Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This paste contains information on how you can verify that the latest diginotar.nl *.google.com cert is real. This CA should receive an internet death sentence as their carelessness may have resulted in deaths in Iran - this cert was issued in JULY of 2011 and it is now just a few days before SEPTEMBER. It is being used in the wild against real people in Iran *right* now.
- tl;dr:
- openssl verify -verbose -CApath /etc/ssl/certs/ -CAfile /etc/ssl/certs/DigiNotar_Root_CA.pem -CAfile inter.crt -purpose any google.com.crt google.com.crt: OK
- Verify the cert below.
- Put this in inter.crt:
- -----BEGIN CERTIFICATE-----
- MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf
- MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp
- Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww
- HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES
- MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB
- IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq
- hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72
- Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA
- SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU
- Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s
- xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad
- 6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB
- sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh
- dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM
- 100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB
- AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv
- Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv
- dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv
- IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0
- hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM
- LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV
- +m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ
- ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE
- wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4
- a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC
- 4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr
- asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG
- yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ
- Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G
- fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC
- hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY
- MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1
- hOiR4IX9Tg==
- -----END CERTIFICATE-----
- Put this in google.com.crt:
- -----BEGIN CERTIFICATE-----
- MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm
- MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp
- Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v
- dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE
- BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp
- ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j
- b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS
- CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q
- 7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD
- ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x
- OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8
- vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2
- EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0
- dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43
- /LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH
- aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u
- bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u
- IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg
- dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8
- oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s
- YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn
- b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG
- 9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH
- UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB
- pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM
- FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum
- U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK
- baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==
- -----END CERTIFICATE-----
- Run this:
- openssl verify -verbose -CApath /etc/ssl/certs/ -CAfile /etc/ssl/certs/DigiNotar_Root_CA.pem -CAfile inter.crt -purpose any google.com.crt
- Cry about this:
- google.com.crt: OK
- Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56
- Signature Algorithm: sha1WithRSAEncryption
- Issuer:
- emailAddress = info@diginotar.nl
- commonName = DigiNotar Public CA 2025
- organizationName = DigiNotar
- countryName = NL
- Validity
- Not Before: Jul 10 19:06:30 2011 GMT
- Not After : Jul 9 19:06:30 2013 GMT
- Subject:
- commonName = *.google.com
- serialNumber = PK000229200002
- localityName = Mountain View
- organizationName = Google Inc
- countryName = US
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:cd:6d:e2:ae:6c:25:74:68:2c:61:3a:23:92:09:
- 24:3f:c3:d1:d7:4d:8b:83:e4:12:ca:ba:2a:97:37:
- 0d:ec:7a:d7:53:ca:67:89:cf:62:fc:69:63:87:a3:
- 79:e2:70:53:43:57:05:93:83:05:a8:98:63:6b:d8:
- 9e:90:ee:0d:62:20:d3:52:5b:4a:d1:e0:4d:65:da:
- cc:d1:91:c9:c0:63:a7:3a:8b:f1:24:7b:dd:e7:17:
- 88:b6:84:3b:27:20:1b:de:a2:51:79:ca:3a:6e:46:
- 6e:f7:b9:04:03:ba:51:e3:03:70:45:44:5f:cf:4e:
- 2d:1f:c3:6f:d8:b7:ef:22:7a:83:2e:35:c3:16:37:
- a1:28:bb:91:aa:b7:96:19:91:6b:f5:ef:aa:1f:78:
- 26:ec:06:63:2b:3f:ce:f1:3a:18:6d:4c:37:24:09:
- aa:64:e1:54:19:1b:65:eb:7f:36:5c:57:ab:5d:cc:
- 2a:79:4c:8f:2e:1d:db:b5:ed:c7:73:5e:6d:62:99:
- 9f:2d:ca:fc:c5:7a:20:84:39:03:7c:bc:f3:73:07:
- f7:c8:af:70:89:43:9a:b8:b8:ce:5a:29:3d:c3:0f:
- 93:de:57:37:f8:ad:f2:4a:40:d8:02:4d:68:88:05:
- cf:57:71:61:14:ba:cc:f0:02:c9:e6:83:b7:b6:10:
- 94:5d
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://validation.diginotar.nl
- X509v3 Authority Key Identifier:
- keyid:DF:33:C0:AF:92:FE:37:FC:B6:D8:16:16:D0:D9:B1:91:D5:FA:6E:A5
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Certificate Policies:
- Policy: 2.16.528.1.1001.1.1.1.2.4.1.2.2
- CPS: http://www.diginotar.nl/cps
- User Notice:
- Explicit Text: Conditions, as mentioned on our website (www.diginotar.nl), are applicable to all our products and services.
- X509v3 CRL Distribution Points:
- URI:http://service.diginotar.nl/crl/public2025/latestCRL.crl
- X509v3 Key Usage: critical
- Digital Signature, Key Encipherment, Data Encipherment
- X509v3 Subject Alternative Name:
- email:admin@google.com
- X509v3 Subject Key Identifier:
- 07:4A:7D:16:27:32:28:D1:E3:01:31:05:0D:B0:CA:8D:E9:E1:7F:ED
- Signature Algorithm: sha1WithRSAEncryption
- 02:ce:5d:2f:b3:7d:c3:34:49:90:8e:00:ab:89:42:e6:df:23:
- e5:96:9d:aa:7a:94:72:06:0b:00:3c:d2:bf:81:31:ca:d3:47:
- 51:8d:a7:1f:a8:95:4e:28:42:d1:43:d2:b0:82:d6:ad:aa:1e:
- 02:97:53:ed:1a:61:cf:ff:03:2d:01:01:44:67:5e:29:60:29:
- b4:d3:37:11:b8:97:b5:06:99:4f:6b:81:a6:27:4b:f1:4a:1a:
- 7d:7d:24:72:1d:df:ef:56:35:b1:ca:41:12:3b:ee:e5:96:4b:
- 9e:38:34:03:c0:0b:d2:d9:ec:7a:b7:8e:55:d0:e9:53:df:1b:
- 2a:a7:5b:6e:b9:cc:15:19:81:95:27:fb:c5:d6:8d:71:ae:89:
- 24:77:84:a6:06:b8:13:d4:f2:eb:cd:c2:99:c7:2b:48:65:dd:
- 53:6b:53:0a:e1:c4:27:0c:3e:88:e0:14:b4:f2:19:72:cb:a6:
- 53:bf:de:61:e6:35:a4:cc:86:2f:22:23:6c:d8:11:63:b9:c3:
- cd:1c:2f:33:f0:6c:6c:bf:5e:87:8f:e6:49:08:ff:e2:79:dc:
- a8:97:76:da:c5:50:a4:28:20:42:25:4a:6d:a0:76:b1:51:9c:
- 54:d0:64:2b:9e:5b:4f:c8:0f:aa:7c:7c:27:2a:6e:6f:25:2f:
- 6b:2c:d9:1a
- -----BEGIN CERTIFICATE-----
- MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm
- MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp
- Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v
- dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE
- BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp
- ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j
- b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS
- CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q
- 7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD
- ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x
- OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8
- vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2
- EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0
- dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43
- /LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH
- aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u
- bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u
- IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg
- dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8
- oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s
- YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn
- b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG
- 9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH
- UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB
- pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM
- FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum
- U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK
- baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==
- -----END CERTIFICATE-----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement