Skip to content

Instantly share code, notes, and snippets.

@shigeki

shigeki/新しく発行された中間証明書

Created October 14, 2016 02:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shigeki/e4d1cd108d24fab7619a9442a93d802a to your computer and use it in GitHub Desktop.
Save shigeki/e4d1cd108d24fab7619a9442a93d802a to your computer and use it in GitHub Desktop.
Download ZIP
GlobalSign中間証明書のHPKP比較
Raw
新しく発行された中間証明書
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:00:00:00:00:01:31:89:c6:44:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
Validity
Not Before: Aug 2 10:00:00 2011 GMT
Not After : Aug 2 10:00:00 2022 GMT
Subject: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:0e:6c:3f:23:93:7f:cc:70:a5:9d:20:c3:0e:
53:3f:7e:c0:4e:c2:98:49:ca:47:d5:23:ef:03:34:
85:74:c8:a3:02:2e:46:5c:0b:7d:c9:88:9d:4f:8b:
f0:f8:9c:6c:8c:55:35:db:bf:f2:b3:ea:fb:e3:56:
e7:4a:46:d9:13:22:ca:36:d5:9b:c1:a8:e3:96:43:
93:f2:0c:bc:e6:f9:e6:e8:99:c8:63:48:78:7f:57:
36:69:1a:19:1d:5a:d1:d4:7d:c2:9c:d4:7f:e1:80:
12:ae:7a:ea:88:ea:57:d8:ca:0a:0a:3a:12:49:a2:
62:19:7a:0d:24:f7:37:eb:b4:73:92:7b:05:23:9b:
12:b5:ce:eb:29:df:a4:14:02:b9:01:a5:d4:a6:9c:
43:64:88:de:f8:7e:fe:e3:f5:1e:e5:fe:dc:a3:a8:
e4:66:31:d9:4c:25:e9:18:b9:89:59:09:ae:e9:9d:
1c:6d:37:0f:4a:1e:35:20:28:e2:af:d4:21:8b:01:
c4:45:ad:6e:2b:63:ab:92:6b:61:0a:4d:20:ed:73:
ba:7c:ce:fe:16:b5:db:9f:80:f0:d6:8b:6c:d9:08:
79:4a:4f:78:65:da:92:bc:be:35:f9:b3:c4:f9:27:
80:4e:ff:96:52:e6:02:20:e1:07:73:e9:5d:2b:bd:
b2:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Subject Key Identifier:
96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:00:40:E6:1A:7C
X509v3 Certificate Policies:
Policy: X509v3 Any Policy
CPS: https://www.globalsign.com/repository/
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.globalsign.net/root-r3.crl
Authority Information Access:
OCSP - URI:http://ocsp2.globalsign.com/rootr3
X509v3 Authority Key Identifier:
keyid:8F:F0:4B:7F:A8:2E:45:24:AE:4D:50:FA:63:9A:8B:DE:E2:DD:1B:BC
Signature Algorithm: sha256WithRSAEncryption
ba:06:29:c0:b4:19:8c:21:11:c0:94:11:9e:bb:3d:d4:d5:43:
40:f6:9f:bb:25:0b:23:68:b5:1a:f7:fa:54:64:cc:2b:13:f9:
21:f0:44:ad:e1:e8:15:58:db:ee:fd:db:a2:4d:cc:18:8f:0d:
9a:6d:c3:6b:01:a1:31:f0:8d:bc:00:40:cc:39:5f:87:61:51:
6d:f4:95:ea:ea:15:35:3e:40:85:c0:62:d5:a1:34:fe:78:aa:
a8:b2:5a:39:f3:37:41:fb:9c:e8:3e:71:4a:5b:eb:f8:69:58:
a1:e0:c6:93:77:e9:ba:67:92:eb:65:58:90:70:73:42:7d:af:
f4:23:26:79:17:aa:fa:a4:bb:99:e5:44:6f:65:81:e7:ca:eb:
55:c8:f4:b6:27:11:21:74:94:bc:6b:b7:74:62:29:c4:cd:ae:
47:f2:e6:42:5b:78:86:05:61:cb:90:aa:79:89:df:04:7e:b1:
26:70:4b:8d:40:1f:84:7b:c0:fb:07:e6:c8:b7:4e:91:f4:35:
03:ed:e8:eb:41:10:17:49:b4:62:c8:a7:2c:f2:e1:4c:8f:03:
2c:f3:16:37:5d:67:f1:a4:39:79:49:a3:c0:5d:cc:55:f9:21:
80:0f:fb:ce:e2:29:6a:58:50:e9:a6:d7:eb:1c:32:36:b5:62:
a7:c1:fa:e6
-----BEGIN CERTIFICATE-----
MIIEYjCCA0qgAwIBAgILBAAAAAABMYnGRMkwDQYJKoZIhvcNAQELBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwODAyMTAwMDAwWhcNMjIwODAy
MTAwMDAwWjBmMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
YTE8MDoGA1UEAxMzR2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBD
QSAtIFNIQTI1NiAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
xw5sPyOTf8xwpZ0gww5TP37ATsKYScpH1SPvAzSFdMijAi5GXAt9yYidT4vw+Jxs
jFU127/ys+r741bnSkbZEyLKNtWbwajjlkOT8gy85vnm6JnIY0h4f1c2aRoZHVrR
1H3CnNR/4YASrnrqiOpX2MoKCjoSSaJiGXoNJPc367RzknsFI5sStc7rKd+kFAK5
AaXUppxDZIje+H7+4/Ue5f7co6jkZjHZTCXpGLmJWQmu6Z0cbTcPSh41ICjir9Qh
iwHERa1uK2OrkmthCk0g7XO6fM7+FrXbn4Dw1ots2Qh5Sk94ZdqSvL41+bPE+SeA
Tv+WUuYCIOEHc+ldK72y8QIDAQABo4IBKTCCASUwDgYDVR0PAQH/BAQDAgEGMBIG
A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJbeYfG9HBYpUxzAzH07gwBA5hp8
MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5n
bG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8ELzAtMCugKaAnhiVodHRw
Oi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMD4GCCsGAQUFBwEBBDIw
MDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3Ry
MzAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpjmove4t0bvDANBgkqhkiG9w0BAQsF
AAOCAQEAugYpwLQZjCERwJQRnrs91NVDQPafuyULI2i1Gvf6VGTMKxP5IfBEreHo
FVjb7v3bok3MGI8Nmm3DawGhMfCNvABAzDlfh2FRbfSV6uoVNT5AhcBi1aE0/niq
qLJaOfM3Qfuc6D5xSlvr+GlYoeDGk3fpumeS62VYkHBzQn2v9CMmeReq+qS7meVE
b2WB58rrVcj0ticRIXSUvGu3dGIpxM2uR/LmQlt4hgVhy5CqeYnfBH6xJnBLjUAf
hHvA+wfmyLdOkfQ1A+3o60EQF0m0YsinLPLhTI8DLPMWN11n8aQ5eUmjwF3MVfkh
gA/7zuIpalhQ6abX6xwyNrVip8H65g==
-----END CERTIFICATE-----
Raw
新しく発行された中間証明書のSPKI
openssl x509 -in globalsign_new_int.cert -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary |openssl base64
IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=
Raw
誤って失効された中間証明書のSPKI
openssl x509 -in globalsign_revoked.cert -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary |openssl base64
IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=
Raw
間違って一時的にOCSPで失効された中間証明書
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:00:00:00:00:01:44:4e:f0:42:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
Validity
Not Before: Feb 20 10:00:00 2014 GMT
Not After : Feb 20 10:00:00 2024 GMT
Subject: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:0e:6c:3f:23:93:7f:cc:70:a5:9d:20:c3:0e:
53:3f:7e:c0:4e:c2:98:49:ca:47:d5:23:ef:03:34:
85:74:c8:a3:02:2e:46:5c:0b:7d:c9:88:9d:4f:8b:
f0:f8:9c:6c:8c:55:35:db:bf:f2:b3:ea:fb:e3:56:
e7:4a:46:d9:13:22:ca:36:d5:9b:c1:a8:e3:96:43:
93:f2:0c:bc:e6:f9:e6:e8:99:c8:63:48:78:7f:57:
36:69:1a:19:1d:5a:d1:d4:7d:c2:9c:d4:7f:e1:80:
12:ae:7a:ea:88:ea:57:d8:ca:0a:0a:3a:12:49:a2:
62:19:7a:0d:24:f7:37:eb:b4:73:92:7b:05:23:9b:
12:b5:ce:eb:29:df:a4:14:02:b9:01:a5:d4:a6:9c:
43:64:88:de:f8:7e:fe:e3:f5:1e:e5:fe:dc:a3:a8:
e4:66:31:d9:4c:25:e9:18:b9:89:59:09:ae:e9:9d:
1c:6d:37:0f:4a:1e:35:20:28:e2:af:d4:21:8b:01:
c4:45:ad:6e:2b:63:ab:92:6b:61:0a:4d:20:ed:73:
ba:7c:ce:fe:16:b5:db:9f:80:f0:d6:8b:6c:d9:08:
79:4a:4f:78:65:da:92:bc:be:35:f9:b3:c4:f9:27:
80:4e:ff:96:52:e6:02:20:e1:07:73:e9:5d:2b:bd:
b2:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Subject Key Identifier:
96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:00:40:E6:1A:7C
X509v3 Certificate Policies:
Policy: X509v3 Any Policy
CPS: https://www.globalsign.com/repository/
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.globalsign.net/root.crl
Authority Information Access:
OCSP - URI:http://ocsp.globalsign.com/rootr1
X509v3 Authority Key Identifier:
keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
Signature Algorithm: sha256WithRSAEncryption
46:2a:ee:5e:bd:ae:01:60:37:31:11:86:71:74:b6:46:49:c8:
10:16:fe:2f:62:23:17:ab:1f:87:f8:82:ed:ca:df:0e:2c:df:
64:75:8e:e5:18:72:a7:8c:3a:8b:c9:ac:a5:77:50:f7:ef:9e:
a4:e0:a0:8f:14:57:a3:2a:5f:ec:7e:6d:10:e6:ba:8d:b0:08:
87:76:0e:4c:b2:d9:51:bb:11:02:f2:5c:dd:1c:bd:f3:55:96:
0f:d4:06:c0:fc:e2:23:8a:24:70:d3:bb:f0:79:1a:a7:61:70:
83:8a:af:06:c5:20:d8:a1:63:d0:6c:ae:4f:32:d7:ae:7c:18:
45:75:05:29:77:df:42:40:64:64:86:be:2a:76:09:31:6f:1d:
24:f4:99:d0:85:fe:f2:21:08:f9:c6:f6:f1:d0:59:ed:d6:56:
3c:08:28:03:67:ba:f0:f9:f1:90:16:47:ae:67:e6:bc:80:48:
e9:42:76:34:97:55:69:24:0e:83:d6:a0:2d:b4:f5:f3:79:8a:
49:28:74:1a:41:a1:c2:d3:24:88:35:30:60:94:17:b4:e1:04:
22:31:3d:3b:2f:17:06:b2:b8:9d:86:2b:5a:69:ef:83:f5:4b:
c4:aa:b4:2a:f8:7c:a1:b1:85:94:8c:f4:0c:87:0c:f4:ac:40:
f8:59:49:98
-----BEGIN CERTIFICATE-----
MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc
C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj
SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj
mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt
Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl
2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B
Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT
HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0
dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow
KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB
BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv
bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI
hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s
32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy
XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3
30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA
SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G
K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
-----END CERTIFICATE-----
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment