API tools faq
paste
Advertisement
xrs444

Untitled

xrs444
Jul 16th, 2018
18,769
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.48 KB | None | 0 0
raw download clone embed print report
  1. certutil -d /etc/dirsrv/slapd-I-DOMAIN-NET -L
  2.  
  3. Certificate Nickname Trust Attributes
  4. SSL,S/MIME,JAR/XPI
  5.  
  6. Server-Cert u,u,u
  7. O=DOMAIN,ST=Arizona,C=US CT,C,C
  8. I.DOMAIN.NET IPA CA CT,C,C
  9. I.DOMAIN.NET IPA CA CT,C,C
  10. I.DOMAIN.NET IPA CA CT,C,C
  11.  
  12. certutil -d /etc/dirsrv/slapd-I-DOMAIN-NET -L -n Server-Cert
  13. Certificate:
  14. Data:
  15. Version: 3 (0x2)
  16. Serial Number: 65 (0x41)
  17. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  18. Issuer: "CN=Certificate Authority,O=I.DOMAIN.NET"
  19. Validity:
  20. Not Before: Fri Jun 15 04:08:47 2018
  21. Not After : Mon Jun 15 04:08:47 2020
  22. Subject: "CN=xipa1.i.DOMAIN.net,O=I.DOMAIN.NET"
  23. Subject Public Key Info:
  24. Public Key Algorithm: PKCS #1 RSA Encryption
  25. RSA Public Key:
  26. Modulus:
  27. 9f:24:90:d6:ba:2b:26:30:49:0f:e8:0c:54:26:61:33:
  28. 3b:57:90:9f:cb:8b:e6:2d:b2:6d:74:25:bd:10:5c:97:
  29. ac:f5:c9:7a:22:5f:6b:89:42:75:90:3e:16:4a:e4:47:
  30. 8b:5b:05:27:c9:fb:52:fe:20:cd:3c:54:a8:d3:55:a1:
  31. 46:68:8a:a9:e4:73:a7:68:14:d8:67:24:96:d4:9a:63:
  32. 33:85:35:b0:e6:8a:f5:b0:9b:9b:e9:1f:11:b8:63:a9:
  33. 8a:69:df:37:a0:f9:ec:21:7b:4c:30:f6:c4:35:b0:3b:
  34. 2c:94:f9:b4:05:60:c6:22:2b:e2:b5:2b:ea:f5:d8:3f:
  35. 53:40:8e:8d:13:e5:68:51:33:9c:9c:33:5e:f0:6e:6a:
  36. dd:8c:18:6d:c1:5a:b5:9d:1c:ac:4d:ee:03:b8:82:58:
  37. 75:a3:fe:ca:3d:ee:83:9a:59:2c:9e:ed:15:c3:6e:49:
  38. b3:44:c9:37:9a:42:e7:74:15:69:2f:0f:ed:21:c2:8d:
  39. 80:a4:b0:81:da:22:af:cf:30:20:ec:9f:93:9c:15:f3:
  40. 78:d9:e3:66:85:e7:ac:b7:49:46:2f:f9:38:5a:f9:fe:
  41. 81:66:a8:95:f0:c7:b6:8f:7e:33:19:89:69:97:d1:bf:
  42. 00:48:af:54:bf:71:b9:41:f4:66:d2:00:a8:84:00:e7
  43. Exponent: 65537 (0x10001)
  44. Signed Extensions:
  45. Name: Certificate Authority Key Identifier
  46. Key ID:
  47. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  48. dd:24:ad:17
  49.  
  50. Name: Authority Information Access
  51. Method: PKIX Online Certificate Status Protocol
  52. Location:
  53. URI: "http://ipa-ca.i.DOMAIN.net/ca/ocsp"
  54.  
  55. Name: Certificate Key Usage
  56. Critical: True
  57. Usages: Digital Signature
  58. Non-Repudiation
  59. Key Encipherment
  60. Data Encipherment
  61.  
  62. Name: Extended Key Usage
  63. TLS Web Server Authentication Certificate
  64. TLS Web Client Authentication Certificate
  65.  
  66. Name: CRL Distribution Points
  67. Distribution point:
  68. URI: "http://ipa-ca.i.DOMAIN.net/ipa/crl/MasterCRL.bin"
  69. CRL issuer:
  70. Directory Name: "CN=Certificate Authority,O=ipaca"
  71.  
  72. Name: Certificate Subject Key ID
  73. Data:
  74. 90:58:d3:b8:e9:32:f2:79:0f:ed:32:59:e6:f4:08:c7:
  75. e7:54:e8:c0
  76.  
  77. Name: Certificate Subject Alt Name
  78. Other Name: "ldap/xipa1.i.DOMAIN.net@I.DOMAIN.NET"
  79. OID: Microsoft NT Principal Name
  80. Other Name: Sequence {
  81. [0]: {
  82. 1b:0c:49:2e:58:52:53:34:34:34:2e:4e:45:54
  83. }
  84. [1]: {
  85. Sequence {
  86. [0]: {
  87. 1 (0x1)
  88. }
  89. [1]: {
  90. Sequence {
  91. 1b:04:6c:64:61:70
  92. 1b:12:78:69:70:61:31:2e:69:2e:78:72:73:34:34:
  93. 34:2e:6e:65:74
  94. }
  95. }
  96. }
  97. }
  98. }
  99. OID: OID.1.3.6.1.5.2.2
  100.  
  101. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  102. Signature:
  103. 23:c6:b3:16:ba:fa:13:5a:a6:cc:69:27:be:8e:88:ba:
  104. ba:f8:96:e8:d7:d2:88:10:d1:73:aa:0b:1c:d8:72:90:
  105. f8:28:39:f5:2b:e2:ad:f9:63:28:f4:6e:a6:eb:48:ef:
  106. c7:71:5b:6a:60:f3:88:b1:89:82:88:f7:5a:dd:be:cc:
  107. 9e:5f:1b:9a:88:2d:1b:28:57:7e:0d:cc:6c:dc:72:1f:
  108. c3:d6:e8:80:fc:a9:95:2f:89:08:81:82:92:4c:e8:7c:
  109. 37:6a:59:78:07:d6:e6:20:dc:11:b9:43:b9:c8:81:a2:
  110. 06:25:8f:05:24:65:15:ea:5a:ad:b1:9e:7d:5a:8c:57:
  111. 35:e7:06:db:89:69:3e:ca:8a:61:ae:13:a4:e0:85:3c:
  112. 08:5e:28:1f:98:65:22:c8:09:af:92:d8:9e:c0:84:a3:
  113. c1:36:dd:75:f2:70:cd:67:6b:da:a9:e5:8e:d7:e9:bd:
  114. 2f:59:18:94:a0:be:0e:2f:f2:cc:ca:35:1c:fe:ce:a5:
  115. 6e:95:1d:e6:d8:ed:b5:b2:23:c8:df:4d:cb:8a:ce:ba:
  116. 43:4b:9b:c9:fc:b4:07:f3:98:47:26:4a:31:6f:3b:bf:
  117. a2:57:af:8e:9f:3a:a3:26:50:07:df:00:ec:72:eb:81:
  118. 96:83:c5:db:20:c8:e1:4a:0e:42:c2:e1:f8:ca:0a:88
  119. Fingerprint (SHA-256):
  120. 1D:9D:AE:8D:7C:C9:10:6F:C3:21:34:63:5A:F9:4B:41:D5:D5:EF:D1:6F:B1:76:77:95:DB:D2:91:88:95:EB:6B
  121. Fingerprint (SHA1):
  122. 83:BB:36:F6:D9:80:51:73:81:D4:03:1A:63:AB:15:3F:CB:88:DE:67
  123.  
  124. Mozilla-CA-Policy: false (attribute missing)
  125. Certificate Trust Flags:
  126. SSL Flags:
  127. User
  128. Email Flags:
  129. User
  130. Object Signing Flags:
  131. User
  132.  
