Subject:
E=premium-server@thawte.com
CN=Thawte Premium Server CA
OU=Certification Services Division
O=Thawte Consulting cc
L=Cape Town
S=Western Cape
C=ZA
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 d2 36 36 6a 8b d7 c2 5b 9e
0010 da 81 41 62 8f 38 ee 49 04 55 d6 d0 ef 1c 1b 95
0020 16 47 ef 18 48 35 3a 52 f4 2b 6a 06 8f 3b 2f ea
0030 56 e3 af 86 8d 9e 17 f7 9e b4 65 75 02 4d ef cb
0040 09 a2 21 51 d8 9b d0 67 d0 ba 0d 92 06 14 73 d4
0050 93 cb 97 2a 00 9c 5c 4e 0c bc fa 15 52 fc f2 44
0060 6e da 11 4a 6e 08 9f 2f 2d e3 f9 aa 3a 86 73 b6
0070 46 53 58 c8 89 05 bd 83 11 b8 73 3f aa 07 8d f4
0080 42 4d e7 40 9d 1c 37 02 03 01 00 01
Certificate Extensions: 3
2.5.29.10: Flags = 0, Length = 6
基本限制
Subject Type=CA
Path Length Constraint=None
Subject:
CN=Microsoft Windows Hardware Compatibility
OU=Microsoft Corporation
OU=Microsoft Windows Hardware Compatibility Intermediate CA
OU=Copyright (c) 1997 Microsoft Corp.
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 e0 4e 10 0e b8 a7 ef 21 ca
0010 60 5a dc 9f 1e 3e 83 77 5a 29 2e f9 4e e5 08 5d
0020 de e1 cf 09 c0 1f 44 b7 07 a8 4b a4 22 30 3b 19
0030 06 83 ee f3 ac 27 78 ae ca d6 40 2b ce 79 01 e1
0040 9d 56 8b 36 72 b1 63 90 5f a0 b2 c0 66 a6 49 c5
0050 3c fa 26 a2 62 c3 d3 b5 cc 61 15 4c f2 3f b4 e7
0060 45 08 43 89 7f 6a 8d d5 66 fb d7 ff 64 00 c4 11
0070 fd 2c a3 0b 75 b0 fb e5 ac 26 65 a3 81 e6 66 49
0080 3d 1d 73 7a 9b 71 d7 02 03 01 00 01
Certificate Extensions: 2
2.5.29.37: Flags = 0, Length = 18
增强型密钥用法
代码签名 (1.3.6.1.5.5.7.3.3)
Windows 硬件驱动程序验证 (1.3.6.1.4.1.311.10.3.5)
Subject:
OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
OU=VeriSign International Server CA - Class 3
OU=VeriSign, Inc.
O=VeriSign Trust Network
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 d8 82 80 e8 d6 19 02 7d 1f
0010 85 18 39 25 a2 65 2b e1 bf d4 05 d3 bc e6 36 3b
0020 aa f0 4c 6c 5b b6 e7 aa 3c 73 45 55 b2 f1 bd ea
0030 97 42 ed 9a 34 0a 15 d4 a9 5c f5 40 25 dd d9 07
0040 c1 32 b2 75 6c c4 ca bb a3 fe 56 27 71 43 aa 63
0050 f5 30 3e 93 28 e5 fa f1 09 3b f3 b7 4d 4e 39 f7
0060 5c 49 5a b8 c1 1d d3 b2 8a fe 70 30 95 42 cb fe
0070 2b 51 8b 5a 3c 3a f9 22 4f 90 b2 02 a7 53 9c 4f
0080 34 e7 ab 04 b2 7b 6f 02 03 01 00 01
Certificate Extensions: 5
2.5.29.19: Flags = 0, Length = 8
基本限制
Subject Type=CA
Path Length Constraint=0
Subject:
CN=VeriSign Class 2 CA - Individual Subscriber
OU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98
OU=VeriSign Trust Network
O=VeriSign, Inc.
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 b5 cb 1a 54 5e 25 b0 2c 59
0010 5f 09 6b d0 da d6 4a 4b 11 9d 1a 0a 3e 7e 2f b7
0020 65 5f 17 63 15 e5 2c d0 20 00 0c f0 ba 6b aa 5e
0030 49 b1 68 93 83 25 ac 24 5f a2 23 1c 69 4d b8 3b
0040 db 7d da 8f c1 09 cf a5 58 3a b6 4b c4 d4 db d8
0050 ae 75 fa 86 22 99 22 01 28 60 a5 db d5 30 df 21
0060 70 5e 48 99 ad 21 54 91 d1 de 5f fb 38 29 53 1b
0070 e2 7a 53 58 c5 0d 5d 13 07 b3 50 c4 06 4b 39 f8
0080 54 ab b9 8b 69 12 13 02 03 01 00 01
Certificate Extensions: 5
2.16.840.1.113730.1.1: Flags = 0, Length = 4
Netscape Cert Type
SSL CA, SMIME CA (06)
2.5.29.31: Flags = 0, Length = 2e
CRL 分发点
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.verisign.com/pca2.1.1.crl
2.5.29.31: Flags = 0, Length = 49
CRL 分发点
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 48
颁发机构信息访问
[1]Authority Info Access
Access Method=证书颁发机构颁发者 (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt
Subject:
CN=VeriSign Class 1 CA Individual Subscriber-Persona Not Validated
OU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98
OU=VeriSign Trust Network
O=VeriSign, Inc.
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 bb 5a 44 8a 04 16 bb 55 fd
0010 03 7a 8a 2d 94 4f 15 78 36 b8 0d 4a b2 6f 9c 54
0020 bf bc e8 77 2a 9d b9 f0 68 bb 95 d9 31 41 70 7a
0030 81 4b b9 48 13 56 2d c7 08 e1 84 42 ab c0 a2 92
0040 ab 44 5c aa 42 f0 82 0e 02 e9 2f fb c2 3b bb be
0050 c9 27 0a 5d b6 b0 36 42 33 b5 6e 54 88 4f 87 4a
0060 bf 19 da f9 15 e8 0f 87 b6 1c e3 cc c6 9a 8e 7f
0070 6a 24 92 e3 fc e0 65 ba a7 b1 7e ef c9 db 37 6a
0080 c8 4a c8 09 06 e4 99 02 03 01 00 01
Certificate Extensions: 5
2.16.840.1.113730.1.1: Flags = 0, Length = 4
Netscape Cert Type
SSL CA, SMIME CA (06)
2.5.29.31: Flags = 0, Length = 2e
CRL 分发点
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.verisign.com/pca1.1.1.crl
Subject:
CN=Microsoft Windows Hardware Compatibility
OU=Microsoft Corporation
OU=Microsoft Windows Hardware Compatibility Intermediate CA
OU=Copyright (c) 1997 Microsoft Corp.
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 e0 4e 10 0e b8 a7 ef 21 ca
0010 60 5a dc 9f 1e 3e 83 77 5a 29 2e f9 4e e5 08 5d
0020 de e1 cf 09 c0 1f 44 b7 07 a8 4b a4 22 30 3b 19
0030 06 83 ee f3 ac 27 78 ae ca d6 40 2b ce 79 01 e1
0040 9d 56 8b 36 72 b1 63 90 5f a0 b2 c0 66 a6 49 c5
0050 3c fa 26 a2 62 c3 d3 b5 cc 61 15 4c f2 3f b4 e7
0060 45 08 43 89 7f 6a 8d d5 66 fb d7 ff 64 00 c4 11
0070 fd 2c a3 0b 75 b0 fb e5 ac 26 65 a3 81 e6 66 49
0080 3d 1d 73 7a 9b 71 d7 02 03 01 00 01
Certificate Extensions: 3
2.5.29.19: Flags = 1(Critical), Length = 5
基本限制
Subject Type=CA
Path Length Constraint=None
2.5.29.31: Flags = 0, Length = 45
CRL 分发点
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.microsoft.com/pki/crl/products/MSNContentPCA.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 44
颁发机构信息访问
[1]Authority Info Access
Access Method=证书颁发机构颁发者 (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=http://www.microsoft.com/pki/certs/MSNContentPCA.crt
System-Id ::= SEQUENCE {
--at least one of the following must be present
person-or-institution-symbol [0] Person-Or-Institution-Symbol OPTIONAL,
name-of-person-or-institution [1] Name-Of-Person-Or-Institution OPTIONAL
}
Third-Party-Info-Type ::= SEQUENCE {
permission-to-forward [0] IMPLICIT BOOLEAN DEFAULT FALSE,
permission-to-chain [1] IMPLICIT BOOLEAN DEFAULT FALSE,
permission-to-partition [2] IMPLICIT BOOLEAN DEFAULT FALSE,
permission-to-change-send-to-list [3] IMPLICIT BOOLEAN DEFAULT FALSE,
initial-requester-address [4] IMPLICIT System-Address OPTIONAL,
-- mandatory when initiating a FORWARD service or an
-- ILL-REQUEST service for a partitioned ILL
-- sub-transaction; optional otherwise
preference [5] IMPLICIT ENUMERATED {
ordered (1),
unordered (2)
} DEFAULT 2,
send-to-list [6] IMPLICIT Send-To-List-Type OPTIONAL,
already-tried-list [7] IMPLICIT Already-Tried-List-Type OPTIONAL
-- mandatory when initiating a FORWARD service, or when
-- initiating an ILL-REQUEST service for an ILL
-- sub-transaction if the received ILL-REQUEST included an
-- "already-tried-list"; optional otherwise
}
UNIVERSAL 0 Reserved for use by the encoding rules
UNIVERSAL 1 Boolean type
UNIVERSAL 2 Integer type
UNIVERSAL 3 Bitstring type
UNIVERSAL 4 Octetstring type
UNIVERSAL 5 Null type
UNIVERSAL 6 Object identifier type
UNIVERSAL 7 Object descriptor type
UNIVERSAL 8 External type and Instance-of type
UNIVERSAL 9 Real type
UNIVERSAL 10 Enumerated type
UNIVERSAL 11 Embedded-pdv type
UNIVERSAL 12 UTF8String type
UNIVERSAL 13 Relative object identifier type
UNIVERSAL 14-15 Reserved for future editions of this Recommendation | International Standard
UNIVERSAL 16 Sequence and Sequence-of types
UNIVERSAL 17 Set and Set-of types
UNIVERSAL 18-22, 25-30 Character string types
UNIVERSAL 23-24 Time types
UNIVERSAL 31-... Reserved for addenda to this Recommendation | International Standard
Extension root type 1st extension 2nd extension 3rd extension
A ::= SEQUENCE { A ::= SEQUENCE { A ::= SEQUENCE { A ::= SEQUENCE {
a INTEGER, a INTEGER, a INTEGER, a INTEGER,
... ..., ..., ...,
} [[ [[ [[
b BOOLEAN, b BOOLEAN, b BOOLEAN,
c INTEGER c INTEGER c INTEGER
]] ]], ]],
} d SEQUENCE { d SEQUENCE {
e INTEGER, e INTEGER,
..., ...,
..., [[
f IA5String g BOOLEAN OPTIONAL,
} h BMPString
} ]],
...,
f IA5String
}
}
ASN1-CHARACTER-MODULE { joint-iso-itu-t asn1(1) specification(0) modules(0)
iso10646(0) }
DEFINITIONS ::= BEGIN
-- All of the value references and type references defined within this
-- module are implicitly exported, and are available for import by any module.
-- ISO/IEC 646 control characters:
nul IA5String ::= {0, 0}
soh IA5String ::= {0, 1}
stx IA5String ::= {0, 2}
etx IA5String ::= {0, 3}
eot IA5String ::= {0, 4}
enq IA5String ::= {0, 5}
ack IA5String ::= {0, 6}
bel IA5String ::= {0, 7}
bs IA5String ::= {0, 8}
ht IA5String ::= {0, 9}
lf IA5String ::= {0,10}
vt IA5String ::= {0,11}
ff IA5String ::= {0,12}
cr IA5String ::= {0,13}
so IA5String ::= {0,14}
si IA5String ::= {0,15}
dle IA5String ::= {1, 0}
dc1 IA5String ::= {1, 1}
ISO/IEC 8824-1:2003 (E)
60 ITU-T Rec. X.680 (07/2002)
dc2 IA5String ::= {1, 2}
dc3 IA5String ::= {1, 3}
dc4 IA5String ::= {1, 4}
nak IA5String ::= {1, 5}
syn IA5String ::= {1, 6}
etb IA5String ::= {1, 7}
can IA5String ::= {1, 8}
em IA5String ::= {1, 9}
sub IA5String ::= {1,10}
esc IA5String ::= {1,11}
is4 IA5String ::= {1,12}
is3 IA5String ::= {1,13}
is2 IA5String ::= {1,14}
is1 IA5String ::= {1,15}
del IA5String ::= {7,15}
Subject:
CN=VeriSign Class 2 CA - Individual Subscriber
OU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98
OU=VeriSign Trust Network
O=VeriSign, Inc.
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 b5 cb 1a 54 5e 25 b0 2c 59
0010 5f 09 6b d0 da d6 4a 4b 11 9d 1a 0a 3e 7e 2f b7
0020 65 5f 17 63 15 e5 2c d0 20 00 0c f0 ba 6b aa 5e
0030 49 b1 68 93 83 25 ac 24 5f a2 23 1c 69 4d b8 3b
0040 db 7d da 8f c1 09 cf a5 58 3a b6 4b c4 d4 db d8
0050 ae 75 fa 86 22 99 22 01 28 60 a5 db d5 30 df 21
0060 70 5e 48 99 ad 21 54 91 d1 de 5f fb 38 29 53 1b
0070 e2 7a 53 58 c5 0d 5d 13 07 b3 50 c4 06 4b 39 f8
0080 54 ab b9 8b 69 12 13 02 03 01 00 01
Certificate Extensions: 5
2.16.840.1.113730.1.1: Flags = 0, Length = 4
Netscape Cert Type
SSL CA, SMIME CA (06)
2.5.29.31: Flags = 0, Length = 2e
CRL 分发点
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.verisign.com/pca2.1.1.crl