdC5leGFtcGxlLm5ldDAOBgNVHQ8BAf8EBAMCBeAwHwYDVR0jBBgw
FgQUsxILKTIolBKISOa5wUlazcCpGiwwDQYJKoZIhvcNAQELBQADggIBAE2pnK/Z
zE1jZEoWuMcVE8DSJaCIc5lJOk8QwBjl6ftf3O+vrVpy6brZI7lezB7VFzkkHYDH
LPjOuczHiL5Extdupo8zeZTbgtZFLzN2sx+FwmJJs0pRdEBpdu0T5f7ZHGiS/Dw6
azZLBP5q4Oco4bdACqLOwR2Ky5ALWlDFEDYzR083aXdWWmGtqrEbxgbizxcSSh67
OvD5+H001Q9+NFoeazJj1wFOtpxQpcNhA3YWFvyjWWgrtXQXs/76IeAZ/AvD9Urz
lxJSU1wgv8nfXgJfz0/cUn/7GjiVkY3QjBlDg+g20HP9q1W2MOrtD7T8fwXEQzjc
e/D5GAMhKIXSDTHwF4ig26zjhMS8ZvzBttgU3EQ+21ClFSgKDoGsi4WIxJ87H5Kz
SZhHUOMH6ewHpHeL2WCP5NokmOykJOozd0uvUjUAluu2xdg81OonxwZoZLLHEIeM
S3MZqYEzbQoqMpwPG5vbf9eF5ulokoX8rCsfv3+xYUBtjgmx0KugXWg+VLJQxmkA
XqiR7VS2rJjRHAIxriOyt3xLexDXmyQMGLVWtJPlG7Z9fIxeVQ02NBZxuhftWc8I
j48KKN56NzxoOepK+gkcL9iu0eXSoj2dlqT06TisoYhdIemsjTpUMIacjdkbobO4
ki92datAILaBCw15KNnEl47sRqXOB5YEFvGy
-----END CERTIFICATE-----
ok!
$ java -version
openjdk version "1.8.0_65"
OpenJDK Runtime Environment (build 1.8.0_65-b17)
OpenJDK 64-Bit Server VM (build 25.65-b01, mixed mode)
```
The main difference that I see, is that jruby doesn't seem to add the extension properly:
```
nameConstraints: critical
permitted;DNS:.example.com
```
However, it still not working even if I use the chain generated by MRI:
```
$ cat gen_ca2b.rb
require 'openssl'
ca = <<END
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bf:52:03:e5:d1:3c:45:3a:7e:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=Test, OU=Test, CN=test
Validity
Not Before: Nov 28 22:26:21 2015 GMT
Not After : Nov 27 22:26:21 2016 GMT
Subject: C=BE, O=Test, OU=Test, CN=test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ba:7d:07:91:c9:97:91:a0:04:21:0c:25:9e:07:
1a:68:c2:4f:f6:1b:ee:2e:aa:ac:d0:b2:3b:cf:0f:
d9:fc:ce:b6:81:91:26:64:da:eb:98:c5:c9:9e:95:
1f:2a:fd:0d:c0:bf:84:4e:f1:64:fd:d4:0a:fd:f9:
fc:a3:ea:78:ee:90:06:09:e9:c7:4b:a4:c3:32:ca:
b0:30:c0:63:e5:b4:43:d6:7a:06:6f:5b:21:f9:cc:
66:98:87:be:4a:55:54:9b:77:5a:d5:ec:93:56:0f:
ef:22:b7:b9:56:ea:75:34:4b:a3:6c:d7:db:f1:ea:
98:1e:a3:58:1b:d4:0a:b3:58:8a:e7:29:83:98:b9:
c5:39:5b:b7:33:25:81:1d:c1:87:bd:53:4b:92:cf:
9b:26:e4:a1:41:74:2e:1c:e7:3c:dd:cf:6e:3a:00:
37:2e:65:ac:8c:68:6c:0b:4a:e4:a9:50:f6:7e:87:
0e:be:f3:8a:9c:76:97:9c:0d:cb:21:d2:43:0e:c7:
07:3f:83:9b:f3:50:b7:b7:25:b5:dc:7c:42:a2:14:
ef:cc:ce:28:40:e3:08:1c:1d:c9:52:ea:4e:f1:ce:
f4:e2:33:cf:38:c0:b5:23:46:b3:33:5c:10:ba:db:
31:e7:7f:a0:b3:0d:2b:0e:a4:90:0e:89:4d:98:4b:
c5:2a:b6:2d:b8:9e:a5:70:5c:09:9b:fd:f2:e9:55:
78:bf:17:77:24:65:30:90:c2:da:37:b5:5b:61:b5:
68:8f:e0:88:fd:65:55:a4:27:33:e0:40:6c:6d:cf:
76:e5:4e:3c:4a:01:89:95:7a:b4:03:28:64:03:f6:
e0:1a:ae:b6:9c:4e:06:cd:6f:ff:36:57:73:40:bf:
6c:28:91:b9:d2:0a:88:4d:82:83:ab:78:e0:64:10:
0f:71:e1:85:33:a1:fd:c4:cb:c3:74:e1:b7:2d:1f:
e2:f8:66:b9:9f:b5:a3:41:16:09:df:75:af:06:3f:
7f:f3:f0:9e:3f:ac:ce:e7:3f:7d:52:4a:77:64:39:
dc:6b:46:09:1b:12:36:22:f8:9a:a5:2e:58:de:fa:
58:b5:e1:89:47:a1:12:5b:f1:a4:4b:32:a2:ec:4f:
37:b2:a1:e1:33:c2:8a:ad:1d:10:6f:9c:de:e9:4f:
ea:8a:f5:93:e0:43:32:08:82:91:a8:3c:9e:6c:61:
aa:08:4e:ac:f2:c3:17:54:f7:b3:82:47:01:50:3e:
c0:2a:82:9a:1d:15:07:9c:50:d6:af:82:9e:da:e9:
08:5d:01:eb:3a:4b:e7:c0:35:a9:00:c0:b0:06:16:
82:11:ce:fb:81:f9:84:cd:14:b8:21:3b:cc:c1:f3:
a3:d8:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:D8:96:A9:70:B0:FA:8A:3A:F0:39:39:73:96:15:0D:E0:11:6C:23
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
X509v3 Name Constraints: critical
Permitted:
DNS:.example.com
X509v3 Authority Key Identifier:
keyid:6A:D8:96:A9:70:B0:FA:8A:3A:F0:39:39:73:96:15:0D:E0:11:6C:23
DirName:/C=BE/O=Test/OU=Test/CN=test
serial:BF:52:03:E5:D1:3C:45:3A:7E:D8
Signature Algorithm: sha256WithRSAEncryption
9b:63:0c:cc:2a:28:5d:3c:fc:27:12:59:08:c6:c4:18:84:15:
14:e2:bb:26:02:15:7a:d5:ae:a9:50:5c:6b:4a:03:ce:27:71:
4a:cb:28:82:96:b4:1b:a6:57:32:65:72:c6:93:8f:32:d7:3b:
a1:dd:ec:6f:3e:c5:d7:20:a5:ac:85:4e:4b:78:8b:20:d0:a9:
8a:91:1c:25:f0:55:a8:ed:7e:2c:04:2d:b5:78:3a:25:ab:2d:
19:14:82:52:68:ce:c8:95:a6:05:d9:77:9b:26:1a:85:bb:ab:
d5:b6:44:b7:a2:62:35:7d:7a:9f:79:dc:ae:1b:1a:4d:bf:46:
4c:9e:d4:6f:34:51:00:d7:90:0a:bf:db:f8:a4:24:df:77:48:
5f:93:11:6b:57:8d:67:df:be:ad:f5:78:c8:cb:ba:f5:02:b5:
fa:42:08:fd:e7:59:ca:00:c4:46:cf:ce:80:f3:cb:92:8c:68:
93:5a:79:a9:73:e0:8a:94:76:bb:e0:60:00:e0:53:27:39:3f:
f1:33:84:75:31:cc:3e:96:48:37:18:7d:2c:ab:ac:60:b3:f9:
95:31:e2:e8:1a:05:a5:0b:d0:35:e7:82:ce:9e:3a:6f:86:d6:
87:8c:24:b5:6e:65:79:e9:89:8f:4a:4f:91:45:24:8e:45:89:
57:9c:42:92:55:04:68:90:62:8b:1e:41:da:b2:89:86:3f:81:
15:a4:33:ec:af:12:04:a4:ac:30:2a:c1:50:3c:74:02:68:d1:
a5:03:e1:72:c1:58:cb:8e:66:35:54:65:59:a3:2a:74:8d:ec:
ea:6a:cf:b2:42:18:5d:88:0b:05:ee:77:bd:a4:34:c4:c2:6c:
1b:0d:12:c7:ce:95:86:2d:85:d6:e6:83:0b:da:da:3b:6d:20:
75:30:bf:7f:f3:85:44:d2:d9:93:42:92:06:50:6b:94:26:7d:
ca:f7:18:72:8c:ac:cf:47:39:64:47:6e:03:06:45:12:30:00:
c2:50:89:22:ff:f5:4d:8d:82:d8:90:1b:88:fa:16:56:32:f6:
59:9f:14:59:34:03:ae:5d:79:46:19:d8:cd:6c:72:b1:af:3e:
62:a7:ff:b1:38:6d:23:1c:cf:cc:0f:18:a2:61:66:c9:2e:b5:
44:e0:d8:87:96:bb:b0:60:55:90:b9:b0:dd:9e:66:fa:27:d9:
74:f4:b4:1b:d5:b1:ed:81:b9:7e:b8:07:c9:bc:be:cf:d4:ab:
97:90:68:e4:19:4c:ca:d0:bd:be:c2:3e:72:a0:7a:5a:d9:f8:
a8:e5:45:39:57:8f:1c:57:3b:2f:31:ff:54:c3:79:bb:84:6a:
4b:0f:5b:23:0f:8e:4f:6c
-----BEGIN CERTIFICATE-----
MIIFyzCCA7OgAwIBAgILAL9SA+XRPEU6ftgwDQYJKoZIhvcNAQELBQAwOjELMAkG
A1UEBhMCQkUxDTALBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3QxDTALBgNVBAMM
BHRlc3QwHhcNMTUxMTI4MjIyNjIxWhcNMTYxMTI3MjIyNjIxWjA6MQswCQYDVQQG
EwJCRTENMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEdGVz
dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALp9B5HJl5GgBCEMJZ4H
GmjCT/Yb7i6qrNCyO88P2fzOtoGRJmTa65jFyZ6VHyr9DcC/hE7xZP3UCv35/KPq
eO6QBgnpx0ukwzLKsDDAY+W0Q9Z6Bm9bIfnMZpiHvkpVVJt3WtXsk1YP7yK3uVbq
dTRLo2zX2/HqmB6jWBvUCrNYiucpg5i5xTlbtzMlgR3Bh71TS5LPmybkoUF0Lhzn
PN3PbjoANy5lrIxobAtK5KlQ9n6HDr7zipx2l5wNyyHSQw7HBz+Dm/NQt7cltdx8
QqIU78zOKEDjCBwdyVLqTvHO9OIzzzjAtSNGszNcELrbMed/oLMNKw6kkA6JTZhL
xSq2LbiepXBcCZv98ulVeL8XdyRlMJDC2je1W2G1aI/giP1lVaQnM+BAbG3PduVO
PEoBiZV6tAMoZAP24BqutpxOBs1v/zZXc0C/bCiRudIKiE2Cg6t44GQQD3HhhTOh
/cTLw3Thty0f4vhmuZ+1o0EWCd91rwY/f/Pwnj+szuc/fVJKd2Q53GtGCRsSNiL4
mqUuWN76WLXhiUehElvxpEsyouxPN7Kh4TPCiq0dEG+c3ulP6or1k+BDMgiCkag8
nmxhqghOrPLDF1T3s4JHAVA+wCqCmh0VB5xQ1q+CntrpCF0B6zpL58A1qQDAsAYW
ghHO+4H5hM0UuCE7zMHzo9hFAgMBAAGjgdEwgc4wHQYDVR0OBBYEFGrYlqlwsPqK
OvA5OXOWFQ3gEWwjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHmMB4G
A1UdHgEB/wQUMBKgEDAOggwuZXhhbXBsZS5jb20wbAYDVR0jBGUwY4AUatiWqXCw
+oo68Dk5c5YVDeARbCOhPqQ8MDoxCzAJBgNVBAYTAkJFMQ0wCwYDVQQKDARUZXN0
MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDAR0ZXN0ggsAv1ID5dE8RTp+2DANBgkq
hkiG9w0BAQsFAAOCAgEAm2MMzCooXTz8JxJZCMbEGIQVFOK7JgIVetWuqVBca0oD
zidxSssogpa0G6ZXMmVyxpOPMtc7od3sbz7F1yClrIVOS3iLINCpipEcJfBVqO1+
LAQttXg6JastGRSCUmjOyJWmBdl3myYahbur1bZEt6JiNX16n3ncrhsaTb9GTJ7U
bzRRANeQCr/b+KQk33dIX5MRa1eNZ9++rfV4yMu69QK1+kII/edZygDERs/OgPPL
koxok1p5qXPgipR2u+BgAOBTJzk/8TOEdTHMPpZINxh9LKusYLP5lTHi6BoFpQvQ
NeeCzp46b4bWh4wktW5leemJj0pPkUUkjkWJV5xCklUEaJBiix5B2rKJhj+BFaQz
7K8SBKSsMCrBUDx0AmjRpQPhcsFYy45mNVRlWaMqdI3s6mrPskIYXYgLBe53vaQ0
xMJsGw0Sx86Vhi2F1uaDC9raO20gdTC/f/OFRNLZk0KSBlBrlCZ9yvcYcoysz0c5
ZEduAwZFEjAAwlCJIv/1TY2C2JAbiPoWVjL2WZ8UWTQDrl15RhnYzWxysa8+Yqf/
sThtIxzPzA8YomFmyS61RODYh5a7sGBVkLmw3Z5m+ifZdPS0G9Wx7YG5frgHyby+
z9Srl5Bo5BlMytC9vsI+cqB6Wtn4qOVFOVePHFc7LzH/VMN5u4RqSw9bIw+OT2w=
-----END CERTIFICATE-----
END
cert = <<END
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:f9:f0:08:b3:3e:99:d9:b3:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=Test, OU=Test, CN=test
Validity
Not Before: Nov 28 22:26:21 2015 GMT
Not After : Nov 27 22:26:21 2016 GMT
Subject: C=BE, O=Test, OU=test.example.com, CN=test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b4:cc:bf:6a:aa:a4:bb:a6:f9:40:04:9a:18:3c:
b1:48:b5:72:a9:bd:39:8b:75:3f:39:f6:13:f6:f6:
cc:9e:6a:9b:d5:e2:f7:d3:84:98:bb:99:ab:2c:53:
da:1d:13:b3:56:72:ef:22:39:4f:08:cc:4e:a9:cf:
88:10:d4:56:af:64:46:3e:81:bf:81:73:93:68:36:
34:da:ce:a1:d3:2a:23:8d:ed:53:1b:c5:c4:85:38:
75:02:61:33:68:08:ea:0a:ed:10:89:29:f2:3a:23:
4e:20:16:8e:35:a7:64:e7:67:96:e3:14:c9:3c:52:
8d:4b:14:c7:14:bf:93:91:9d:b3:8d:13:95:12:4e:
17:47:2e:25:1f:20:3b:c9:dd:88:e7:d4:14:c4:74:
90:58:25:1e:38:ab:94:03:a0:35:55:4c:b6:b0:cf:
5a:ab:2c:aa:dc:69:97:02:0a:68:9b:56:5b:02:76:
1a:a3:54:4e:b3:0c:ff:d2:cb:cb:41:72:be:b0:5b:
28:18:e3:4e:37:b1:97:07:73:79:b4:8d:fd:19:22:
28:ec:2c:3b:aa:7f:58:c7:0e:33:87:e4:f3:4a:db:
d5:77:45:66:4d:1c:d8:f4:7e:c6:a4:38:d5:f4:0d:
4a:df:15:cd:c1:b0:fc:ca:9f:db:bc:6f:59:f6:b4:
6f:c0:13:ba:e2:cb:12:95:4f:8a:12:2f:52:8f:52:
9e:39:92:94:62:dd:36:5d:f0:2a:4f:f2:9b:ca:1d:
50:fc:eb:1e:21:28:f8:51:02:3b:a4:8a:15:08:d7:
df:77:e8:c4:e0:6b:03:ac:a6:d0:3a:e9:f8:7d:b2:
ec:53:ff:7a:dd:78:1d:0b:53:9a:25:e2:80:b5:ae:
60:4e:bd:cb:23:09:ad:0e:d2:55:6a:1f:b3:7c:fe:
84:93:fa:dd:5b:d5:6a:9f:c8:db:61:e2:62:96:91:
dc:62:68:0e:ed:b0:9f:de:3d:d8:0c:4d:2d:37:0f:
1e:f6:fc:72:b0:47:6b:82:59:6a:30:31:b8:10:56:
ad:66:7a:87:cd:f2:ac:20:fe:5b:58:bb:41:6a:64:
db:18:57:e8:2c:d6:9f:93:23:b6:4b:71:9b:10:9d:
b5:3c:2d:a6:ac:26:52:14:23:63:83:c5:4f:02:96:
69:aa:28:c0:94:77:d8:05:a2:78:bc:01:e2:88:66:
a0:60:b4:a2:96:76:4e:00:36:b9:16:3d:92:3f:60:
15:58:19:42:30:0a:21:f3:f5:1d:30:61:f3:01:d1:
df:64:0a:ed:4e:a4:31:81:ce:04:b6:23:39:63:59:
8b:e5:32:88:c2:e1:3a:d8:b2:ea:97:49:1f:8a:9a:
9b:5f:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:B7:F1:48:59:45:AE:25:6D:63:3A:6D:9B:92:79:72:79:13:D1:9F
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name: critical
DNS:test.example.com
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Authority Key Identifier:
keyid:6A:D8:96:A9:70:B0:FA:8A:3A:F0:39:39:73:96:15:0D:E0:11:6C:23
DirName:/C=BE/O=Test/OU=Test/CN=test
serial:BF:52:03:E5:D1:3C:45:3A:7E:D8
Signature Algorithm: sha256WithRSAEncryption
67:60:6a:63:18:88:c4:6e:68:d3:b7:ec:25:a9:fb:1d:28:57:
94:59:0b:3f:08:cd:05:8e:9b:48:c4:63:6f:74:a2:d5:eb:f6:
38:77:88:ed:5b:f3:9c:f1:e7:79:70:1d:67:04:cd:d0:8c:01:
e7:6e:c2:53:1e:a9:ec:24:48:1e:97:79:a2:9f:3d:a3:a4:c4:
47:07:ca:08:c2:55:cb:9c:70:ba:ea:6f:f5:82:8a:73:92:eb:
ae:90:74:e9:c6:5f:46:14:fe:a4:b9:4a:ee:d7:6e:26:74:79:
9e:c7:4a:55:a7:cf:54:de:c2:93:f6:fb:94:4a:54:58:9a:35:
d7:b2:12:e8:57:a4:e2:10:ce:0c:1b:9a:ae:cb:04:64:86:e5:
8d:76:93:fe:c8:a3:9c:03:9e:58:eb:b3:d0:a1:0c:56:f4:28:
54:41:26:14:0a:c8:26:84:d7:bc:2d:e2:4e:cf:67:cd:32:5c:
6d:ef:66:c4:4f:84:6a:09:40:bc:c7:f7:c3:67:c6:ef:e0:a0:
b7:ca:8c:c7:a6:c9:75:bd:6b:a9:ea:23:ec:9f:86:9e:10:56:
57:9d:cb:c6:8c:93:50:54:39:e1:9e:25:69:0b:2b:26:36:ad:
bf:96:5d:36:90:7e:05:17:c3:de:ef:18:95:75:74:e2:ed:d3:
1d:41:33:be:9b:62:e8:16:88:08:7c:2d:58:79:56:e0:63:ca:
b2:5a:89:ec:fd:e9:10:7c:c8:12:a7:c0:6b:17:84:1d:eb:41:
1a:23:cf:0e:39:44:1a:ef:1e:3d:14:6d:ed:e9:a9:47:46:78:
9b:c5:02:3e:ef:c1:10:38:63:bf:ef:b6:df:37:1a:43:60:5e:
c9:9a:5a:7c:fc:58:30:e8:ca:11:89:bb:fb:1c:6f:24:ed:a1:
6c:bc:d7:5f:11:39:94:09:31:e5:17:21:55:6d:85:8f:0e:86:
a9:36:d9:d7:d9:70:d2:88:98:19:b1:2b:5b:ed:45:24:c6:43:
bc:4f:54:7c:e4:18:55:8e:54:48:75:b7:e0:0d:f2:3e:54:82:
2e:57:ba:52:1a:c6:7c:15:56:32:48:bf:12:56:85:21:1e:23:
81:2e:80:32:04:c2:56:09:01:70:17:fb:c1:e8:bb:ab:7e:4e:
b6:1f:8d:d5:10:2e:16:ae:15:9a:da:72:53:95:5b:2c:87:99:
62:07:42:82:05:14:c8:05:f7:52:63:eb:86:b0:7c:35:2f:8a:
8d:ed:ec:ac:40:07:a4:2d:b7:37:7f:2a:74:6f:71:81:ae:9c:
c1:be:9f:fa:88:e9:fe:d7:4d:9b:dd:6c:03:0b:fd:f8:9b:a1:
8c:c0:35:55:77:e5:5b:db
-----BEGIN CERTIFICATE-----
MIIF0zCCA7ugAwIBAgIKB/nwCLM+mdmzMTANBgkqhkiG9w0BAQsFADA6MQswCQYD
VQQGEwJCRTENMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwE
dGVzdDAeFw0xNTExMjgyMjI2MjFaFw0xNjExMjcyMjI2MjFaMEYxCzAJBgNVBAYT
AkJFMQ0wCwYDVQQKDARUZXN0MRkwFwYDVQQLDBB0ZXN0LmV4YW1wbGUuY29tMQ0w
CwYDVQQDDAR0ZXN0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtMy/
aqqku6b5QASaGDyxSLVyqb05i3U/OfYT9vbMnmqb1eL304SYu5mrLFPaHROzVnLv
IjlPCMxOqc+IENRWr2RGPoG/gXOTaDY02s6h0yojje1TG8XEhTh1AmEzaAjqCu0Q
iSnyOiNOIBaONadk52eW4xTJPFKNSxTHFL+TkZ2zjROVEk4XRy4lHyA7yd2I59QU
xHSQWCUeOKuUA6A1VUy2sM9aqyyq3GmXAgpom1ZbAnYao1ROswz/0svLQXK+sFso
GONON7GXB3N5tI39GSIo7Cw7qn9Yxw4zh+TzStvVd0VmTRzY9H7GpDjV9A1K3xXN
wbD8yp/bvG9Z9rRvwBO64ssSlU+KEi9Sj1KeOZKUYt02XfAqT/Kbyh1Q/OseISj4
UQI7pIoVCNffd+jE4GsDrKbQOun4fbLsU/963XgdC1OaJeKAta5gTr3LIwmtDtJV
ah+zfP6Ek/rdW9Vqn8jbYeJilpHcYmgO7bCf3j3YDE0tNw8e9vxysEdrgllqMDG4
EFatZnqHzfKsIP5bWLtBamTbGFfoLNafkyO2S3GbEJ21PC2mrCZSFCNjg8VPApZp
qijAlHfYBaJ4vAHiiGagYLSilnZOADa5Fj2SP2AVWBlCMAoh8/UdMGHzAdHfZArt
TqQxgc4EtiM5Y1mL5TKIwuE62LLql0kfipqbXwcCAwEAAaOBzjCByzAdBgNVHQ4E
FgQU1LfxSFlFriVtYzptm5J5cnkT0Z8wDAYDVR0TAQH/BAIwADAeBgNVHREBAf8E
FDASghB0ZXN0LmV4YW1wbGUuY29tMA4GA1UdDwEB/wQEAwIF4DBsBgNVHSMEZTBj
gBRq2JapcLD6ijrwOTlzlhUN4BFsI6E+pDwwOjELMAkGA1UEBhMCQkUxDTALBgNV
BAoMBFRlc3QxDTALBgNVBAsMBFRlc3QxDTALBgNVBAMMBHRlc3SCCwC/UgPl0TxF
On7YMA0GCSqGSIb3DQEBCwUAA4ICAQBnYGpjGIjEbmjTt+wlqfsdKFeUWQs/CM0F
jptIxGNvdKLV6/Y4d4jtW/Oc8ed5cB1nBM3QjAHnbsJTHqnsJEgel3minz2jpMRH
B8oIwlXLnHC66m/1gopzkuuukHTpxl9GFP6kuUru124mdHmex0pVp89U3sKT9vuU
SlRYmjXXshLoV6TiEM4MG5quywRkhuWNdpP+yKOcA55Y67PQoQxW9ChUQSYUCsgm
hNe8LeJOz2fNMlxt72bET4RqCUC8x/fDZ8bv4KC3yozHpsl1vWup6iPsn4aeEFZX
ncvGjJNQVDnhniVpCysmNq2/ll02kH4FF8Pe7xiVdXTi7dMdQTO+m2LoFogIfC1Y
eVbgY8qyWons/ekQfMgSp8BrF4Qd60EaI88OOUQa7x49FG3t6alHRnibxQI+78EQ
OGO/77bfNxpDYF7Jmlp8/Fgw6MoRibv7HG8k7aFsvNdfETmUCTHlFyFVbYWPDoap
NtnX2XDSiJgZsStb7UUkxkO8T1R85BhVjlRIdbfgDfI+VIIuV7pSGsZ8FVYySL8S
VoUhHiOBLoAyBMJWCQFwF/vB6Lurfk62H43VEC4WrhWa2nJTlVssh5liB0KCBRTI
BfdSY+uGsHw1L4qN7eysQAekLbc3fyp0b3GBrpzBvp/6iOn+102b3WwDC/34m6GM
wDVVd+Vb2w==
-----END CERTIFICATE-----
END
cert2=<<END
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
83:ba:6b:91:5c:44:89:b4:92:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=Test, OU=Test, CN=test
Validity
Not Before: Nov 28 22:26:21 2015 GMT
Not After : Nov 27 22:26:21 2016 GMT
Subject: C=BE, O=Test, OU=test.example.net, CN=test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c2:bc:74:90:03:dd:3d:18:2b:e6:63:dc:61:14:
df:04:16:1f:6d:1c:10:aa:58:b6:17:b2:6f:d9:16:
55:dc:9e:71:5e:4d:42:d2:f3:2d:b2:c6:c0:9f:9c:
b6:b1:20:a3:cf:5e:86:0e:0f:a5:c7:e1:10:18:de:
d3:38:e1:fd:26:19:31:9c:88:92:56:09:26:c6:a7:
94:05:9e:fc:f9:ab:cb:84:58:53:2d:f2:d1:f4:89:
9a:d6:be:2a:33:b9:bb:f1:76:51:55:06:e6:d8:b4:
27:d4:b4:3a:58:32:c7:48:7d:ab:15:9b:6d:3d:45:
14:a0:73:4d:f6:32:03:92:38:a5:86:f8:88:5b:0e:
53:43:cb:18:9b:02:db:d4:29:dc:2a:e5:0c:62:6c:
84:d3:38:14:38:2a:c8:30:31:86:5a:36:19:40:11:
7f:d9:5f:f5:10:91:1a:27:d4:67:5f:fb:ae:ca:05:
ea:fc:23:95:4a:29:7c:bc:05:d9:1d:9f:f3:65:e5:
7a:7d:14:2f:c3:94:16:47:23:8a:85:3c:a6:34:c6:
4e:da:9d:dd:4e:c7:9e:1c:59:a9:15:bb:6a:dc:3c:
c9:24:99:29:c3:3b:53:ab:29:bc:88:d1:9b:a7:28:
89:de:b1:57:82:c3:63:54:1e:2f:ea:9b:d7:f8:11:
be:0a:15:b8:e8:68:7c:e6:2a:d3:3a:7a:ef:26:07:
e3:ff:99:18:74:c2:35:1d:b1:ce:10:50:ab:e8:74:
cc:4d:b7:c5:93:62:54:d5:1b:6e:bb:c8:af:a0:68:
d5:4c:b0:e4:b6:bb:9a:dd:a2:5f:72:74:13:d1:43:
c7:87:31:ed:5a:c6:d6:a3:f9:84:1f:e6:53:85:e4:
16:a9:c1:39:af:d6:0b:f7:de:90:c2:af:cc:39:2c:
ee:34:41:8d:07:96:4e:95:21:c2:07:95:41:07:63:
56:33:6a:97:c3:0b:35:4c:46:e8:51:47:56:e9:08:
71:ab:ed:ef:ec:75:f1:4a:d1:f8:f4:6c:1c:20:a0:
65:10:21:0b:2f:fa:3a:05:2f:3c:d2:82:d9:f7:4f:
b4:ec:a0:3e:89:f6:0d:e9:d3:22:65:62:32:9c:3c:
e0:93:ef:44:30:fc:86:c3:43:a8:64:8d:b2:70:16:
01:4a:62:e6:ea:4f:8e:e1:bb:92:53:c4:e2:b6:1e:
1b:02:ef:56:4c:6d:44:2d:f4:e8:eb:ab:bd:ca:53:
69:b4:85:b1:ac:e2:08:49:f8:cc:2c:c5:eb:e5:0c:
6f:91:4d:e6:65:2d:30:df:72:cf:43:8f:8c:4b:dc:
f5:22:9e:df:2a:d4:fa:e5:ba:19:e4:a7:16:0c:40:
2f:fb:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:6C:6C:8F:93:82:DE:60:24:D2:91:C9:5C:D5:11:A3:3D:B2:69:98
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name: critical
DNS:test.example.net
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Authority Key Identifier:
keyid:6A:D8:96:A9:70:B0:FA:8A:3A:F0:39:39:73:96:15:0D:E0:11:6C:23
DirName:/C=BE/O=Test/OU=Test/CN=test
serial:BF:52:03:E5:D1:3C:45:3A:7E:D8
Signature Algorithm: sha256WithRSAEncryption
10:fa:1f:57:62:33:35:f5:99:c6:f0:a3:20:9e:76:9d:6a:8d:
37:8f:ee:c0:e2:fe:4a:d9:24:02:7d:3c:8b:94:ca:ec:9e:6c:
3a:95:e4:4f:2a:e6:fb:d8:dd:3c:56:8a:ba:15:46:15:09:56:
76:8a:f0:d1:e0:d4:a1:d2:3b:08:89:1d:a2:1b:52:18:dd:f0:
c4:c2:2e:7e:91:98:f1:e7:93:5d:4e:96:f3:52:43:c3:ca:35:
a2:ec:12:8b:06:61:62:e2:f2:04:cc:9b:c9:0a:34:d2:7a:0d:
d9:1c:b3:72:28:3f:dd:f7:99:e1:95:d3:f2:21:17:9c:39:70:
77:29:a5:1d:4f:a4:5d:2a:e5:b0:31:99:62:8a:b3:92:1e:63:
3e:a6:48:61:85:60:05:00:aa:f2:f4:55:d0:89:18:5b:69:08:
c6:43:64:e9:45:c4:fd:76:2c:3d:e2:e9:f3:47:07:38:82:85:
8f:a9:a6:8f:7b:85:37:77:e0:f9:3c:8b:c1:80:ed:82:7d:e2:
6c:77:0f:65:d7:2d:6d:31:e7:e8:8b:df:d2:3d:0e:3b:62:9a:
60:f9:c3:c1:dc:4a:fc:6c:eb:6f:05:7b:4e:98:1d:58:e0:76:
f5:7a:43:30:9a:98:42:0a:e4:e8:5e:68:e7:c2:92:55:50:cd:
64:64:21:d3:9f:30:75:d8:58:0b:eb:80:4a:3e:cc:d8:c6:47:
b8:3f:1f:1c:56:80:a2:cf:79:bb:e8:40:f4:23:dd:c5:b6:70:
0f:25:8e:ed:40:e8:44:26:c8:19:46:f8:14:01:d4:1f:bd:99:
c1:bf:c0:19:0f:9d:71:79:f6:f3:ab:55:6a:e8:23:f1:89:ca:
69:9b:6e:83:f3:bd:a3:5b:88:94:92:da:44:41:6b:17:0e:d2:
3f:42:4f:22:4a:cd:f0:31:f8:31:5f:86:9a:33:9c:40:0c:9e:
f0:88:17:84:c7:f0:03:24:db:52:fa:09:82:5a:75:4d:c0:b2:
10:c7:44:e0:1b:14:53:1e:1c:fd:3f:cd:55:b0:d0:4c:82:f4:
5d:fd:dd:14:ba:c5:29:07:a5:5f:74:cb:9b:de:d5:6b:b9:9d:
60:7e:09:a5:31:1b:bb:33:c2:db:6e:e3:da:fb:3e:3d:ea:e7:
2d:5d:92:d7:cd:da:f8:b3:da:d3:9b:00:ae:be:36:9b:7f:f9:
c8:e7:4f:41:18:12:87:62:dc:42:aa:af:b9:fb:b0:1e:ff:07:
dc:af:87:dc:d0:64:d7:d2:4e:c3:7d:ee:ed:d1:ef:00:3a:1d:
9b:c0:ae:66:35:b2:24:e3:96:ad:11:0b:a4:35:bc:cf:04:64:
a6:e9:d9:82:ce:57:0b:75
-----BEGIN CERTIFICATE-----
MIIF1DCCA7ygAwIBAgILAIO6a5FcRIm0knAwDQYJKoZIhvcNAQELBQAwOjELMAkG
A1UEBhMCQkUxDTALBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3QxDTALBgNVBAMM
BHRlc3QwHhcNMTUxMTI4MjIyNjIxWhcNMTYxMTI3MjIyNjIxWjBGMQswCQYDVQQG
EwJCRTENMAsGA1UECgwEVGVzdDEZMBcGA1UECwwQdGVzdC5leGFtcGxlLm5ldDEN
MAsGA1UEAwwEdGVzdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK8
dJAD3T0YK+Zj3GEU3wQWH20cEKpYtheyb9kWVdyecV5NQtLzLbLGwJ+ctrEgo89e
hg4PpcfhEBje0zjh/SYZMZyIklYJJsanlAWe/Pmry4RYUy3y0fSJmta+KjO5u/F2