  133. certutil -d /etc/dirsrv/slapd-I-DOMAIN-NET -L -n "I.DOMAIN.NET IPA CA"
  134. Certificate:
  135. Data:
  136. Version: 3 (0x2)
  137. Serial Number: 78 (0x4e)
  138. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  139. Issuer: "CN=Certificate Authority,O=I.DOMAIN.NET"
  140. Validity:
  141. Not Before: Sun Jun 17 09:06:38 2018
  142. Not After : Thu Jun 17 09:06:38 2038
  143. Subject: "CN=Certificate Authority,O=I.DOMAIN.NET"
  144. Subject Public Key Info:
  145. Public Key Algorithm: PKCS #1 RSA Encryption
  146. RSA Public Key:
  147. Modulus:
  148. c3:78:af:81:9c:ed:9b:18:0c:40:af:b9:35:06:a1:b2:
  149. 4e:20:f4:a9:a0:28:11:31:b6:2e:2e:ec:15:3b:10:39:
  150. 01:82:66:5f:14:bb:ff:f5:3d:dd:b5:c3:70:13:f0:81:
  151. 8e:6a:a1:a0:46:fb:f6:3e:56:d2:00:b0:9e:bb:50:7a:
  152. 7a:a6:29:19:42:b9:98:eb:ad:93:67:94:c1:7c:f0:17:
  153. d7:b5:d8:f4:a9:54:48:3c:15:38:b0:d8:e8:57:ee:03:
  154. 40:00:7f:69:61:e0:6d:7e:9e:ea:4a:a6:93:aa:0e:06:
  155. 5b:b6:57:4a:c4:85:32:a8:08:a8:fd:e9:ce:1c:ca:a3:
  156. 1e:10:70:c0:94:ef:cb:a8:87:8c:9f:fd:7c:87:cc:0e:
  157. 32:1a:cb:14:f6:31:5f:55:dc:f6:7a:8a:1d:91:15:27:
  158. 04:83:54:07:27:45:1d:02:11:8c:a0:d2:2f:b4:a1:53:
  159. e1:db:3a:78:ba:0b:6a:b2:09:17:22:15:85:00:7c:39:
  160. 91:e2:75:48:01:8d:99:43:30:75:8e:d9:ea:d2:fa:98:
  161. c7:b2:d7:5f:3f:7a:05:2c:3d:eb:2d:a9:b8:68:98:49:
  162. 20:b3:aa:c5:13:ee:8b:3b:50:60:98:e5:b5:c4:20:fa:
  163. 2a:ce:3d:e5:ed:9e:0f:cb:61:7c:ca:91:85:03:af:e7
  164. Exponent: 65537 (0x10001)
  165. Signed Extensions:
  166. Name: Certificate Authority Key Identifier
  167. Key ID:
  168. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  169. dd:24:ad:17
  170.  
  171. Name: Certificate Subject Key ID
  172. Data:
  173. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  174. dd:24:ad:17
  175.  
  176. Name: Certificate Basic Constraints
  177. Critical: True
  178. Data: Is a CA with no maximum path length.
  179.  
  180. Name: Certificate Key Usage
  181. Critical: True
  182. Usages: Digital Signature
  183. Non-Repudiation
  184. Certificate Signing
  185. CRL Signing
  186.  
  187. Name: Authority Information Access
  188. Method: PKIX Online Certificate Status Protocol
  189. Location:
  190. URI: "http://ipa-ca.i.DOMAIN.net/ca/ocsp"
  191.  
  192. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  193. Signature:
  194. a6:0b:08:fc:99:73:fd:73:70:c7:ba:0a:9e:67:96:6a:
  195. 40:11:01:66:97:30:0f:71:2c:b9:48:2e:a0:b1:04:de:
  196. df:9d:65:f1:55:21:58:3c:22:bf:be:73:1f:3f:3c:84:
  197. ea:26:15:50:69:9b:31:5c:7d:47:8b:71:4a:cb:36:89:
  198. 75:0e:26:9c:06:1f:e7:57:db:1b:ad:90:d6:d4:6e:21:
  199. 1a:b8:77:78:55:86:ef:ca:1d:72:1e:a2:4b:8b:ab:66:
  200. f1:c0:13:5f:56:08:b8:75:96:65:b1:86:55:5b:c8:9e:
  201. c1:a2:fd:15:30:54:8e:bf:2b:b4:0c:db:02:b4:72:71:
  202. 67:82:a5:04:35:3d:d1:84:8e:19:d1:f2:6c:2e:57:9a:
  203. cd:95:4c:4b:4b:a5:3e:ba:9a:5b:07:00:8f:20:a2:01:
  204. 59:93:63:43:13:62:3b:93:31:d4:3f:ec:37:f2:b9:f9:
  205. ea:77:7f:bd:16:1f:73:82:a3:1d:92:54:d3:65:a3:d6:
  206. 24:8a:68:25:6d:33:10:d3:ce:d5:80:4a:1f:80:ed:09:
  207. ea:b1:46:b8:41:b8:a9:1f:d8:27:65:31:c2:e7:ad:bd:
  208. 9b:08:d3:45:9b:13:97:d0:25:69:b0:d8:aa:7d:12:c8:
  209. b8:b5:72:c4:6f:d9:1e:c1:8e:25:e3:56:7a:b8:6d:cd
  210. Fingerprint (SHA-256):
  211. B1:BE:16:07:D7:E4:58:AC:B5:16:7A:10:9B:51:2D:5B:CD:83:80:00:61:33:0B:2A:D1:B6:50:A6:39:20:71:B1
  212. Fingerprint (SHA1):
  213. E4:73:A4:DD:4E:0C:36:44:50:26:02:A4:99:C6:9D:6A:A2:6F:59:3F
  214.  
  215. Mozilla-CA-Policy: false (attribute missing)
  216. Certificate Trust Flags:
  217. SSL Flags:
  218. Valid CA
  219. Trusted CA
  220. Trusted Client CA
  221. Email Flags:
  222. Valid CA
  223. Trusted CA
  224. Object Signing Flags:
  225. Valid CA
  226. Trusted CA
  227.  
  228. Certificate:
  229. Data:
  230. Version: 3 (0x2)
  231. Serial Number: 77 (0x4d)
  232. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  233. Issuer: "CN=Certificate Authority,O=I.DOMAIN.NET"
  234. Validity:
  235. Not Before: Sun Jun 17 07:24:26 2018
  236. Not After : Thu Jun 17 07:24:26 2038
  237. Subject: "CN=Certificate Authority,O=I.DOMAIN.NET"
  238. Subject Public Key Info:
  239. Public Key Algorithm: PKCS #1 RSA Encryption
  240. RSA Public Key:
  241. Modulus:
  242. c3:78:af:81:9c:ed:9b:18:0c:40:af:b9:35:06:a1:b2:
  243. 4e:20:f4:a9:a0:28:11:31:b6:2e:2e:ec:15:3b:10:39:
  244. 01:82:66:5f:14:bb:ff:f5:3d:dd:b5:c3:70:13:f0:81:
  245. 8e:6a:a1:a0:46:fb:f6:3e:56:d2:00:b0:9e:bb:50:7a:
  246. 7a:a6:29:19:42:b9:98:eb:ad:93:67:94:c1:7c:f0:17:
  247. d7:b5:d8:f4:a9:54:48:3c:15:38:b0:d8:e8:57:ee:03:
  248. 40:00:7f:69:61:e0:6d:7e:9e:ea:4a:a6:93:aa:0e:06:
  249. 5b:b6:57:4a:c4:85:32:a8:08:a8:fd:e9:ce:1c:ca:a3:
  250. 1e:10:70:c0:94:ef:cb:a8:87:8c:9f:fd:7c:87:cc:0e:
  251. 32:1a:cb:14:f6:31:5f:55:dc:f6:7a:8a:1d:91:15:27:
  252. 04:83:54:07:27:45:1d:02:11:8c:a0:d2:2f:b4:a1:53:
  253. e1:db:3a:78:ba:0b:6a:b2:09:17:22:15:85:00:7c:39:
  254. 91:e2:75:48:01:8d:99:43:30:75:8e:d9:ea:d2:fa:98:
  255. c7:b2:d7:5f:3f:7a:05:2c:3d:eb:2d:a9:b8:68:98:49:
  256. 20:b3:aa:c5:13:ee:8b:3b:50:60:98:e5:b5:c4:20:fa:
  257. 2a:ce:3d:e5:ed:9e:0f:cb:61:7c:ca:91:85:03:af:e7
  258. Exponent: 65537 (0x10001)
  259. Signed Extensions:
  260. Name: Certificate Authority Key Identifier
  261. Key ID:
  262. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  263. dd:24:ad:17
  264.  
  265. Name: Certificate Subject Key ID
  266. Data:
  267. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  268. dd:24:ad:17
  269.  
  270. Name: Certificate Basic Constraints
  271. Critical: True
  272. Data: Is a CA with no maximum path length.
  273.  
  274. Name: Certificate Key Usage
  275. Critical: True
  276. Usages: Digital Signature
  277. Non-Repudiation
  278. Certificate Signing
  279. CRL Signing
  280.  
  281. Name: Authority Information Access
  282. Method: PKIX Online Certificate Status Protocol
  283. Location:
  284. URI: "http://ipa-ca.i.DOMAIN.net/ca/ocsp"
  285.  
  286. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  287. Signature:
  288. 81:97:02:74:1f:3c:0f:a3:d7:95:cd:fa:8a:be:78:ff:
  289. 84:a4:bb:d5:1d:b3:92:97:22:66:19:71:37:68:20:a6:
  290. 21:82:69:20:c0:3c:be:fa:b6:60:e9:09:22:11:3b:3d:
  291. 48:07:22:aa:77:74:1a:4e:5c:f4:2e:87:34:79:c0:03:
  292. 6b:77:c2:55:97:96:e7:65:7c:68:2e:9c:c7:01:db:b2:
  293. 7f:31:07:91:29:5f:ca:12:9a:89:0f:6f:23:8c:61:80:
  294. 17:c7:8b:cb:7e:ac:15:3a:e4:cf:6f:2c:b4:2e:74:7a:
  295. 01:81:b0:aa:40:54:8a:b8:a9:5c:6d:db:42:e1:d0:9d:
  296. 66:5d:c8:af:1e:50:ab:04:e0:ab:5f:26:66:41:d1:e2:
  297. 76:ee:88:59:ad:b4:62:14:9b:11:51:ef:ae:bb:e3:eb:
  298. 14:3e:46:9b:8e:80:a9:82:28:9f:63:e6:cd:d5:1b:e6:
  299. 68:f5:13:76:f5:c3:c1:c0:91:c4:97:e0:07:91:20:20:
  300. 8a:0e:2b:4f:8b:6d:ca:1e:a0:c7:6f:f8:1d:92:88:38:
  301. 34:74:a4:bc:a2:03:ee:80:76:95:6a:ae:0d:4c:3a:ed:
  302. fb:0f:20:77:77:bf:7e:95:67:a0:6c:b4:4a:e0:66:5f:
  303. df:84:12:68:9d:a0:b1:1f:60:9a:22:f3:07:b4:4b:be
  304. Fingerprint (SHA-256):
  305. A2:4D:FF:28:05:7F:68:5A:15:75:36:27:B8:2F:55:2E:06:3F:62:89:2E:85:D6:41:62:21:11:43:04:56:91:DE
  306. Fingerprint (SHA1):
  307. 5A:A3:FE:ED:FA:0E:D6:03:34:9F:B7:00:79:EF:D6:62:EE:23:04:C5
  308.  
  309. Mozilla-CA-Policy: false (attribute missing)
  310. Certificate Trust Flags:
  311. SSL Flags:
  312. Valid CA
  313. Trusted CA
  314. Trusted Client CA
  315. Email Flags:
  316. Valid CA
  317. Trusted CA
  318. Object Signing Flags:
  319. Valid CA
  320. Trusted CA
  321.  
  322. Certificate:
  323. Data:
  324. Version: 3 (0x2)
  325. Serial Number: 4097 (0x1001)
  326. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  327. Issuer: "O=DOMAIN,ST=Arizona,C=US"
  328. Validity:
  329. Not Before: Thu Jun 08 06:51:04 2017
  330. Not After : Mon Jun 18 06:51:04 2018
  331. Subject: "CN=Certificate Authority,O=I.DOMAIN.NET"
  332. Subject Public Key Info:
  333. Public Key Algorithm: PKCS #1 RSA Encryption
  334. RSA Public Key:
  335. Modulus:
  336. c3:78:af:81:9c:ed:9b:18:0c:40:af:b9:35:06:a1:b2:
  337. 4e:20:f4:a9:a0:28:11:31:b6:2e:2e:ec:15:3b:10:39:
  338. 01:82:66:5f:14:bb:ff:f5:3d:dd:b5:c3:70:13:f0:81:
  339. 8e:6a:a1:a0:46:fb:f6:3e:56:d2:00:b0:9e:bb:50:7a:
  340. 7a:a6:29:19:42:b9:98:eb:ad:93:67:94:c1:7c:f0:17:
  341. d7:b5:d8:f4:a9:54:48:3c:15:38:b0:d8:e8:57:ee:03:
  342. 40:00:7f:69:61:e0:6d:7e:9e:ea:4a:a6:93:aa:0e:06:
  343. 5b:b6:57:4a:c4:85:32:a8:08:a8:fd:e9:ce:1c:ca:a3:
  344. 1e:10:70:c0:94:ef:cb:a8:87:8c:9f:fd:7c:87:cc:0e:
  345. 32:1a:cb:14:f6:31:5f:55:dc:f6:7a:8a:1d:91:15:27:
  346. 04:83:54:07:27:45:1d:02:11:8c:a0:d2:2f:b4:a1:53:
  347. e1:db:3a:78:ba:0b:6a:b2:09:17:22:15:85:00:7c:39:
  348. 91:e2:75:48:01:8d:99:43:30:75:8e:d9:ea:d2:fa:98:
  349. c7:b2:d7:5f:3f:7a:05:2c:3d:eb:2d:a9:b8:68:98:49:
  350. 20:b3:aa:c5:13:ee:8b:3b:50:60:98:e5:b5:c4:20:fa:
  351. 2a:ce:3d:e5:ed:9e:0f:cb:61:7c:ca:91:85:03:af:e7
  352. Exponent: 65537 (0x10001)
  353. Signed Extensions:
  354. Name: Certificate Subject Key ID
  355. Data:
  356. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  357. dd:24:ad:17
  358.  
  359. Name: Certificate Authority Key Identifier
  360. Key ID:
  361. 66:f5:d0:4d:08:84:66:bd:26:93:44:a5:0e:22:d4:4b:
  362. 1c:7a:05:5b
  363.  
  364. Name: Certificate Basic Constraints
  365. Critical: True
  366. Data: Is a CA with no maximum path length.
  367.  
  368. Name: Certificate Key Usage
  369. Critical: True
  370. Usages: Digital Signature
  371. Certificate Signing
  372. CRL Signing
  373.  
  374. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  375. Signature:
  376. 4d:05:22:77:6d:f8:ee:a1:ce:01:92:84:b5:36:fe:c0:
  377. d8:19:12:2c:42:58:3c:b0:81:c3:10:8d:40:ee:ed:d2:
  378. f8:a0:3f:5a:f5:2b:9e:2c:93:24:cf:7c:48:f6:3a:0e:
  379. 3e:76:ce:8a:66:7e:a5:5c:f6:30:06:33:b1:4a:5d:a0:
  380. 89:5e:cd:da:90:c9:54:b4:67:00:12:eb:2b:a3:6e:7b:
  381. 31:79:13:fe:d5:fc:aa:0b:a4:6b:27:a8:7c:55:b6:1c:
  382. 6d:aa:1c:8b:9c:4f:66:4b:3f:cc:f1:36:17:80:87:47:
  383. d5:d8:ee:fe:6c:b6:c0:08:f2:42:16:1f:83:82:a1:a2:
  384. 56:2e:6f:7c:3a:ab:29:b6:ec:5f:b3:c6:c3:da:d7:75:
  385. 49:90:f1:7e:66:c4:91:67:b4:f4:87:15:71:c3:d6:2b:
  386. 54:82:b5:2d:d6:35:9d:af:37:51:1d:dc:c4:9e:ec:2b:
  387. c4:af:55:19:5c:cd:26:7d:60:1b:54:76:1e:9e:f8:0c:
  388. a3:3e:3e:f2:47:0e:33:19:46:ef:90:1a:5f:1e:83:69:
  389. f0:15:ed:7d:59:90:bb:f7:a5:18:05:1c:fe:17:6c:b1:
  390. ba:da:02:22:99:7d:64:13:82:b0:5c:9f:2c:d4:3b:af:
  391. 41:29:3b:4b:c7:b8:d5:2f:68:a7:51:93:90:da:7a:6f:
  392. c9:38:06:83:37:b2:33:59:b0:ad:5c:17:a3:da:4a:0e:
  393. 26:97:ea:4c:f7:ae:73:c8:33:15:06:55:34:23:21:25:
  394. eb:a6:1e:82:55:2b:b7:0f:b4:6b:74:de:73:3c:5d:9a:
  395. 45:e9:5f:4e:35:c8:f9:20:17:6c:83:5b:d5:1a:73:a4:
  396. ce:e5:da:98:58:60:e4:dc:71:da:25:a5:71:d6:cc:ed:
  397. c5:66:79:55:b4:09:f7:c2:3c:bc:d6:49:e5:c0:e4:1a:
  398. 6c:68:be:26:5b:06:66:b3:7b:a0:d2:32:aa:da:fb:1d:
  399. a4:0e:8a:dc:e1:81:e0:b6:f2:1a:b8:22:3a:02:87:28:
  400. 3e:cc:7a:76:63:61:e4:b8:5e:9d:3d:9b:a3:2a:1b:df:
  401. 04:a8:a0:4a:63:dd:f4:1b:f2:ee:ed:45:c7:cb:0f:ea:
  402. d9:58:b8:51:63:78:ce:68:21:d4:79:a7:a8:73:71:3e:
  403. ae:33:85:0b:cd:78:b6:70:45:ae:e9:d3:69:61:1d:06:
  404. 1d:d6:c5:ac:e1:a3:f1:97:56:22:d6:ed:b7:34:90:cd:
  405. 83:ed:88:7a:65:f9:b4:48:05:7d:4a:61:a2:75:3b:22:
  406. d8:af:88:fb:94:28:af:b4:f1:4b:4e:fb:c1:de:6e:ca:
  407. 1c:91:61:55:20:b0:33:fe:60:2f:26:ae:b1:ca:4e:21
  408. Fingerprint (SHA-256):
  409. 47:B1:49:41:71:B8:D1:FA:DA:C6:48:9E:AA:F9:44:77:C3:0B:4B:FA:9F:C6:57:F6:D7:E7:81:8A:51:07:DC:56
  410. Fingerprint (SHA1):
  411. 52:69:2E:AA:AF:69:E1:F7:C4:16:CB:FB:F9:9E:03:C4:CA:A9:C8:74
  412.  
  413. Mozilla-CA-Policy: false (attribute missing)
  414. Certificate Trust Flags:
  415. SSL Flags:
  416. Valid CA
  417. Trusted CA
  418. Trusted Client CA
  419. Email Flags:
  420. Valid CA
  421. Trusted CA
  422. Object Signing Flags:
  423. Valid CA
  424. Trusted CA
  425.  
  426.  
  427. certutil -d /etc/pki/pki-tomcat/alias -L
  428.  
  429. Certificate Nickname Trust Attributes
  430. SSL,S/MIME,JAR/XPI
  431.  
  432. Server-Cert cert-pki-ca u,u,u
  433. ocspSigningCert cert-pki-ca u,u,u
  434. O=DOMAIN,ST=Arizona,C=US CT,C,C
  435. auditSigningCert cert-pki-ca u,u,Pu
  436. subsystemCert cert-pki-ca u,u,u
  437. caSigningCert cert-pki-ca CTu,Cu,Cu
  438.  
  439. certutil -d /etc/pki/pki-tomcat/alias -L -n "Server-Cert cert-pki-ca"
  440. Certificate:
  441. Data:
  442. Version: 3 (0x2)
  443. Serial Number: 67 (0x43)
  444. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  445. Issuer: "CN=Certificate Authority,O=I.DOMAIN.NET"
  446. Validity:
  447. Not Before: Tue Jun 12 00:43:22 2018
  448. Not After : Mon Jun 01 00:43:22 2020
  449. Subject: "CN=xipa1.i.DOMAIN.net,O=I.DOMAIN.NET"
  450. Subject Public Key Info:
  451. Public Key Algorithm: PKCS #1 RSA Encryption
  452. RSA Public Key:
  453. Modulus:
  454. a4:72:fa:7e:70:1f:4a:6e:36:b6:70:da:f3:3f:60:1d:
  455. e1:eb:84:c3:d9:ea:c2:27:84:52:24:5f:54:62:25:22:
  456. 4b:9e:57:eb:c0:59:60:4d:7c:e5:25:0a:1d:6d:e8:c6:
  457. c7:e6:db:56:ed:4e:c0:fe:e8:91:a6:58:49:54:33:79:
  458. 5d:04:2f:09:c2:2b:84:2e:31:f9:12:bb:dd:64:74:d2:
  459. ed:87:1b:53:7e:c6:02:43:4e:2d:5d:e6:02:85:ce:50:
  460. 2c:67:52:2b:3f:a4:5c:6e:cd:80:1c:b3:16:ff:36:46:
  461. 18:ce:00:4d:eb:db:1d:dd:7a:93:51:ee:e2:b1:e1:20:
  462. 5a:13:80:e3:d0:99:a6:4c:3a:de:47:01:4c:17:69:80:
  463. 9c:af:1f:f1:40:a9:0a:54:08:6e:78:21:4d:ce:6c:3f:
  464. e9:21:0f:67:e7:bb:bc:ca:57:e6:78:7a:b8:b6:b2:53:
  465. 85:38:7a:90:c5:57:7c:85:10:e0:46:18:5e:ad:5e:94:
  466. 4c:b8:fb:f3:a7:ac:c6:cd:51:39:c1:f8:27:83:3e:b0:
  467. b9:97:15:c2:b2:f8:02:6f:05:f1:78:91:35:85:f6:80:
  468. 7a:08:a0:dd:d8:15:75:4f:21:f6:a5:fb:08:6f:63:48:
  469. e6:79:c8:11:92:06:bd:2c:35:dd:96:64:51:f4:02:bd
  470. Exponent: 65537 (0x10001)
  471. Signed Extensions:
  472. Name: Certificate Authority Key Identifier
  473. Key ID:
  474. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  475. dd:24:ad:17
  476.  
  477. Name: Authority Information Access
  478. Method: PKIX Online Certificate Status Protocol
  479. Location:
  480. URI: "http://ipa-ca.i.DOMAIN.net/ca/ocsp"
  481.  
  482. Name: Certificate Key Usage
  483. Critical: True
  484. Usages: Digital Signature
  485. Non-Repudiation
  486. Key Encipherment
  487. Data Encipherment
  488.  
  489. Name: Extended Key Usage
  490. TLS Web Server Authentication Certificate
  491. TLS Web Client Authentication Certificate
  492.  
  493. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  494. Signature:
  495. 8e:8c:a1:ea:e6:bb:3c:b3:08:3b:c2:c5:ac:a6:11:93:
  496. 44:6f:88:bb:93:8c:21:9d:fd:b8:c9:18:ba:c2:31:b0:
  497. 43:9e:11:2b:d8:b7:4f:48:e8:f4:46:93:68:7f:7b:fa:
  498. 00:d5:11:22:fc:fa:6d:51:85:ff:59:36:22:cf:a9:e7:
  499. 29:c9:9d:b4:5f:83:e9:65:f0:dd:ca:88:d0:5f:0c:6c:
  500. 46:90:bd:c5:99:b9:f4:b0:28:95:39:31:c3:ac:3c:8d:
  501. ef:2b:91:f6:b3:27:ea:20:e4:ed:98:00:7a:b5:85:95:
  502. 0a:2d:19:8a:f8:10:41:3c:94:d4:eb:71:c7:93:d9:fd:
  503. 19:a0:22:60:74:24:dc:cd:2a:dc:c3:b0:2e:ef:11:2f:
  504. ea:45:f1:8f:80:b8:07:32:6b:cc:34:b7:58:dd:4a:61:
  505. 85:31:06:f8:66:47:76:89:05:92:0b:c9:46:14:c7:02:
  506. b6:3b:a6:ce:77:b0:d3:54:0d:e2:58:98:f8:10:be:61:
  507. 7d:e6:96:e2:4c:50:4d:61:31:b3:ad:23:34:fc:05:bb:
  508. a0:6e:bb:5e:9f:07:4f:db:b7:e6:74:4c:b2:9b:e8:fa:
  509. fe:0e:46:4a:cd:0e:02:29:18:c3:4e:bb:c1:37:53:f3:
  510. c9:6d:1b:7d:f6:7c:2f:5f:0a:cb:13:f5:c9:17:e8:a0
  511. Fingerprint (SHA-256):
  512. 69:B2:03:E5:5F:02:85:33:29:CD:B8:0F:84:D1:87:D1:07:0F:23:AD:83:6B:EC:CC:F7:1C:6C:44:CF:BC:76:2E
  513. Fingerprint (SHA1):
  514. CC:94:B0:DF:A8:9E:9F:00:2C:97:FC:D2:EB:A3:49:CA:B2:28:17:F5
  515.  
  516. Mozilla-CA-Policy: false (attribute missing)
  517. Certificate Trust Flags:
  518. SSL Flags:
  519. User
  520. Email Flags:
  521. User
  522. Object Signing Flags:
  523. User
  524.  
  525. certutil -d /etc/pki/pki-tomcat/alias -L -n "ocspSigningCert cert-pki-ca"
  526. Certificate:
  527. Data:
  528. Version: 3 (0x2)
  529. Serial Number: 69 (0x45)
  530. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  531. Issuer: "CN=Certificate Authority,O=I.DOMAIN.NET"
  532. Validity:
  533. Not Before: Sat Jun 16 01:29:28 2018
  534. Not After : Fri Jun 05 01:29:28 2020
  535. Subject: "CN=OCSP Subsystem,O=I.DOMAIN.NET"
  536. Subject Public Key Info:
  537. Public Key Algorithm: PKCS #1 RSA Encryption
  538. RSA Public Key:
  539. Modulus:
  540. e7:31:66:f0:55:17:8e:20:7b:df:e8:b2:36:b1:65:de:
  541. 3c:9a:9b:e3:5a:71:90:1a:1c:17:5d:c4:88:0b:5f:c1:
  542. a9:66:74:72:a0:06:e1:ee:2d:c1:ef:3d:a6:1b:4f:e3:
  543. 53:02:d2:aa:64:3e:d2:e5:6c:80:35:1e:e4:99:e8:38:
  544. 8f:80:ee:0f:24:c7:50:56:a1:4c:ce:90:2c:da:30:a5:
  545. ad:74:97:61:00:aa:58:76:71:b6:53:66:24:2f:ab:a1:
  546. ed:89:7d:dd:93:f3:ff:a2:0a:88:36:41:07:5a:e6:db:
  547. e2:d9:c0:0e:0d:43:ae:23:ad:0f:fe:75:b4:c0:c2:63:
  548. 39:d0:b3:52:96:34:90:d1:07:b1:65:48:f3:00:ff:ee:
  549. e4:86:13:9b:3b:dc:17:96:4b:a6:0f:ad:d6:ba:36:0f:
  550. 38:6b:fa:d7:57:4a:a9:52:d5:0f:56:32:9c:4e:62:d6:
  551. 42:6e:96:cb:57:d0:34:05:3d:23:f8:8e:52:79:67:90:
  552. b4:fa:aa:cb:d4:c3:65:24:38:fa:28:e4:c2:6e:8f:5e:
  553. 6a:91:85:fe:d4:fc:94:75:01:f4:7b:44:d2:f5:fc:ee:
  554. f3:20:aa:60:11:44:f2:db:a9:8a:46:92:6a:12:4c:df:
  555. a4:e3:aa:c9:ba:f6:9a:88:c1:b5:25:3d:ea:ce:39:91
  556. Exponent: 65537 (0x10001)
  557. Signed Extensions:
  558. Name: Certificate Authority Key Identifier
  559. Key ID:
  560. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  561. dd:24:ad:17
  562.  
  563. Name: OCSP No Check Extension
  564. Data: NULL
  565.  
  566. Name: Authority Information Access
  567. Method: PKIX Online Certificate Status Protocol
  568. Location:
  569. URI: "http://ipa-ca.i.DOMAIN.net/ca/ocsp"
  570.  
  571. Name: Extended Key Usage
  572. OCSP Responder Certificate
  573.  
  574. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  575. Signature:
  576. 65:4a:f0:9b:1f:b9:fe:e0:b1:11:8e:4a:ba:1f:5a:3f:
  577. ed:64:13:ff:c3:96:ed:77:b7:50:2e:ef:fa:8c:dc:a3:
  578. c5:f7:3c:f1:ad:c0:bc:23:dc:ee:fc:7d:83:b6:3a:23:
  579. 02:12:57:80:35:a2:74:19:1c:0a:4a:4f:4d:ec:b2:85:
  580. ae:be:cd:24:a9:5f:b1:3a:ae:12:a4:e1:c6:db:01:e6:
  581. 50:29:e3:e0:81:bd:b3:d6:78:a6:db:e4:c9:02:8c:8e:
  582. 83:f7:f4:68:38:08:dd:8d:3e:6b:20:8b:6e:b1:b9:cc:
  583. 8f:71:8c:f0:a4:e5:a5:b5:9c:3c:4c:0c:4e:13:c2:96:
  584. cf:3e:6b:a8:6d:0c:ea:af:d9:2b:27:ca:29:04:3f:fb:
  585. 2b:d9:3c:7e:14:62:40:54:f4:23:fb:b0:11:96:2b:ed:
  586. 08:ed:c3:af:50:c2:96:18:d0:66:bf:2c:03:5f:de:ad:
  587. d6:6a:3e:44:8a:e1:59:8d:be:51:3d:67:be:68:d1:84:
  588. 98:c3:f7:a5:26:18:c7:8e:ae:01:af:4c:e8:c5:4f:c7:
  589. 24:21:02:ab:46:61:31:00:b7:a4:79:1f:01:0e:1d:f8:
  590. d0:2f:3f:a1:cf:01:05:66:ea:33:57:49:c1:89:d6:c7:
  591. 84:25:a7:a5:a8:c6:ef:cf:04:f5:5b:8b:f2:6c:de:5d
  592. Fingerprint (SHA-256):
  593. 98:46:06:18:ED:3F:39:35:48:E9:EA:53:0D:6E:26:DC:25:ED:2A:0A:FA:74:6C:38:FE:39:E7:72:7D:41:8A:AD
  594. Fingerprint (SHA1):
  595. 9C:53:45:23:FA:D1:49:61:99:14:EE:31:02:4F:67:62:8C:E2:7E:95
  596.  
  597. Mozilla-CA-Policy: false (attribute missing)
  598. Certificate Trust Flags:
  599. SSL Flags:
  600. User
  601. Email Flags:
  602. User
  603. Object Signing Flags:
  604. User
  605.  
  606. certutil -d /etc/pki/pki-tomcat/alias -L -n "O=DOMAIN,ST=Arizona,C=US"
  607. Certificate:
  608. Data:
  609. Version: 3 (0x2)
  610. Serial Number:
  611. 00:b9:8e:6a:d6:30:e2:91:b5
  612. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  613. Issuer: "O=DOMAIN,ST=Arizona,C=US"
  614. Validity:
  615. Not Before: Thu Jun 08 05:50:19 2017
  616. Not After : Wed Jun 03 05:50:19 2037
  617. Subject: "O=DOMAIN,ST=Arizona,C=US"
  618. Subject Public Key Info:
  619. Public Key Algorithm: PKCS #1 RSA Encryption
  620. RSA Public Key:
  621. Modulus:
  622. c5:7c:a3:39:2c:16:7c:a4:52:f7:ba:fe:57:85:51:79:
  623. 36:fc:4e:93:47:e4:ad:83:45:15:65:5d:24:db:5e:0d:
  624. b3:6e:00:94:b4:63:5e:cc:70:1f:57:e3:96:56:3c:d8:
  625. 7f:df:d9:9d:ec:4e:4d:b2:b3:b2:2b:88:4a:98:a3:fd:
  626. dd:de:f3:ca:ce:cb:7b:09:f2:b4:fc:c7:9f:5a:d5:7c:
  627. a2:46:9e:41:23:7b:0b:26:e8:f2:48:70:db:25:0b:8d:
  628. 0f:73:d6:84:e1:ef:a5:34:b8:7b:03:f2:03:f6:b6:69:
  629. 54:aa:94:9b:4c:7b:15:25:d8:cb:67:4f:ed:4b:b8:f0:
  630. 05:93:34:43:44:09:ae:0a:a4:98:45:43:9a:90:11:1c:
  631. a1:b2:b3:77:5b:e6:24:79:2a:6a:5e:ba:de:1f:db:7c:
  632. d9:ec:da:8f:25:8a:35:91:4b:00:79:59:ab:2c:e7:5e:
  633. b8:88:93:47:9d:b7:58:6b:84:e6:79:f2:60:98:db:8b:
  634. dd:23:40:67:91:9e:67:e5:31:9c:95:92:03:81:8e:a8:
  635. 11:04:27:46:7e:69:b1:26:bd:b2:43:be:ba:5c:db:cd:
  636. b4:56:8e:ce:fc:82:69:39:5a:61:fb:cc:bd:ae:23:26:
  637. 4d:59:34:26:50:68:53:75:21:57:87:bd:46:36:be:b8:
  638. 91:e1:b3:83:c2:39:f3:5a:cd:fd:bf:a4:58:42:a2:b5:
  639. 51:db:ad:b3:79:03:e7:4a:c4:12:77:85:57:0b:34:b1:
  640. 6f:db:35:b1:2c:20:7a:c3:44:9f:07:fb:fd:fa:d1:2f:
  641. 09:58:00:b4:99:ef:e1:ca:74:2d:82:0f:55:82:00:80:
  642. a2:b8:fa:e8:a8:57:e1:11:92:c0:21:7c:53:29:89:09:
  643. 81:1e:1a:6c:b5:02:e1:ac:4c:a0:79:58:36:f9:8c:06:
  644. 36:c4:4e:40:3d:09:92:52:4c:40:29:cb:e4:fc:ae:d2:
  645. 25:06:ff:e0:a5:da:df:e1:b2:5e:e6:7c:b0:c5:31:cd:
  646. fd:54:98:78:1d:ab:f3:ac:c8:18:df:62:d6:95:81:f6:
  647. ca:1e:9b:08:da:e6:89:7e:5b:e8:cd:d8:8f:3f:f2:79:
  648. e2:70:da:e6:14:e5:dd:36:73:5a:19:77:d7:0f:fb:5d:
  649. 7a:df:92:1b:83:08:87:1c:72:5d:2b:22:2b:b5:31:2a:
  650. 3e:b2:8e:65:3b:72:50:2e:4d:d4:19:47:fd:5c:ec:b6:
  651. 87:3a:f9:0c:7e:f3:29:a5:c6:55:0a:c1:95:08:81:48:
  652. 6f:a1:12:db:eb:48:39:60:0e:88:3c:ad:55:4d:ee:ca:
  653. b2:2a:18:30:e0:08:c5:b7:42:54:e0:46:66:32:34:fb
  654. Exponent: 65537 (0x10001)
  655. Signed Extensions:
  656. Name: Certificate Subject Key ID
  657. Data:
  658. 66:f5:d0:4d:08:84:66:bd:26:93:44:a5:0e:22:d4:4b:
  659. 1c:7a:05:5b
  660.  
  661. Name: Certificate Authority Key Identifier
  662. Key ID:
  663. 66:f5:d0:4d:08:84:66:bd:26:93:44:a5:0e:22:d4:4b:
  664. 1c:7a:05:5b
  665.  
  666. Name: Certificate Basic Constraints
  667. Critical: True
  668. Data: Is a CA with no maximum path length.
  669.  
  670. Name: Certificate Key Usage
  671. Critical: True
  672. Usages: Digital Signature
  673. Certificate Signing
  674. CRL Signing
  675.  
  676. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  677. Signature:
  678. 5e:d4:b8:cf:8e:a2:8b:3e:5b:6b:fc:76:75:cc:22:54:
  679. 03:52:29:05:24:ee:0b:e2:8d:71:18:64:a5:3c:c9:3c:
  680. dc:0f:84:df:22:78:eb:72:a0:28:d5:f5:ca:90:77:d4:
  681. 81:23:47:ec:61:d0:04:9f:5f:1d:2b:77:42:39:0b:7b:
  682. 36:35:38:d2:90:81:5e:0b:a4:de:3f:06:8f:9c:77:e5:
  683. a5:fc:93:d2:25:fd:e1:ae:51:49:85:7e:13:75:b7:ea:
  684. b2:f6:de:1e:76:c2:db:5e:61:a8:29:37:1a:2c:7c:dc:
  685. 6a:a4:7f:5c:c9:c0:95:60:8b:9b:b5:2a:04:90:ce:e4:
  686. ef:8e:d7:42:33:62:de:54:23:0b:ac:05:1c:81:f6:c0:
  687. 82:1f:f0:38:29:1b:ad:84:5c:d7:d7:dd:21:59:a3:e6:
  688. 6f:a8:de:61:08:e7:f4:b4:b8:4f:d9:e7:70:0c:ca:0f:
  689. 8f:6c:e3:4e:ad:ff:67:4a:72:cc:8d:55:3a:87:41:a0:
  690. 5e:13:79:88:8c:4b:66:54:37:11:17:23:50:84:14:0b:
  691. 60:33:dd:13:e1:1a:0a:32:a9:b0:48:62:a8:ae:a8:0d:
  692. c1:12:7f:f8:38:77:8d:9b:5c:60:27:ff:54:6f:95:2d:
  693. bd:49:2b:54:86:e0:4f:d9:53:d8:03:f8:1a:26:6e:ab:
  694. 15:7a:c3:9e:86:31:d9:0a:b7:5d:a4:cf:76:26:e5:73:
  695. 8c:80:48:2e:95:4b:d6:00:4e:b0:d7:a5:9c:12:c6:75:
  696. 6a:9e:79:66:52:09:cd:67:fb:40:5c:50:47:5a:a0:8e:
  697. 2a:85:13:ca:ce:e1:77:d1:18:db:1f:ba:dc:dd:22:b3:
  698. e9:7d:01:b6:88:83:88:c6:d9:f8:fb:b8:26:d1:90:4d:
  699. e0:ea:e6:0c:f4:79:08:6c:d5:54:7c:af:59:53:da:91:
  700. a9:9c:30:42:cc:8e:60:61:8b:87:13:b4:f9:0b:ed:82:
  701. 4b:b4:6b:3d:63:00:8e:05:8b:19:12:f5:fc:15:52:cb:
  702. 17:c9:81:39:41:24:d2:e4:5c:63:dc:55:28:d6:d8:c7:
  703. 44:1f:8b:14:cb:db:40:7b:59:09:71:eb:7e:99:2e:89:
  704. 10:89:b9:5b:47:8d:41:e6:7f:83:18:05:cc:ae:59:2c:
  705. ad:84:3d:f4:db:08:d1:1c:53:4d:00:4b:90:1e:a7:f7:
  706. b2:8e:07:c2:0c:4e:0f:e0:91:36:c1:25:40:79:fd:36:
  707. f4:a7:91:a2:01:46:de:e1:c8:67:47:39:13:b8:37:2d:
  708. fb:c2:6b:7f:db:37:e1:4c:c9:85:0d:f1:1c:11:69:2f:
  709. e4:33:c2:9a:35:d1:5f:58:50:b6:19:81:13:fc:f4:9b
  710. Fingerprint (SHA-256):
  711. 49:79:5B:6C:3E:5F:FE:0C:17:8C:E0:25:B2:C8:88:67:01:81:4F:7F:DC:92:50:69:3B:2C:EF:FD:B1:D8:CE:AC
  712. Fingerprint (SHA1):
  713. 5A:71:79:FD:AC:CC:71:D4:C1:3C:9C:87:1B:CB:73:BA:50:AE:4D:29
  714.  
  715. Mozilla-CA-Policy: false (attribute missing)
  716. Certificate Trust Flags:
  717. SSL Flags:
  718. Valid CA
  719. Trusted CA
  720. Trusted Client CA
  721. Email Flags:
  722. Valid CA
  723. Trusted CA
  724. Object Signing Flags:
  725. Valid CAcertutil -d /etc/pki/pki-tomcat/alias -L -n "auditSigningCert cert-pki-ca"
  726. Certificate:
  727. Data:
  728. Version: 3 (0x2)
  729. Serial Number: 68 (0x44)
  730. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  731. Issuer: "CN=Certificate Authority,O=I.DOMAIN.NET"
  732. Validity:
  733. Not Before: Sat Jun 16 01:24:55 2018
  734. Not After : Fri Jun 05 01:24:55 2020
  735. Subject: "CN=CA Audit,O=I.DOMAIN.NET"
  736. Subject Public Key Info:
  737. Public Key Algorithm: PKCS #1 RSA Encryption
  738. RSA Public Key:
  739. Modulus:
  740. e1:ca:84:ab:8a:2f:cf:4e:61:a6:15:e4:43:1e:0f:a1:
  741. d9:ea:7e:c7:e0:6b:65:5c:e5:ba:a8:d7:42:10:91:87:
  742. 92:cf:34:ac:6c:73:95:dd:69:f6:e6:4d:f6:e9:6a:d4:
  743. 37:b2:9e:7c:5d:38:37:89:8d:74:95:3c:17:66:a8:c9:
  744. c3:34:32:ea:e6:c6:3c:f8:d1:a0:3e:39:37:f8:16:8c:
  745. 3c:cd:ad:bd:9a:5f:51:51:3f:b4:4d:af:4a:f1:30:1a:
  746. 3e:69:4a:e7:95:3c:b8:19:46:1f:32:db:c2:ba:73:66:
  747. 9f:a5:a2:69:86:21:93:31:c7:0f:97:cb:c5:8a:6b:62:
  748. a9:6a:f6:3a:73:d2:5a:04:b6:cc:fe:6f:95:6d:c8:10:
  749. f7:95:94:62:22:77:83:06:c4:26:07:bc:db:c9:6e:3a:
  750. e8:8c:19:e8:39:cc:ec:19:46:44:a9:f4:54:33:4b:23:
  751. 38:93:b3:17:8f:b7:da:e7:47:9a:d2:db:2d:2d:94:d6:
  752. fc:e0:b6:1f:ed:c5:2e:39:dd:c2:54:21:d5:a7:ed:0c:
  753. 77:9c:df:45:9c:66:08:37:ed:a7:17:e5:28:34:1d:36:
  754. d9:03:0f:cb:33:bf:85:d2:e8:41:a0:e0:f1:07:20:74:
  755. be:a8:81:d7:d2:f5:aa:62:f6:4b:cf:4a:e4:e7:27:2b
  756. Exponent: 65537 (0x10001)
  757. Signed Extensions:
  758. Name: Certificate Authority Key Identifier
  759. Key ID:
  760. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  761. dd:24:ad:17
  762.  
  763. Name: Certificate Subject Key ID
  764. Data:
  765. 91:f0:48:aa:a8:24:c8:91:7d:a0:ce:ea:3a:7e:13:a5:
  766. 25:82:74:1e
  767.  
  768. Name: Certificate Key Usage
  769. Critical: True
  770. Usages: Digital Signature
  771. Non-Repudiation
  772.  
  773. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  774. Signature:
  775. 4a:1b:f8:07:42:e6:3a:c9:78:82:39:54:30:69:2a:86:
  776. ac:5a:08:03:18:59:d3:ca:1c:99:9f:75:02:ae:27:2f:
  777. 78:d6:3d:b5:80:1a:b4:3c:b2:c3:19:65:8f:9a:b8:70:
  778. 48:a2:80:58:54:ef:a7:9a:c7:2e:a1:19:91:f9:56:c1:
  779. 32:df:41:fe:03:87:e5:58:82:4e:11:64:da:5c:cf:7b:
  780. 84:40:d7:87:03:79:ce:af:cf:bb:f9:90:e1:8b:6f:1f:
  781. 88:77:cf:14:dd:2b:bc:fb:63:b1:66:02:24:61:1b:a2:
  782. 58:37:05:78:a1:32:32:8d:aa:d1:d2:db:5c:67:db:4b:
  783. 17:1a:f7:dd:87:68:b9:28:f2:82:0e:ca:bb:49:a9:89:
  784. b7:a1:6c:a8:d4:99:19:d3:28:fb:ac:a1:1a:7d:49:49:
  785. fb:a2:5e:e6:35:21:e1:78:3a:ab:93:9b:79:9d:b0:1d:
  786. 61:b9:8a:67:b0:ff:0e:d4:31:d4:91:14:55:2c:dc:7b:
  787. a7:5e:12:a7:e3:1b:cc:92:fe:65:12:ca:ca:55:c3:6e:
  788. b6:41:6b:9f:5f:fe:61:05:4e:ad:2e:06:73:81:5f:58:
  789. b9:74:df:24:c0:e5:00:09:23:29:39:8e:a1:a0:5d:b9:
  790. 88:32:ff:f6:8e:da:c3:a8:37:96:99:50:6b:7b:de:39
  791. Fingerprint (SHA-256):
  792. 70:7F:38:E4:07:5B:10:EA:49:E9:E8:13:B2:2E:26:FF:6E:0C:12:15:81:A3:B0:46:BB:DB:00:58:CD:B9:85:B2
  793. Fingerprint (SHA1):
  794. 01:F9:4D:9F:9D:77:E2:22:96:C2:D8:E0:46:EF:B5:41:98:90:60:FB
  795.  
  796. Mozilla-CA-Policy: false (attribute missing)
  797. Certificate Trust Flags:
  798. SSL Flags:
  799. User
  800. Email Flags:
  801. User
  802. Object Signing Flags:
  803. Terminal Record
  804. Trusted
  805. User
  806.  
  807. Trusted CA
  808.  
  809. certutil -d /etc/pki/pki-tomcat/alias -L -n "subsystemCert cert-pki-ca"
  810. Certificate:
  811. Data:
  812. Version: 3 (0x2)
  813. Serial Number: 70 (0x46)
  814. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  815. Issuer: "CN=Certificate Authority,O=I.DOMAIN.NET"
  816. Validity:
  817. Not Before: Sat Jun 16 01:32:01 2018
  818. Not After : Fri Jun 05 01:32:01 2020
  819. Subject: "CN=CA Subsystem,O=I.DOMAIN.NET"
  820. Subject Public Key Info:
  821. Public Key Algorithm: PKCS #1 RSA Encryption
  822. RSA Public Key:
  823. Modulus:
  824. c4:3a:71:20:47:99:b7:33:1a:05:d6:a8:e4:18:25:43:
  825. 5c:be:a8:e6:e3:9d:50:a0:28:b6:60:f8:eb:e7:7e:01:
  826. f1:59:24:4d:55:51:1c:8c:4b:10:67:d9:60:d7:c3:fb:
  827. 88:5a:cf:8e:4b:aa:b9:9d:c3:68:8d:0c:99:c6:18:a7:
  828. ab:a0:a7:ec:92:4d:39:84:27:e2:a7:bb:26:f7:78:04:
  829. 9f:22:72:6d:e8:f0:5c:cb:82:09:db:8b:07:bd:f4:5d:
  830. 8e:30:76:08:8e:79:ad:00:bb:a2:dc:8a:bc:77:ba:c0:
  831. 17:d3:75:8c:66:39:cd:3c:90:d7:97:42:b5:ca:e2:32:
  832. 0c:93:a4:26:66:62:e8:c6:ff:02:4d:e6:eb:88:e8:47:
  833. 2e:15:7b:3b:15:76:98:7a:2f:bd:79:dc:e0:14:12:ec:
  834. d6:51:ec:1d:77:90:8d:e6:ec:20:a7:64:d1:69:51:c1:
  835. 5c:ce:42:51:6f:82:00:c0:14:ef:c2:a6:ba:84:2b:c4:
  836. 2d:36:55:78:c9:71:10:59:0a:40:db:01:88:28:b4:55:
  837. ff:32:b1:f7:f9:55:55:95:aa:1f:11:ab:1e:34:1e:49:
  838. 78:9d:d9:df:8c:fd:14:90:65:eb:bb:2b:aa:6f:16:b1:
  839. 5f:42:67:bc:dd:16:e4:cd:a1:fd:9f:04:ec:3d:b6:39
  840. Exponent: 65537 (0x10001)
  841. Signed Extensions:
  842. Name: Certificate Authority Key Identifier
  843. Key ID:
  844. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  845. dd:24:ad:17
  846.  
  847. Name: Authority Information Access
  848. Method: PKIX Online Certificate Status Protocol
  849. Location:
  850. URI: "http://ipa-ca.i.DOMAIN.net/ca/ocsp"
  851.  
  852. Name: Certificate Key Usage
  853. Critical: True
  854. Usages: Digital Signature
  855. Non-Repudiation
  856. Key Encipherment
  857. Data Encipherment
  858.  
  859. Name: Extended Key Usage
  860. TLS Web Server Authentication Certificate
  861. TLS Web Client Authentication Certificate
  862.  
  863. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  864. Signature:
  865. 96:b0:15:be:24:f2:dc:0c:06:86:1e:70:c0:93:96:38:
  866. 4f:0d:50:40:b4:a7:93:3e:6a:cc:bf:f0:2b:b0:2d:09:
  867. 0e:70:e0:27:df:5e:42:ea:73:13:c4:66:da:a5:05:8e:
  868. cf:2a:b9:50:99:91:ec:96:9f:f1:11:20:44:31:54:08:
  869. 01:eb:a5:25:67:91:7b:3d:4c:f8:72:08:3e:65:82:bc:
  870. 1e:4e:48:6d:fa:e3:1e:b9:db:f9:10:00:ce:b3:e6:78:
  871. eb:c6:b7:19:80:e0:d6:da:a0:80:30:fe:3d:9f:3a:ca:
  872. 36:f3:2e:16:90:bd:b2:56:5f:e8:87:16:6e:74:36:c2:
  873. 8c:d0:a8:71:30:6f:ee:c7:e0:0d:f4:e7:db:35:cb:c6:
  874. 2a:49:95:d0:fe:39:d2:7b:bc:e7:4e:06:3c:bd:5f:26:
  875. e4:cf:f8:2f:cb:d5:d4:99:19:83:c0:26:34:c4:33:7f:
  876. 83:0d:50:1c:54:64:2d:b0:8e:2e:c9:2a:7c:46:8d:66:
  877. 77:28:fa:14:35:df:57:6c:39:4b:f6:e7:59:8d:4d:e3:
  878. d9:8d:f8:73:d0:00:0f:55:78:02:c4:bf:f5:74:1e:cb:
  879. b8:a4:1e:a7:32:a5:49:01:5d:a9:a1:aa:c6:d0:1d:cd:
  880. 27:c9:82:c2:98:a7:f4:4c:e0:fa:33:1d:bb:ba:42:e4
  881. Fingerprint (SHA-256):
  882. 6A:38:27:5C:A2:B2:68:92:A5:4D:BA:65:BC:F9:C0:6B:B3:C1:45:2D:3F:8C:08:EF:9C:EA:66:F6:0F:FA:88:9B
  883. Fingerprint (SHA1):
  884. F3:42:06:D5:14:60:F7:24:3D:87:EB:9C:55:25:3B:CF:9A:5E:8E:4F
  885.  
  886. Mozilla-CA-Policy: false (attribute missing)
  887. Certificate Trust Flags:
  888. SSL Flags:
  889. User
  890. Email Flags:
  891. User
  892. Object Signing Flags:
  893. User
  894.  
  895. certutil -d /etc/pki/pki-tomcat/alias -L -n "caSigningCert cert-pki-ca"
  896. Certificate:
  897. Data:
  898. Version: 3 (0x2)
  899. Serial Number: 78 (0x4e)
  900. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  901. Issuer: "CN=Certificate Authority,O=I.DOMAIN.NET"
  902. Validity:
  903. Not Before: Sun Jun 17 09:06:38 2018
  904. Not After : Thu Jun 17 09:06:38 2038
  905. Subject: "CN=Certificate Authority,O=I.DOMAIN.NET"
  906. Subject Public Key Info:
  907. Public Key Algorithm: PKCS #1 RSA Encryption
  908. RSA Public Key:
  909. Modulus:
  910. c3:78:af:81:9c:ed:9b:18:0c:40:af:b9:35:06:a1:b2:
  911. 4e:20:f4:a9:a0:28:11:31:b6:2e:2e:ec:15:3b:10:39:
  912. 01:82:66:5f:14:bb:ff:f5:3d:dd:b5:c3:70:13:f0:81:
  913. 8e:6a:a1:a0:46:fb:f6:3e:56:d2:00:b0:9e:bb:50:7a:
  914. 7a:a6:29:19:42:b9:98:eb:ad:93:67:94:c1:7c:f0:17:
  915. d7:b5:d8:f4:a9:54:48:3c:15:38:b0:d8:e8:57:ee:03:
  916. 40:00:7f:69:61:e0:6d:7e:9e:ea:4a:a6:93:aa:0e:06:
  917. 5b:b6:57:4a:c4:85:32:a8:08:a8:fd:e9:ce:1c:ca:a3:
  918. 1e:10:70:c0:94:ef:cb:a8:87:8c:9f:fd:7c:87:cc:0e:
  919. 32:1a:cb:14:f6:31:5f:55:dc:f6:7a:8a:1d:91:15:27:
  920. 04:83:54:07:27:45:1d:02:11:8c:a0:d2:2f:b4:a1:53:
  921. e1:db:3a:78:ba:0b:6a:b2:09:17:22:15:85:00:7c:39:
  922. 91:e2:75:48:01:8d:99:43:30:75:8e:d9:ea:d2:fa:98:
  923. c7:b2:d7:5f:3f:7a:05:2c:3d:eb:2d:a9:b8:68:98:49:
  924. 20:b3:aa:c5:13:ee:8b:3b:50:60:98:e5:b5:c4:20:fa:
  925. 2a:ce:3d:e5:ed:9e:0f:cb:61:7c:ca:91:85:03:af:e7
  926. Exponent: 65537 (0x10001)
  927. Signed Extensions:
  928. Name: Certificate Authority Key Identifier
  929. Key ID:
  930. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  931. dd:24:ad:17
  932.  
  933. Name: Certificate Subject Key ID
  934. Data:
  935. 12:b1:ff:e6:7c:1e:4d:f4:ae:74:59:91:6c:3b:76:73:
  936. dd:24:ad:17
  937.  
  938. Name: Certificate Basic Constraints
  939. Critical: True
  940. Data: Is a CA with no maximum path length.
  941.  
  942. Name: Certificate Key Usage
  943. Critical: True
  944. Usages: Digital Signature
  945. Non-Repudiation
  946. Certificate Signing
  947. CRL Signing
  948.  
  949. Name: Authority Information Access
  950. Method: PKIX Online Certificate Status Protocol
  951. Location:
  952. URI: "http://ipa-ca.i.DOMAIN.net/ca/ocsp"
  953.  
  954. Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
  955. Signature:
  956. a6:0b:08:fc:99:73:fd:73:70:c7:ba:0a:9e:67:96:6a:
  957. 40:11:01:66:97:30:0f:71:2c:b9:48:2e:a0:b1:04:de:
  958. df:9d:65:f1:55:21:58:3c:22:bf:be:73:1f:3f:3c:84:
  959. ea:26:15:50:69:9b:31:5c:7d:47:8b:71:4a:cb:36:89:
  960. 75:0e:26:9c:06:1f:e7:57:db:1b:ad:90:d6:d4:6e:21:
  961. 1a:b8:77:78:55:86:ef:ca:1d:72:1e:a2:4b:8b:ab:66:
  962. f1:c0:13:5f:56:08:b8:75:96:65:b1:86:55:5b:c8:9e:
  963. c1:a2:fd:15:30:54:8e:bf:2b:b4:0c:db:02:b4:72:71:
  964. 67:82:a5:04:35:3d:d1:84:8e:19:d1:f2:6c:2e:57:9a:
  965. cd:95:4c:4b:4b:a5:3e:ba:9a:5b:07:00:8f:20:a2:01:
  966. 59:93:63:43:13:62:3b:93:31:d4:3f:ec:37:f2:b9:f9:
  967. ea:77:7f:bd:16:1f:73:82:a3:1d:92:54:d3:65:a3:d6:
  968. 24:8a:68:25:6d:33:10:d3:ce:d5:80:4a:1f:80:ed:09:
  969. ea:b1:46:b8:41:b8:a9:1f:d8:27:65:31:c2:e7:ad:bd:
  970. 9b:08:d3:45:9b:13:97:d0:25:69:b0:d8:aa:7d:12:c8:
  971. b8:b5:72:c4:6f:d9:1e:c1:8e:25:e3:56:7a:b8:6d:cd
  972. Fingerprint (SHA-256):
  973. B1:BE:16:07:D7:E4:58:AC:B5:16:7A:10:9B:51:2D:5B:CD:83:80:00:61:33:0B:2A:D1:B6:50:A6:39:20:71:B1
  974. Fingerprint (SHA1):
  975. E4:73:A4:DD:4E:0C:36:44:50:26:02:A4:99:C6:9D:6A:A2:6F:59:3F
  976.  
  977. Mozilla-CA-Policy: false (attribute missing)
  978. Certificate Trust Flags:
  979. SSL Flags:
  980. Valid CA
  981. Trusted CA
  982. User
  983. Trusted Client CA
  984. Email Flags:
  985. Valid CA
  986. Trusted CA
  987. User
  988. Object Signing Flags:
  989. Valid CA
  990. Trusted CA
  991. User
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!