When we visit an online business, we need to verify the certificate provided by their server. Verify process is mainly about verifying the digital signature of the certificate.
Take bank of america (www.bankofamerica.com) as an example, the issuer "Symantec Class 3 EV SSL CA - G3" generate a digital signature with its private key and the public key of www.bankofamerica.com. It can be revealed with command openssl x509. Using the public key of "Symantec Class 3 EV SSL CA - G3", we can verify the signature presented in bank of america's certificate is authentic, with the name of mathematics.
The certificate of "Symantec Class 3 EV SSL CA - G3" also bearing a signature generated by it's issuers (VeriSign Class 3 Public Primary Certification Authority - G5) private key, which can be verified with the public key of "VeriSign Class 3 Public Primary Certification Authority - G5".
The certificate of "VeriSign Class 3 Public Primary Certification Authority - G5" is self-signed, the signature it bearing is generated with its own private key and can be verified with its public key. Since everybody on the internet trusts VeriSign, it don't need a signature from another organization to prove its own identity.
$ openssl s_client -connect 171.161.207.100:443 -showcerts -verify 5
verify depth is 5
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 EV SSL CA - G3
verify return:1
depth=0 jurisdictionC = US, jurisdictionST = Delaware, businessCategory = Private Organization, serialNumber = 2927442, C = US, postalCode = 60603, ST = Illinois, L = Chicago, street = 135 S La Salle St, O = Bank of America Corporation, OU = eComm Network Infrastructure, CN = www.bankofamerica.com
verify return:1
---
Certificate chain
0 s:/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=2927442/C=US/postalCode=60603/ST=Illinois/L=Chicago/street=135 S La Salle St/O=Bank of America Corporation/OU=eComm Network Infrastructure/CN=www.bankofamerica.com
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
-----BEGIN CERTIFICATE-----
MIIGzTCCBbWgAwIBAgIQZw38pkdGCfyVtu3gGj6+wDANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTYwOTA4MDAwMDAwWhcNMTcwOTA5
MjM1OTU5WjCCASwxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB
AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD
VQQFEwcyOTI3NDQyMQswCQYDVQQGEwJVUzEOMAwGA1UEEQwFNjA2MDMxETAPBgNV
BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRowGAYDVQQJDBExMzUgUyBM
YSBTYWxsZSBTdDEkMCIGA1UECgwbQmFuayBvZiBBbWVyaWNhIENvcnBvcmF0aW9u
MSUwIwYDVQQLDBxlQ29tbSBOZXR3b3JrIEluZnJhc3RydWN0dXJlMR4wHAYDVQQD
DBV3d3cuYmFua29mYW1lcmljYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC/TqlEZRi3BOSn3Tb6R9TGlgPTAOVPjRZ3hHnApUrWqxBu4if/0DMT
Fd5Z3pjLZwj7AApuSqO4UxsU8x9vnuknqOQqa8rFEUON4zVUDsoCR3l+7KC7Acj7
tPDUT/pjdPIe+X00GLEKf7GeZQPZsuR7ha7ubdlfAWNyM4KlCiS0HtDMY6XDwyNo
qx1gnbMSFOZwiOSb/WHYvtlxR//1+3xBmmuY1ADI3ucEVUtgfbBrOWK4+GJekhw9
0MJ/U1bkse09UWmZXWZMD8IWrNGDFpulNPWFX/9p22wn139wU9DaTCMWEg474ZE2
C7wLc+W+ED8qaX2bUzZmovajKR8YHM69AgMBAAGjggKcMIICmDA6BgNVHREEMzAx
ghhtb2JpbGUuYmFua29mYW1lcmljYS5jb22CFXd3dy5iYW5rb2ZhbWVyaWNhLmNv
bTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwbwYDVR0gBGgwZjAHBgVngQwBATBbBgtghkgBhvhFAQcXBjBM
MCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcC
AjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToL
WaZkY9bPIAdX1ZHnajArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2Iu
Y29tL3NyLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9z
ci5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3Iu
Y3J0MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA3esdK3oNT6Ygi4GtgWhwfi6O
nQHVXIiNPRHEzbbsvswAAAFXC1DEggAABAMASDBGAiEA4R53+kQj3qfksYu1Gt4s
chQjO9lknpuUVn23eK6P8JUCIQD1yk1gi8ESoKK60Ildlx1y9mAu/5YTbbNozGlA
BQPh1QB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABVwtQxcsA
AAQDAEgwRgIhAMkzubkAtzPoMTvWJzptolZ9MDMca6wj3JxCP7RrXGHkAiEA5Smx
0Aj0XaBVY8NDODIFcN5QrelpQYUV3hziMWb84m0wDQYJKoZIhvcNAQELBQADggEB
AG3/NuJP9lMxDhdMXEbYegw554x57PDcJOhxadv6mvtMIhenfCyXdv3DDwCFUsu3
zmgqkXc/LpixanSdSWK6fsiujjpspeyo8XhGpW/ABMlPkUIJATJ76nSF5uLmC5uv
kX1KYhTW7kGN8wU2zsxkQvOvM/fSc0StjtoXFp1BwtqtImR6MQyGf1WQVs+LF8TW
g9bnbOOLr2OT0uLFpG4UnuYuGlv6uJOp7edAAjUzKTFZA3tCZqU0hhves7JPcIOO
BXmCxcOhEmCii/np+tHDsWIgSaf2emIw9YapJBk8Qfwl7t4pwt/JldNk5a7wwkgd
xuq62FwAYaD+xFi3yIp1H2c=
-----END CERTIFICATE-----
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs
YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9
FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM
BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL
pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu
IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c
zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj
MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw
BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov
L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z
eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi
LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx
GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk
Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq
hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F
nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE
qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P
eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw
LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j
2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==
-----END CERTIFICATE-----
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----
---
Server certificate
subject=/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=2927442/C=US/postalCode=60603/ST=Illinois/L=Chicago/street=135 S La Salle St/O=Bank of America Corporation/OU=eComm Network Infrastructure/CN=www.bankofamerica.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 4478 bytes and written 626 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID: 3ADB79A0175F9FBD6EA3C97A28AA800AC1C96148D445AD9DDABCB2A6FB43B790
Session-ID-ctx:
Master-Key: EBB2ABB1FEC1373993CF19630CA9005D06DCC16466F7B18E47371D2FBC78872C245999D102E4CE0CE0360E3669A102D9
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1502632952
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Q
DONE
demoAdmin@deomPC ~
$ vi bac.crt
demoAdmin@deomPC ~
$ openssl x509 -in bac.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:0d:fc:a6:47:46:09:fc:95:b6:ed:e0:1a:3e:be:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 EV SSL CA - G3
Validity
Not Before: Sep 8 00:00:00 2016 GMT
Not After : Sep 9 23:59:59 2017 GMT
Subject: jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=2927442, C=US/postalCode=60603, ST=Illinois, L=Chicago/street=135 S La Salle St, O=Bank of America Corporation, OU=eComm Network Infrastructure, CN=www.bankofamerica.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:4e:a9:44:65:18:b7:04:e4:a7:dd:36:fa:47:
d4:c6:96:03:d3:00:e5:4f:8d:16:77:84:79:c0:a5:
4a:d6:ab:10:6e:e2:27:ff:d0:33:13:15:de:59:de:
98:cb:67:08:fb:00:0a:6e:4a:a3:b8:53:1b:14:f3:
1f:6f:9e:e9:27:a8:e4:2a:6b:ca:c5:11:43:8d:e3:
35:54:0e:ca:02:47:79:7e:ec:a0:bb:01:c8:fb:b4:
f0:d4:4f:fa:63:74:f2:1e:f9:7d:34:18:b1:0a:7f:
b1:9e:65:03:d9:b2:e4:7b:85:ae:ee:6d:d9:5f:01:
63:72:33:82:a5:0a:24:b4:1e:d0:cc:63:a5:c3:c3:
23:68:ab:1d:60:9d:b3:12:14:e6:70:88:e4:9b:fd:
61:d8:be:d9:71:47:ff:f5:fb:7c:41:9a:6b:98:d4:
00:c8:de:e7:04:55:4b:60:7d:b0:6b:39:62:b8:f8:
62:5e:92:1c:3d:d0:c2:7f:53:56:e4:b1:ed:3d:51:
69:99:5d:66:4c:0f:c2:16:ac:d1:83:16:9b:a5:34:
f5:85:5f:ff:69:db:6c:27:d7:7f:70:53:d0:da:4c:
23:16:12:0e:3b:e1:91:36:0b:bc:0b:73:e5:be:10:
3f:2a:69:7d:9b:53:36:66:a2:f6:a3:29:1f:18:1c:
ce:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:mobile.bankofamerica.com, DNS:www.bankofamerica.com
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 2.23.140.1.1
Policy: 2.16.840.1.113733.1.7.23.6
CPS: https://d.symcb.com/cps
User Notice:
Explicit Text: https://d.symcb.com/rpa
X509v3 Authority Key Identifier:
keyid:01:59:AB:E7:DD:3A:0B:59:A6:64:63:D6:CF:20:07:57:D5:91:E7:6A
X509v3 CRL Distribution Points:
Full Name:
URI:http://sr.symcb.com/sr.crl
Authority Information Access:
OCSP - URI:http://sr.symcd.com
CA Issuers - URI:http://sr.symcb.com/sr.crt
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E:
2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC
Timestamp : Sep 8 19:40:25.090 2016 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E1:1E:77:FA:44:23:DE:A7:E4:B1:8B:
B5:1A:DE:2C:72:14:23:3B:D9:64:9E:9B:94:56:7D:B7:
78:AE:8F:F0:95:02:21:00:F5:CA:4D:60:8B:C1:12:A0:
A2:BA:D0:89:5D:97:1D:72:F6:60:2E:FF:96:13:6D:B3:
68:CC:69:40:05:03:E1:D5
Signed Certificate Timestamp:
Version : v1(0)
Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
Timestamp : Sep 8 19:40:25.419 2016 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C9:33:B9:B9:00:B7:33:E8:31:3B:D6:
27:3A:6D:A2:56:7D:30:33:1C:6B:AC:23:DC:9C:42:3F:
B4:6B:5C:61:E4:02:21:00:E5:29:B1:D0:08:F4:5D:A0:
55:63:C3:43:38:32:05:70:DE:50:AD:E9:69:41:85:15:
DE:1C:E2:31:66:FC:E2:6D
Signature Algorithm: sha256WithRSAEncryption
6d:ff:36:e2:4f:f6:53:31:0e:17:4c:5c:46:d8:7a:0c:39:e7:
8c:79:ec:f0:dc:24:e8:71:69:db:fa:9a:fb:4c:22:17:a7:7c:
2c:97:76:fd:c3:0f:00:85:52:cb:b7:ce:68:2a:91:77:3f:2e:
98:b1:6a:74:9d:49:62:ba:7e:c8:ae:8e:3a:6c:a5:ec:a8:f1:
78:46:a5:6f:c0:04:c9:4f:91:42:09:01:32:7b:ea:74:85:e6:
e2:e6:0b:9b:af:91:7d:4a:62:14:d6:ee:41:8d:f3:05:36:ce:
cc:64:42:f3:af:33:f7:d2:73:44:ad:8e:da:17:16:9d:41:c2:
da:ad:22:64:7a:31:0c:86:7f:55:90:56:cf:8b:17:c4:d6:83:
d6:e7:6c:e3:8b:af:63:93:d2:e2:c5:a4:6e:14:9e:e6:2e:1a:
5b:fa:b8:93:a9:ed:e7:40:02:35:33:29:31:59:03:7b:42:66:
a5:34:86:1b:de:b3:b2:4f:70:83:8e:05:79:82:c5:c3:a1:12:
60:a2:8b:f9:e9:fa:d1:c3:b1:62:20:49:a7:f6:7a:62:30:f5:
86:a9:24:19:3c:41:fc:25:ee:de:29:c2:df:c9:95:d3:64:e5:
ae:f0:c2:48:1d:c6:ea:ba:d8:5c:00:61:a0:fe:c4:58:b7:c8:
8a:75:1f:67
-----BEGIN CERTIFICATE-----
MIIGzTCCBbWgAwIBAgIQZw38pkdGCfyVtu3gGj6+wDANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTYwOTA4MDAwMDAwWhcNMTcwOTA5
MjM1OTU5WjCCASwxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB
AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD
VQQFEwcyOTI3NDQyMQswCQYDVQQGEwJVUzEOMAwGA1UEEQwFNjA2MDMxETAPBgNV
BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRowGAYDVQQJDBExMzUgUyBM
YSBTYWxsZSBTdDEkMCIGA1UECgwbQmFuayBvZiBBbWVyaWNhIENvcnBvcmF0aW9u
MSUwIwYDVQQLDBxlQ29tbSBOZXR3b3JrIEluZnJhc3RydWN0dXJlMR4wHAYDVQQD
DBV3d3cuYmFua29mYW1lcmljYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC/TqlEZRi3BOSn3Tb6R9TGlgPTAOVPjRZ3hHnApUrWqxBu4if/0DMT
Fd5Z3pjLZwj7AApuSqO4UxsU8x9vnuknqOQqa8rFEUON4zVUDsoCR3l+7KC7Acj7
tPDUT/pjdPIe+X00GLEKf7GeZQPZsuR7ha7ubdlfAWNyM4KlCiS0HtDMY6XDwyNo
qx1gnbMSFOZwiOSb/WHYvtlxR//1+3xBmmuY1ADI3ucEVUtgfbBrOWK4+GJekhw9
0MJ/U1bkse09UWmZXWZMD8IWrNGDFpulNPWFX/9p22wn139wU9DaTCMWEg474ZE2
C7wLc+W+ED8qaX2bUzZmovajKR8YHM69AgMBAAGjggKcMIICmDA6BgNVHREEMzAx
ghhtb2JpbGUuYmFua29mYW1lcmljYS5jb22CFXd3dy5iYW5rb2ZhbWVyaWNhLmNv
bTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwbwYDVR0gBGgwZjAHBgVngQwBATBbBgtghkgBhvhFAQcXBjBM
MCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcC
AjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToL
WaZkY9bPIAdX1ZHnajArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2Iu
Y29tL3NyLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9z
ci5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3Iu
Y3J0MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA3esdK3oNT6Ygi4GtgWhwfi6O
nQHVXIiNPRHEzbbsvswAAAFXC1DEggAABAMASDBGAiEA4R53+kQj3qfksYu1Gt4s
chQjO9lknpuUVn23eK6P8JUCIQD1yk1gi8ESoKK60Ildlx1y9mAu/5YTbbNozGlA
BQPh1QB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABVwtQxcsA
AAQDAEgwRgIhAMkzubkAtzPoMTvWJzptolZ9MDMca6wj3JxCP7RrXGHkAiEA5Smx
0Aj0XaBVY8NDODIFcN5QrelpQYUV3hziMWb84m0wDQYJKoZIhvcNAQELBQADggEB
AG3/NuJP9lMxDhdMXEbYegw554x57PDcJOhxadv6mvtMIhenfCyXdv3DDwCFUsu3
zmgqkXc/LpixanSdSWK6fsiujjpspeyo8XhGpW/ABMlPkUIJATJ76nSF5uLmC5uv
kX1KYhTW7kGN8wU2zsxkQvOvM/fSc0StjtoXFp1BwtqtImR6MQyGf1WQVs+LF8TW
g9bnbOOLr2OT0uLFpG4UnuYuGlv6uJOp7edAAjUzKTFZA3tCZqU0hhves7JPcIOO
BXmCxcOhEmCii/np+tHDsWIgSaf2emIw9YapJBk8Qfwl7t4pwt/JldNk5a7wwkgd
xuq62FwAYaD+xFi3yIp1H2c=
-----END CERTIFICATE-----
demoAdmin@deomPC ~
$ vi ca.crt
demoAdmin@deomPC ~
$ openssl x509 -in ca.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:e1:4a:6f:6f:ef:f2:d3:7f:3f:ad:65:4d:3a:da:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Validity
Not Before: Oct 31 00:00:00 2013 GMT
Not After : Oct 30 23:59:59 2023 GMT
Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 EV SSL CA - G3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d8:a1:65:74:23:e8:2b:64:e2:32:d7:33:37:3d:
8e:f5:34:16:48:dd:4f:7f:87:1c:f8:44:23:13:8e:
fb:11:d8:44:5a:18:71:8e:60:16:26:92:9b:fd:17:
0b:e1:71:70:42:fe:bf:fa:1c:c0:aa:a3:a7:b5:71:
e8:ff:18:83:f6:df:10:0a:13:62:c8:3d:9c:a7:de:
2e:3f:0c:d9:1d:e7:2e:fb:2a:ce:c8:9a:7f:87:bf:
d8:4c:04:15:32:c9:d1:cc:95:71:a0:4e:28:4f:84:
d9:35:fb:e3:86:6f:94:53:e6:72:8a:63:67:2e:be:
69:f6:f7:6e:8e:9c:60:04:eb:29:fa:c4:47:42:d2:
78:98:e3:ec:0b:a5:92:dc:b7:9a:bd:80:64:2b:38:
7c:38:09:5b:66:f6:2d:95:7a:86:b2:34:2e:85:9e:
90:0e:5f:b7:5d:a4:51:72:46:70:13:bf:67:f2:b6:
a7:4d:14:1e:6c:b9:53:ee:23:1a:4e:8d:48:55:43:
41:b1:89:75:6a:40:28:c5:7d:dd:d2:6e:d2:02:19:
2f:7b:24:94:4b:eb:f1:1a:a9:9b:e3:23:9a:ea:fa:
33:ab:0a:2c:b7:f4:60:08:dd:9f:1c:cd:dd:2d:01:
66:80:af:b3:2f:29:1d:23:b8:8a:e1:a1:70:07:0c:
34:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
OCSP - URI:http://s2.symcb.com
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Certificate Policies:
Policy: X509v3 Any Policy
CPS: http://www.symauth.com/cps
User Notice:
Explicit Text: http://www.symauth.com/rpa
X509v3 CRL Distribution Points:
Full Name:
URI:http://s1.symcb.com/pca3-g5.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Alternative Name:
DirName:/CN=SymantecPKI-1-533
X509v3 Subject Key Identifier:
01:59:AB:E7:DD:3A:0B:59:A6:64:63:D6:CF:20:07:57:D5:91:E7:6A
X509v3 Authority Key Identifier:
keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33
Signature Algorithm: sha256WithRSAEncryption
42:01:55:7b:d0:16:1a:5d:58:e8:bb:9b:a8:4d:d7:f3:d7:eb:
13:94:86:d6:7f:21:0b:47:bc:57:9b:92:5d:4f:05:9f:38:a4:
10:7c:cf:83:be:06:43:46:8d:08:bc:6a:d7:10:a6:fa:ab:af:
2f:61:a8:63:f2:65:df:7f:4c:88:12:88:4f:b3:69:d9:ff:27:
c0:0a:97:91:8f:56:fb:89:c4:a8:bb:92:2d:1b:73:b0:c6:ab:
36:f4:96:6c:20:08:ef:0a:1e:66:24:45:4f:67:00:40:c8:07:
54:74:33:3b:a6:ad:bb:23:9f:66:ed:a2:44:70:34:fb:0e:ea:
01:fd:cf:78:74:df:a7:ad:55:b7:5f:4d:f6:d6:3f:e0:86:ce:
24:c7:42:a9:13:14:44:35:4b:b6:df:c9:60:ac:0c:7f:d9:93:
21:4b:ee:9c:e4:49:02:98:d3:60:7b:5c:bc:d5:30:2f:07:ce:
44:42:c4:0b:99:fe:e6:9f:fc:b0:78:86:51:6d:d1:2c:9d:c6:
96:fb:85:82:bb:04:2f:f7:62:80:ef:62:da:7f:f6:0e:ac:90:
b8:56:bd:79:3f:f2:80:6e:a3:d9:b9:0f:5d:3a:07:1d:91:93:
86:4b:29:4c:e1:dc:b5:e1:e0:33:9d:b3:cb:36:91:4b:fe:a1:
b4:ee:f0:f9
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs
YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9
FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM
BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL
pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu
IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c
zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj
MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw
BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov
L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z
eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi
LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx
GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk
Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq
hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F
nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE
qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P
eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw
LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j
2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==
-----END CERTIFICATE-----
demoAdmin@deomPC ~
$ vi root.crt
demoAdmin@deomPC ~
$ openssl x509 -in root.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Validity
Not Before: Nov 8 00:00:00 2006 GMT
Not After : Jul 16 23:59:59 2036 GMT
Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:af:24:08:08:29:7a:35:9e:60:0c:aa:e7:4b:3b:
4e:dc:7c:bc:3c:45:1c:bb:2b:e0:fe:29:02:f9:57:
08:a3:64:85:15:27:f5:f1:ad:c8:31:89:5d:22:e8:
2a:aa:a6:42:b3:8f:f8:b9:55:b7:b1:b7:4b:b3:fe:
8f:7e:07:57:ec:ef:43:db:66:62:15:61:cf:60:0d:
a4:d8:de:f8:e0:c3:62:08:3d:54:13:eb:49:ca:59:
54:85:26:e5:2b:8f:1b:9f:eb:f5:a1:91:c2:33:49:
d8:43:63:6a:52:4b:d2:8f:e8:70:51:4d:d1:89:69:
7b:c7:70:f6:b3:dc:12:74:db:7b:5d:4b:56:d3:96:
bf:15:77:a1:b0:f4:a2:25:f2:af:1c:92:67:18:e5:
f4:06:04:ef:90:b9:e4:00:e4:dd:3a:b5:19:ff:02:
ba:f4:3c:ee:e0:8b:eb:37:8b:ec:f4:d7:ac:f2:f6:
f0:3d:af:dd:75:91:33:19:1d:1c:40:cb:74:24:19:
21:93:d9:14:fe:ac:2a:52:c7:8f:d5:04:49:e4:8d:
63:47:88:3c:69:83:cb:fe:47:bd:2b:7e:4f:c5:95:
ae:0e:9d:d4:d1:43:c0:67:73:e3:14:08:7e:e5:3f:
9f:73:b8:33:0a:cf:5d:3f:34:87:96:8a:ee:53:e8:
25:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
1.3.6.1.5.5.7.1.12:
0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
X509v3 Subject Key Identifier:
7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33
Signature Algorithm: sha1WithRSAEncryption
93:24:4a:30:5f:62:cf:d8:1a:98:2f:3d:ea:dc:99:2d:bd:77:
f6:a5:79:22:38:ec:c4:a7:a0:78:12:ad:62:0e:45:70:64:c5:
e7:97:66:2d:98:09:7e:5f:af:d6:cc:28:65:f2:01:aa:08:1a:
47:de:f9:f9:7c:92:5a:08:69:20:0d:d9:3e:6d:6e:3c:0d:6e:
d8:e6:06:91:40:18:b9:f8:c1:ed:df:db:41:aa:e0:96:20:c9:
cd:64:15:38:81:c9:94:ee:a2:84:29:0b:13:6f:8e:db:0c:dd:
25:02:db:a4:8b:19:44:d2:41:7a:05:69:4a:58:4f:60:ca:7e:
82:6a:0b:02:aa:25:17:39:b5:db:7f:e7:84:65:2a:95:8a:bd:
86:de:5e:81:16:83:2d:10:cc:de:fd:a8:82:2a:6d:28:1f:0d:
0b:c4:e5:e7:1a:26:19:e1:f4:11:6f:10:b5:95:fc:e7:42:05:
32:db:ce:9d:51:5e:28:b6:9e:85:d3:5b:ef:a5:7d:45:40:72:
8e:b7:0e:6b:0e:06:fb:33:35:48:71:b8:9d:27:8b:c4:65:5f:
0d:86:76:9c:44:7a:f6:95:5c:f6:5d:32:08:33:a4:54:b6:18:
3f:68:5c:f2:42:4a:85:38:54:83:5f:d1:e8:2c:f2:ac:11:d6:
a8:ed:63:6a
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----
demoAdmin@deomPC ~
$
No comments:
Post a Comment