UVUG5ti0J9S0Olgyx0h9qxWbbT1FFKBzTfYyA5I4pYb4iFsOU0PLGJsC29Qp3Crl
DGJshNM4FDgqyDAxhlo2GUARf9lf9RCRGifUZ1/7rsoF6vwjlUopfLwF2R2f82Xl
en0UL8OUFkcjioU8pjTGTtqd3U7HnhxZqRW7atw8ySSZKcM7U6spvIjRm6coid6x
V4LDY1QeL+qb1/gRvgoVuOhofOYq0zp67yYH4/+ZGHTCNR2xzhBQq+h0zE23xZNi
VNUbbrvIr6Bo1Uyw5La7mt2iX3J0E9FDx4cx7VrG1qP5hB/mU4XkFqnBOa/WC/fe
kMKvzDks7jRBjQeWTpUhwgeVQQdjVjNql8MLNUxG6FFHVukIcavt7+x18UrR+PRs
HCCgZRAhCy/6OgUvPNKC2fdPtOygPon2DenTImViMpw84JPvRDD8hsNDqGSNsnAW
AUpi5upPjuG7klPE4rYeGwLvVkxtRC306OurvcpTabSFsaziCEn4zCzF6+UMb5FN
5mUtMN9yz0OPjEvc9SKe3yrU+uW6GeSnFgxAL/tnAgMBAAGjgc4wgcswHQYDVR0O
BBYEFKNsbI+Tgt5gJNKRyVzVEaM9smmYMAwGA1UdEwEB/wQCMAAwHgYDVR0RAQH/
BBQwEoIQdGVzdC5leGFtcGxlLm5ldDAOBgNVHQ8BAf8EBAMCBeAwbAYDVR0jBGUw
Y4AUatiWqXCw+oo68Dk5c5YVDeARbCOhPqQ8MDoxCzAJBgNVBAYTAkJFMQ0wCwYD
VQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDAR0ZXN0ggsAv1ID5dE8
RTp+2DANBgkqhkiG9w0BAQsFAAOCAgEAEPofV2IzNfWZxvCjIJ52nWqNN4/uwOL+
StkkAn08i5TK7J5sOpXkTyrm+9jdPFaKuhVGFQlWdorw0eDUodI7CIkdohtSGN3w
xMIufpGY8eeTXU6W81JDw8o1ouwSiwZhYuLyBMybyQo00noN2Ryzcig/3feZ4ZXT
8iEXnDlwdymlHU+kXSrlsDGZYoqzkh5jPqZIYYVgBQCq8vRV0IkYW2kIxkNk6UXE
/XYsPeLp80cHOIKFj6mmj3uFN3fg+TyLwYDtgn3ibHcPZdctbTHn6Ivf0j0OO2Ka
YPnDwdxK/GzrbwV7TpgdWOB29XpDMJqYQgrk6F5o58KSVVDNZGQh058wddhYC+uA
Sj7M2MZHuD8fHFaAos95u+hA9CPdxbZwDyWO7UDoRCbIGUb4FAHUH72Zwb/AGQ+d
cXn286tVaugj8YnKaZtug/O9o1uIlJLaREFrFw7SP0JPIkrN8DH4MV+GmjOcQAye
8IgXhMfwAyTbUvoJglp1TcCyEMdE4BsUUx4c/T/NVbDQTIL0Xf3dFLrFKQelX3TL
m97Va7mdYH4JpTEbuzPC227j2vs+PernLV2S183a+LPa05sArr42m3/5yOdPQRgS
h2LcQqqvufuwHv8H3K+H3NBk19JOw33u7dHvADodm8CuZjWyJOOWrRELpDW8zwRk
punZgs5XC3U=
-----END CERTIFICATE-----
END
puts "Cert ====="
store = OpenSSL::X509::Store.new
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
store.add_cert(OpenSSL::X509::Certificate.new(ca))
r = store.verify(OpenSSL::X509::Certificate.new(cert))
unless r
puts "Error: #{store.error}"
puts "Error Str: #{store.error_string}"
else
puts "ok!"
end
puts "Cert2 ====="
store = OpenSSL::X509::Store.new
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
store.add_cert(OpenSSL::X509::Certificate.new(ca))
r = store.verify(OpenSSL::X509::Certificate.new(cert2))
unless r
puts "Error: #{store.error}"
puts "Error Str: #{store.error_string}"
else
puts "ok!"
end
$ rvm use 2.2.0
Using /home/duritong/.rvm/gems/ruby-2.2.0
$ ruby gen_ca2b.rb
Cert =====
ok!
Cert2 =====
Error: 47
Error Str: permitted subtree violation
$ rvm use jruby
Using /home/duritong/.rvm/gems/jruby-1.7.19
$ ruby gen_ca2b.rb
Cert =====
ok!
Cert2 =====
ok!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment