Relates :
|
|
Relates :
|
|
Relates :
|
Attached certificate is generated by MS CA on windows 2003 server. This is a interoperability issue. Keytool shows there are only four extensions in the certificate but both MS certificate tool & dumpasn1 show there are six extensions. -------------------- keytool output: -------------------- -bash-2.05b$ keytool -printcert -v -file DSA1024.crt Owner: EMAILADDRESS=###@###.###, CN=xml dsig cert2, OU=j2se, O=sun, L=santa clara, ST=ca, C=US Issuer: CN=MS CA, DC=jdksec, DC=sfbay, DC=sun, DC=com Serial number: 1abc9a81000100000046 Valid from: Tue Jun 28 14:59:46 PDT 2005 until: Wed Jun 28 15:09:46 PDT 2006 Certificate fingerprints: MD5: 43:71:40:C1:8D:B7:0D:83:B8:F2:98:77:90:58:24:41 SHA1: 4E:80:1A:4F:D6:23:61:1D:D8:B8:6E:88:61:3B:66:3D:9A:DC:0D:38 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Non_repudiation ] #2: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 95 C2 F3 FA 17 56 6A 26 06 3B 69 FD FC E1 34 60 .....Vj&.;i...4` 0010: F8 D1 39 72 ..9r ] ] #3: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: FF B4 C9 92 9E EC 89 A7 45 C6 AA AE 26 97 20 D1 ........E...&. . 0010: 3D 10 DE FC =... ] ] #4: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ emailProtection ] --------------------- dumpasn1 output: --------------------- 0 1523: SEQUENCE { 4 1243: SEQUENCE { 8 3: [0] { 10 1: INTEGER 2 : } 13 10: INTEGER 1A BC 9A 81 00 01 00 00 00 46 25 13: SEQUENCE { 27 9: OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) 38 0: NULL : } 40 105: SEQUENCE { 42 19: SET { 44 17: SEQUENCE { 46 10: OBJECT IDENTIFIER : domainComponent (0 9 2342 19200300 100 1 25) 58 3: IA5String 'com' : } : } 63 19: SET { 65 17: SEQUENCE { 67 10: OBJECT IDENTIFIER : domainComponent (0 9 2342 19200300 100 1 25) 79 3: IA5String 'sun' : } : } 84 21: SET { 86 19: SEQUENCE { 88 10: OBJECT IDENTIFIER : domainComponent (0 9 2342 19200300 100 1 25) 100 5: IA5String 'sfbay' : } : } 107 22: SET { 109 20: SEQUENCE { 111 10: OBJECT IDENTIFIER : domainComponent (0 9 2342 19200300 100 1 25) 123 6: IA5String 'jdksec' : } : } 131 14: SET { 133 12: SEQUENCE { 135 3: OBJECT IDENTIFIER commonName (2 5 4 3) 140 5: PrintableString 'MS CA' : } : } : } 147 30: SEQUENCE { 149 13: UTCTime 28/06/2005 21:59:46 GMT 164 13: UTCTime 28/06/2006 22:09:46 GMT : } 179 136: SEQUENCE { 182 11: SET { 184 9: SEQUENCE { 186 3: OBJECT IDENTIFIER countryName (2 5 4 6) 191 2: PrintableString 'US' : } : } 195 11: SET { 197 9: SEQUENCE { 199 3: OBJECT IDENTIFIER stateOrProvinceName (2 5 4 8) 204 2: PrintableString 'ca' : } : } 208 20: SET { 210 18: SEQUENCE { 212 3: OBJECT IDENTIFIER localityName (2 5 4 7) 217 11: PrintableString 'santa clara' : } : } 230 12: SET { 232 10: SEQUENCE { 234 3: OBJECT IDENTIFIER organizationName (2 5 4 10) 239 3: PrintableString 'sun' : } : } 244 13: SET { 246 11: SEQUENCE { 248 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 11) 253 4: PrintableString 'j2se' : } : } 259 23: SET { 261 21: SEQUENCE { 263 3: OBJECT IDENTIFIER commonName (2 5 4 3) 268 14: PrintableString 'xml dsig cert2' : } : } 284 32: SET { 286 30: SEQUENCE { 288 9: OBJECT IDENTIFIER emailAddress (1 2 840 113549 1 9 1) 299 17: IA5String '###@###.###' : } : } : } 318 438: SEQUENCE { 322 299: SEQUENCE { 326 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 335 286: SEQUENCE { 339 129: INTEGER : 00 F0 AA 19 08 95 4A 31 4D CB E3 B8 29 6E 59 72 : 8A 22 D8 82 07 53 87 32 C5 C1 CC E2 BF C8 79 F5 : 8D 59 EE 6C C8 1A DD 1B D4 36 2C 61 63 4D 08 5F : 0C 58 62 63 6C 4A 99 62 70 75 F9 85 1A 6B 51 41 : 05 C3 D1 C0 B0 24 17 C4 AF 84 C5 7B 25 87 4D 31 : EF 43 E5 E3 3B 51 B3 38 73 B2 7C 08 A9 2C 31 DC : 4F 2C 57 2C 44 C9 D4 09 B4 69 83 4A 36 BF 08 0E : E7 00 D6 04 37 6F 40 05 C8 04 68 FD 60 15 FB 99 : [ Another 1 bytes skipped ] 471 21: INTEGER : 00 82 12 2A D6 3B 97 C1 7F CB 54 37 8C 44 8A 62 : 5C 18 C3 90 A3 494 128: INTEGER : 26 60 22 D2 E9 17 41 78 78 FC E2 95 63 0C 60 0F : D8 47 F3 87 41 AC D2 01 2F 1C 26 F3 6D F8 F3 3C : A3 96 8E 87 B8 31 98 B8 EA FD CF 2F B1 7F F4 F8 : AF 00 C3 60 9B CF 28 D0 85 57 59 26 1F EC EF 75 : CA 67 14 2D DC FE 37 2F 52 DE 18 3D 02 BE 17 46 : EE 5C 82 50 50 06 FC E9 02 C7 C0 FE 83 D2 B9 3B : 39 DE E9 7A 3E BC 81 91 74 42 18 C7 DA FF 20 13 : B6 28 4B 0C 98 3C 00 76 EB 66 E4 34 DA AD 34 DB : } : } 625 132: BIT STRING, encapsulates { 629 128: INTEGER : 2E A8 B5 AE A2 A4 95 C8 87 67 5E 8E A6 44 5C 5F : 7E 4C F3 34 FA 33 10 2B 0C B9 C5 E6 43 ED A0 D7 : A9 B4 D1 C4 A9 69 1F 53 84 2D 33 75 1E 4F 29 49 : 96 C8 D5 62 8B F6 F0 52 42 67 0D A5 A9 4A AD 8D : 78 7F 48 AA 52 F5 72 10 6B E3 EC AE BC 4D 5F 11 : 42 63 E5 B7 4D AF BF E1 93 F8 50 EB 89 D4 F5 D1 : 89 28 1F 44 D1 E2 8F 54 22 8E F6 D4 35 DA F5 09 : E6 2C BA 06 9C 85 48 B2 17 CB 67 B5 01 0E 80 E5 : } : } 760 487: [3] { 764 483: SEQUENCE { 768 14: SEQUENCE { 770 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 775 1: BOOLEAN TRUE 778 4: OCTET STRING, encapsulates { 780 2: BIT STRING 6 unused bits : '11'B : } : } 784 29: SEQUENCE { 786 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 791 22: OCTET STRING, encapsulates { 793 20: OCTET STRING : 95 C2 F3 FA 17 56 6A 26 06 3B 69 FD FC E1 34 60 : F8 D1 39 72 : } : } 815 19: SEQUENCE { 817 3: OBJECT IDENTIFIER extKeyUsage (2 5 29 37) 822 12: OCTET STRING, encapsulates { 824 10: SEQUENCE { 826 8: OBJECT IDENTIFIER emailProtection (1 3 6 1 5 5 7 3 4) : } : } : } 836 31: SEQUENCE { 838 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 843 24: OCTET STRING, encapsulates { 845 22: SEQUENCE { 847 20: [0] : FF B4 C9 92 9E EC 89 A7 45 C6 AA AE 26 97 20 D1 : 3D 10 DE FC : } : } : } 869 148: SEQUENCE { 872 3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31) 877 140: OCTET STRING, encapsulates { 880 137: SEQUENCE { 883 134: SEQUENCE { 886 131: [0] { 889 128: [0] { 892 62: [6] : 'http://ionpulse.jdksec.sfbay.sun.com/CertEnroll/' : 'MS%20CA(1).crl' 956 62: [6] : 'file://\\IONPULSE.jdksec.sfbay.sun.com\CertEnrol' : 'l\MS CA(1).crl' : } : } : } : } : } : } 1020 228: SEQUENCE { 1023 8: OBJECT IDENTIFIER authorityInfoAccess (1 3 6 1 5 5 7 1 1) 1033 215: OCTET STRING, encapsulates { 1036 212: SEQUENCE { 1039 104: SEQUENCE { 1041 8: OBJECT IDENTIFIER caIssuers (1 3 6 1 5 5 7 48 2) 1051 92: [6] : 'http://ionpulse.jdksec.sfbay.sun.com/CertEnroll/' : 'IONPULSE.jdksec.sfbay.sun.com_MS%20CA(1).crt' : } 1145 104: SEQUENCE { 1147 8: OBJECT IDENTIFIER caIssuers (1 3 6 1 5 5 7 48 2) 1157 92: [6] : 'file://\\IONPULSE.jdksec.sfbay.sun.com\CertEnrol' : 'l\IONPULSE.jdksec.sfbay.sun.com_MS CA(1).crt' : } : } : } : } : } : } : } 1251 13: SEQUENCE { 1253 9: OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) 1264 0: NULL : } 1266 257: BIT STRING : 4D C1 86 11 C1 E8 69 F6 21 D2 72 AD 97 E7 31 53 : 37 16 1B 8D 88 6F A6 EA 0E 56 D9 41 33 7E 19 76 : D5 6B FD 54 CB 86 CE F0 6E 0F 50 5B B2 05 89 13 : AB 83 82 E7 9B 95 71 92 6E D9 C5 0D B1 2E C3 6D : A3 E3 38 36 69 15 78 5C 92 E8 55 5D 02 CB D6 7C : 3C 35 4D 62 8E 38 D1 C6 05 55 49 20 46 8A 35 35 : FC 07 7C 55 D9 CD 70 FF E9 3A 2C 22 19 C7 96 BF : 9D 04 B0 19 26 91 BE 81 25 DC F9 65 63 D6 F9 39 : [ Another 128 bytes skipped ] : } 0 warnings, 0 errors.
|