From: Thomas
Wisniewski [mailto:Thomas.Wisniewski@entrust.com]
Sent: Monday, January 31, 2005
4:34 PM
To: adam.dong@Sun.COM; Rich Salz
Cc: samldemotech
Subject: RE: Certificates
Rich,
from my recollection of the meetings, you need a separate certs for the idp and
sp (based on the host name).
As to
whether you have one for signing and one for ssl (for the IDP and SP), it does
not matter to me.
Note that
the client cert is probably irrelevant since we are not using soap.
Tom.
-----Original
Message-----
From: Xuesi Dong [mailto:adam.dong@Sun.COM]
Sent: Monday, January 31, 2005 3:57
PM
To: Rich Salz
Cc: samldemotech
Subject: Re: Certificates
See
comment below.
thanks,
adam
Rich Salz
wrote:
> I'm attaching a sample root
certificate -- seem okay?
>
> I'm also confused as to how
many certificates to create. SSL requires
> the CN to match the hostname,
so there's at least one/device for
> everyone (i.e., in most cases
two).
>
> The next question is do we
have
>
an ssl client cert; and
No need
for client cert.
>
an ssl server cert; and
>
a digital signature cert
> or
>
a single "omnibus" cert
>
so the
question is two certs (one for ssl server, and one for signing)
or one cert (for both purpose).
before
(in previous events) we had ssl cert and signing cert separate.
but
either way is ok with me.
> If
we use the "three certs" option, note that the DN's will say things
like
>
O=DataPower SSLClient, CN=myxs.datapower.com
>
O=DataPower Signing, CN=myxs.datapower.com
>
> Right now the
"omnibus" cert as the "omnibus" tag in the O field; I'll
> get rid of that.
>
> My plan is to create keys and
mail out pkcs#12 files to folks, along
> with "PEM"
files. FYI, I am attaching samples of each kind of client
> cert (sslclient.pem,
sslserver.pem, signing.pem, omnibus.pem) and a
> sample root cert (root.pem)
>
> I want to grind all these out
tonite.... speak quickly. :)
>
>
/r$
>
>
>
>
>
>
------------------------------------------------------------------------
>
> Certificate:
> Data:
>
Version: 3 (0x2)
>
Serial Number: 0 (0x0)
>
Signature Algorithm: sha1WithRSAEncryption
>
Issuer: O=SAML Demo, CN=CA
>
Validity
>
Not Before: Jan 31 20:17:54 2005 GMT
>
Not After : Jun 15 20:17:54 2006 GMT
>
Subject: O=SAML Demo, CN=CA
>
Subject Public Key Info:
>
Public Key Algorithm: rsaEncryption
>
RSA Public Key: (2048 bit)
>
Modulus (2048 bit):
>
00:b6:c5:66:3f:6d:fb:d4:64:98:bd:b6:fa:87:47:
>
6b:29:21:0a:51:ce:7a:86:2d:a9:20:ff:51:4a:f6:
>
56:49:69:a1:62:52:31:9b:35:4a:f4:68:5c:05:f3:
>
6a:f7:e7:7c:2b:e4:7f:46:4e:cf:56:d7:e3:a7:74:
>
79:28:e0:03:5a:8e:c8:80:6b:67:3f:cf:76:96:82:
>
aa:96:4a:c1:1c:0f:7f:5a:71:c8:79:63:de:b0:d0:
>
9d:0a:78:a7:d0:bf:d3:84:4d:88:58:8c:85:84:5d:
>
df:2d:29:22:a9:bf:00:68:1e:7e:24:0c:a0:d3:99:
>
66:51:29:3d:b2:78:f6:7f:4b:f2:61:17:04:c0:81:
>
46:d4:16:a0:19:fc:d0:d2:01:88:31:b4:03:95:43:
>
7d:38:a2:90:56:70:c8:bd:a9:0b:9a:15:4a:92:ad:
>
69:bf:b1:1d:75:15:c3:4b:15:fc:e3:ec:0d:95:e7:
>
1a:57:c4:5a:e6:62:99:6b:52:5b:ec:be:b6:44:e1:
>
62:41:fc:40:2a:3c:68:b7:b8:cb:6f:7b:54:4c:71:
>
92:49:ab:0a:a8:43:51:ef:c5:5c:7b:f6:e5:85:61:
>
8b:f4:d2:97:8e:ec:e8:53:8b:0b:7c:3b:59:71:64:
>
3a:d4:2b:10:5f:7e:ef:29:0b:c4:0c:2b:4e:f4:42:
>
47:c5
>
Exponent: 65537 (0x10001)
>
X509v3 extensions:
>
X509v3 Subject Key Identifier:
>
BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
X509v3 Authority Key Identifier:
>
keyid:BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
>
X509v3 Basic Constraints: critical
>
CA:TRUE
>
X509v3 Key Usage: critical
>
Certificate Sign, CRL Sign
>
Netscape Cert Type:
>
SSL CA, S/MIME CA, Object Signing CA
>
Signature Algorithm: sha1WithRSAEncryption
>
46:11:a5:84:a3:7d:2b:1b:54:dd:e0:8b:8c:f3:b7:a0:e2:a0:
>
51:a6:c5:9d:b4:ab:6f:cd:5e:8c:f6:a3:a9:ba:c4:4d:df:9d:
>
4c:34:8d:d1:03:0c:99:2d:1d:3f:3f:8b:d7:97:f0:52:02:85:
>
a6:c4:f3:ab:2e:5f:8f:ab:79:46:3c:e9:9b:b5:0e:b6:47:fb:
>
8e:8d:26:65:00:ed:55:a5:32:89:bf:92:bb:19:58:f9:26:d4:
>
1c:75:2b:78:59:9a:3d:a6:23:c7:42:72:d3:58:56:c1:82:e3:
>
36:ef:63:aa:23:9f:a2:5c:ec:60:78:61:f4:b1:65:8c:5f:20:
>
f3:76:96:f0:dd:72:92:5e:d9:ca:34:76:9f:de:fc:a1:63:c3:
>
a5:30:c2:b8:ea:4e:3b:75:b8:46:0d:36:a4:7e:24:74:c4:0a:
>
02:1e:99:f7:f9:a3:9e:da:b1:85:37:41:ee:d3:3e:a3:93:d1:
>
cf:43:bd:cf:9c:8f:6e:c6:83:49:a7:03:3a:2e:5a:6b:3d:50:
>
ae:ef:f1:7f:6d:71:1e:87:9e:63:4d:f5:a2:36:1d:87:8f:0a:
>
08:f5:4f:e2:7e:fc:3c:8f:35:58:a5:15:29:dd:c0:82:8b:6e:
>
a0:e3:da:cd:07:4b:66:52:f3:5f:08:98:38:a2:72:8f:bb:68:
>
b7:b3:d6:29
> -----BEGIN CERTIFICATE-----
>
MIIDMzCCAhugAwIBAgIBADANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
>
IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDEzMTIwMTc1NFoXDTA2MDYxNTIwMTc1
>
NFowITESMBAGA1UEChMJU0FNTCBEZW1vMQswCQYDVQQDEwJDQTCCASIwDQYJKoZI
>
hvcNAQEBBQADggEPADCCAQoCggEBALbFZj9t+9RkmL22+odHaykhClHOeoYtqSD/
> UUr2VklpoWJSMZs1SvRoXAXzavfnfCvkf0ZOz1bX46d0eSjgA1qOyIBrZz/PdpaC
>
qpZKwRwPf1pxyHlj3rDQnQp4p9C/04RNiFiMhYRd3y0pIqm/AGgefiQMoNOZZlEp
>
PbJ49n9L8mEXBMCBRtQWoBn80NIBiDG0A5VDfTiikFZwyL2pC5oVSpKtab+xHXUV
>
w0sV/OPsDZXnGlfEWuZimWtSW+y+tkThYkH8QCo8aLe4y297VExxkkmrCqhDUe/F
> XHv25YVhi/TSl47s6FOLC3w7WXFkOtQrEF9+7ykLxAwrTvRCR8UCAwEAAaN2MHQw
>
HQYDVR0OBBYEFL43OCwpxM6GRqP7XPj4uHprKRYgMB8GA1UdIwQYMBaAFL43OCwp
>
xM6GRqP7XPj4uHprKRYgMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
>
MBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEARhGlhKN9KxtU
>
3eCLjPO3oOKgUabFnbSrb81ejPajqbrETd+dTDSN0QMMmS0dPz+L15fwUgKFpsTz
>
qy5fj6t5Rjzpm7UOtkf7jo0mZQDtVaUyib+SuxlY+SbUHHUreFmaPaYjx0Jy01hW
>
wYLjNu9jqiOfolzsYHhh9LFljF8g83aW8N1ykl7ZyjR2n978oWPDpTDCuOpOO3W4
>
Rg02pH4kdMQKAh6Z9/mjntqxhTdB7tM+o5PRz0O9z5yPbsaDSacDOi5aaz1Qru/x
>
f21xHoeeY031ojYdh48KCPVP4n78PI81WKUVKd3AgotuoOPazQdLZlLzXwiYOKJy
> j7tot7PWKQ==
> -----END CERTIFICATE-----
>
>
>
------------------------------------------------------------------------
>
> Certificate:
> Data:
>
Version: 3 (0x2)
>
Serial Number: 4 (0x4)
>
Signature Algorithm: sha1WithRSAEncryption
>
Issuer: O=SAML Demo, CN=CA
>
Validity
>
Not Before: Jan 31 20:18:23 2005 GMT
>
Not After : Jan 31 20:18:23 2006 GMT
>
Subject: O=datapower omnibus, CN=mysp.datapower.com
>
Subject Public Key Info:
>
Public Key Algorithm: rsaEncryption
>
RSA Public Key: (1024 bit)
>
Modulus (1024 bit):
>
00:d8:27:5a:28:bc:16:51:e6:39:60:55:42:f1:ab:
>
33:55:07:c0:fa:b9:ed:e5:02:1d:58:72:4b:bc:2a:
>
3a:bc:54:a8:c2:cf:fd:23:4d:cc:0d:ff:0a:fa:27:
>
9e:89:58:2e:82:c6:7f:6b:b1:40:4f:eb:d4:65:85:
>
da:a6:17:28:54:7d:d5:2e:51:28:37:55:5b:f7:ea:
>
8e:b6:d5:86:ad:fa:d9:d6:84:70:c3:86:28:63:b6:
>
8f:3b:f6:ec:82:3e:43:06:21:43:72:2f:4e:83:7c:
>
67:eb:5a:94:14:0d:2c:89:3c:1b:a9:12:0c:df:44:
>
a8:55:de:f2:fc:72:c1:7f:0d
>
Exponent: 65537 (0x10001)
>
X509v3 extensions:
>
X509v3 Subject Key Identifier:
>
37:FE:1E:C0:6E:3B:81:DC:CC:8E:52:12:40:E3:60:B1:4A:E5:08:66
>
X509v3 Authority Key Identifier:
>
keyid:BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
>
X509v3 Basic Constraints:
>
CA:FALSE
>
X509v3 Key Usage: critical
>
Digital Signature, Key Encipherment
>
Netscape Cert Type:
>
SSL Client, SSL Server
>
Signature Algorithm: sha1WithRSAEncryption
>
0e:29:28:ae:04:50:46:65:11:e2:29:18:21:4f:dc:67:df:aa:
>
3a:0e:e9:df:94:97:64:1d:e5:19:d1:fb:db:2b:db:b3:17:99:
>
7c:b1:d0:eb:00:4c:62:3a:19:fe:27:0d:26:c7:ec:42:f9:6d:
>
23:28:64:09:0c:e5:32:a1:16:27:f3:a5:03:fc:59:b0:fa:5a:
>
19:21:54:58:6f:2c:55:7c:f1:66:16:0c:8a:d8:7a:2d:e3:84:
>
70:d8:a9:34:a0:6b:2b:af:ef:af:68:b6:3f:f1:e5:5c:c5:14:
>
9f:1b:3a:4f:73:82:30:fc:b4:e0:67:98:1f:6a:63:08:b4:5a:
>
30:88:5b:9a:11:c5:d4:b0:cc:df:f8:9e:29:c2:ab:cc:fa:90:
>
a8:70:f7:e5:cb:0c:81:33:f8:72:1e:10:54:47:04:89:f0:29:
>
f4:f9:98:39:1d:7d:6d:ee:a4:69:8c:5f:f3:10:6a:67:44:5f:
>
2d:3a:3b:a4:d8:a9:6c:b3:30:28:5e:6f:a9:4e:db:83:33:64:
>
d0:1c:45:6e:12:46:b7:cb:7f:26:59:1e:cd:fb:6f:38:1d:39:
>
16:d3:f6:66:9d:d2:8a:e8:36:10:9a:e0:44:66:d7:3e:3b:bf:
>
e9:f3:4d:a1:fe:58:0c:4e:fa:5c:65:18:cc:b4:58:4b:98:62:
>
b3:23:34:76
> -----BEGIN CERTIFICATE-----
>
MIICwTCCAamgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
> IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDEzMTIwMTgyM1oXDTA2MDEzMTIwMTgy
>
M1owOTEaMBgGA1UEChMRZGF0YXBvd2VyIG9tbmlidXMxGzAZBgNVBAMTEm15c3Au
>
ZGF0YXBvd2VyLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2CdaKLwW
>
UeY5YFVC8aszVQfA+rnt5QIdWHJLvCo6vFSows/9I03MDf8K+ieeiVgugsZ/a7FA
>
T+vUZYXaphcoVH3VLlEoN1Vb9+qOttWGrfrZ1oRww4YoY7aPO/bsgj5DBiFDci9O
>
g3xn61qUFA0siTwbqRIM30SoVd7y/HLBfw0CAwEAAaNwMG4wHQYDVR0OBBYEFDf+
>
HsBuO4HczI5SEkDjYLFK5QhmMB8GA1UdIwQYMBaAFL43OCwpxM6GRqP7XPj4uHpr
>
KRYgMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMBEGCWCGSAGG+EIBAQQEAwIG
>
wDANBgkqhkiG9w0BAQUFAAOCAQEADikorgRQRmUR4ikYIU/cZ9+qOg7p35SXZB3l
>
GdH72yvbsxeZfLHQ6wBMYjoZ/icNJsfsQvltIyhkCQzlMqEWJ/OlA/xZsPpaGSFU
>
WG8sVXzxZhYMith6LeOEcNipNKBrK6/vr2i2P/HlXMUUnxs6T3OCMPy04GeYH2pj
> CLRaMIhbmhHF1LDM3/ieKcKrzPqQqHD35csMgTP4ch4QVEcEifAp9PmYOR19be6k
>
aYxf8xBqZ0RfLTo7pNipbLMwKF5vqU7bgzNk0BxFbhJGt8t/JlkezftvOB05FtP2
>
Zp3Siug2EJrgRGbXPju/6fNNof5YDE76XGUYzLRYS5hisyM0dg==
> -----END CERTIFICATE-----
>
>
>
------------------------------------------------------------------------
>
> Certificate:
> Data:
>
Version: 3 (0x2)
>
Serial Number: 3 (0x3)
>
Signature Algorithm: sha1WithRSAEncryption
>
Issuer: O=SAML Demo, CN=CA
>
Validity
>
Not Before: Jan 31 20:18:20 2005 GMT
>
Not After : Jan 31 20:18:20 2006 GMT
>
Subject: O=datapower signing, CN=mysp.datapower.com
>
Subject Public Key Info:
>
Public Key Algorithm: rsaEncryption
>
RSA Public Key: (1024 bit)
>
Modulus (1024 bit):
>
00:bc:19:ee:96:90:03:af:d3:4c:7e:00:1c:8a:ab:
>
85:f2:0a:66:92:73:1f:5c:c0:df:46:9c:ad:7d:ca:
>
6d:dc:26:32:5f:07:c3:de:28:57:e0:e2:6a:b2:2b:
>
48:75:8b:ef:78:1f:ca:ad:4d:a4:de:d0:05:c9:0b:
>
04:f0:cd:f9:2d:9b:db:2a:9e:e5:f4:e5:c1:38:df:
>
5a:9d:cd:6e:65:b1:24:24:c0:b7:06:69:b1:71:7d:
>
74:6e:b3:97:d3:f9:b4:3f:f3:f9:31:7d:a7:56:a9:
>
6e:fc:91:e7:25:2b:46:96:1c:33:d5:f3:ee:55:e9:
>
b3:bc:75:33:7a:56:29:0b:e3
>
Exponent: 65537 (0x10001)
>
X509v3 extensions:
>
X509v3 Subject Key Identifier:
>
56:19:C0:97:2B:44:BD:DC:C5:2D:00:D2:9E:39:20:AC:DD:1A:60:BB
>
X509v3 Authority Key Identifier:
>
keyid:BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
>
X509v3 Basic Constraints:
>
CA:FALSE
>
X509v3 Key Usage:
>
Digital Signature
>
Signature Algorithm: sha1WithRSAEncryption
>
34:33:2d:ee:f6:d5:05:62:00:e1:b0:6c:26:42:a8:e0:f4:96:
>
d0:15:45:3f:d3:40:9d:7b:65:8e:93:4a:d9:7d:38:ec:a0:bc:
>
3b:d5:a2:89:cc:bf:23:98:85:6c:2e:fe:2b:53:ab:ef:24:a6:
>
b3:40:7e:b2:17:56:47:af:a7:c7:39:f1:48:1c:f1:98:54:a8:
>
a6:b8:a9:98:37:dd:d9:3b:bf:b7:44:2e:94:4a:85:00:e4:2f:
>
2b:19:c8:44:81:2c:e4:b0:64:b6:47:12:fd:c2:b8:a9:5c:25:
>
7c:d1:31:9e:c9:55:0f:e6:3d:a8:e2:ff:43:5e:80:af:6e:6a:
>
1d:2f:50:56:a0:1e:cf:6c:0a:d8:89:af:2c:28:91:ab:3e:61:
>
1f:22:e4:65:ba:c8:cf:08:56:3c:d2:03:c4:3a:f7:f3:f4:a4:
>
20:df:cb:3e:d2:70:bf:a4:a2:f1:1b:59:51:6a:78:4f:61:6f:
>
10:27:fc:ae:6c:69:c3:a2:2f:7c:a2:f6:47:cc:4d:6b:12:99:
>
d0:3f:fc:d9:9e:8b:23:25:1c:f3:e5:35:b5:bc:a7:59:fa:1c:
>
78:49:25:28:7a:d5:e2:8e:c6:dd:d2:1c:e8:26:20:45:a6:e7:
>
bf:14:28:d2:e8:d0:58:d9:6d:2c:82:58:55:08:5e:27:9a:65:
>
bd:38:9e:6b
> -----BEGIN CERTIFICATE-----
>
MIICqzCCAZOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
>
IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDEzMTIwMTgyMFoXDTA2MDEzMTIwMTgy
> MFowOTEaMBgGA1UEChMRZGF0YXBvd2VyIHNpZ25pbmcxGzAZBgNVBAMTEm15c3Au
>
ZGF0YXBvd2VyLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvBnulpAD
>
r9NMfgAciquF8gpmknMfXMDfRpytfcpt3CYyXwfD3ihX4OJqsitIdYvveB/KrU2k
>
3tAFyQsE8M35LZvbKp7l9OXBON9anc1uZbEkJMC3BmmxcX10brOX0/m0P/P5MX2n
> Vqlu/JHnJStGlhwz1fPuVemzvHUzelYpC+MCAwEAAaNaMFgwHQYDVR0OBBYEFFYZ
>
wJcrRL3cxS0A0p45IKzdGmC7MB8GA1UdIwQYMBaAFL43OCwpxM6GRqP7XPj4uHpr
>
KRYgMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4IBAQA0
>
My3u9tUFYgDhsGwmQqjg9JbQFUU/00Cde2WOk0rZfTjsoLw71aKJzL8jmIVsLv4r
>
U6vvJKazQH6yF1ZHr6fHOfFIHPGYVKimuKmYN93ZO7+3RC6USoUA5C8rGchEgSzk
>
sGS2RxL9wripXCV80TGeyVUP5j2o4v9DXoCvbmodL1BWoB7PbArYia8sKJGrPmEf
>
IuRlusjPCFY80gPEOvfz9KQg38s+0nC/pKLxG1lRanhPYW8QJ/yubGnDoi98ovZH
>
zE1rEpnQP/zZnosjJRzz5TW1vKdZ+hx4SSUoetXijsbd0hzoJiBFpue/FCjS6NBY
> 2W0sglhVCF4nmmW9OJ5r
> -----END CERTIFICATE-----
>
>
>
------------------------------------------------------------------------
>
> Certificate:
> Data:
>
Version: 3 (0x2)
>
Serial Number: 2 (0x2)
>
Signature Algorithm: sha1WithRSAEncryption
>
Issuer: O=SAML Demo, CN=CA
>
Validity
>
Not Before: Jan 31 20:18:14 2005 GMT
>
Not After : Jan 31 20:18:14 2006 GMT
>
Subject: O=datapower sslclient, CN=mysp.datapower.com
>
Subject Public Key Info:
>
Public Key Algorithm: rsaEncryption
>
RSA Public Key: (1024 bit)
>
Modulus (1024 bit):
>
00:c2:9d:c0:a9:5b:99:ad:c5:51:fe:a2:57:c5:f5:
>
b6:4f:e1:8e:15:46:ef:3a:41:b4:81:5e:56:90:64:
>
b5:c6:64:d3:ec:4c:f3:ed:e3:55:23:20:31:38:2b:
>
bc:79:c5:7b:55:6d:80:6e:d9:80:b0:d2:0d:6d:1b:
>
72:64:0e:a1:78:84:33:75:15:11:f8:90:00:78:ad:
>
91:4f:33:9c:9c:e4:2d:55:b2:08:59:76:59:48:7d:
>
de:76:c8:a0:ad:25:bf:5e:1d:12:99:00:db:a3:3f:
>
73:2d:3d:8d:8a:f0:fb:9b:81:3d:e6:18:c0:03:88:
>
76:64:74:29:43:c8:4f:d0:c5
>
Exponent: 65537 (0x10001)
>
X509v3 extensions:
>
X509v3 Subject Key Identifier:
>
2D:32:8B:9D:74:0C:74:60:C3:69:49:3C:E6:2E:6E:D1:88:1E:ED:6C
>
X509v3 Authority Key Identifier:
>
keyid:BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
>
X509v3 Key Usage: critical
>
Digital Signature
>
Netscape Cert Type:
>
SSL Client
>
Signature Algorithm: sha1WithRSAEncryption
>
b1:8e:d9:44:60:7d:b4:8c:21:40:b8:5f:82:7b:3f:1a:23:24:
>
e8:fb:25:33:a0:91:ab:c0:4b:c1:e5:5b:aa:d3:12:5f:d7:1c:
>
91:19:af:e0:1c:93:ff:00:92:00:eb:ad:00:f5:15:43:21:87:
>
5c:70:4d:b1:59:56:06:05:93:00:2e:27:3e:cf:47:ce:be:bd:
>
a0:fa:fa:09:2a:fd:8c:84:a4:9c:ff:2b:76:3e:12:e8:ef:f3:
>
f2:c1:d5:ba:2d:1f:e0:16:a9:31:f8:88:19:52:53:14:8b:51:
>
20:2f:75:e2:a5:ce:58:a0:f9:c3:3a:8e:26:7c:cf:6a:f3:a1:
>
61:8c:0f:b3:42:01:5d:ea:13:f3:df:af:66:0c:88:87:53:fc:
>
09:6e:8d:55:77:91:46:83:08:b6:20:0e:03:b3:c3:4b:9a:5d:
>
1f:9c:25:e9:93:45:c5:1e:b7:fe:02:cc:f8:a7:21:4e:b2:6b:
>
c8:75:af:10:91:80:31:b5:df:7c:0a:8c:c0:08:31:fa:36:9e:
>
c7:59:23:19:8a:80:52:2a:2f:64:cc:58:f0:e0:6c:bb:b5:49:
>
c5:62:5e:bd:a2:f4:bd:27:40:f7:0c:a8:24:8d:8e:eb:0d:fe:
>
29:3c:af:51:9b:c4:0b:4a:f5:d3:4a:6c:87:b8:6a:4f:dc:c1:
>
33:3c:d0:aa
> -----BEGIN CERTIFICATE-----
>
MIICuDCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
>
IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDEzMTIwMTgxNFoXDTA2MDEzMTIwMTgx
>
NFowOzEcMBoGA1UEChMTZGF0YXBvd2VyIHNzbGNsaWVudDEbMBkGA1UEAxMSbXlz
> cC5kYXRhcG93ZXIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCncCp
>
W5mtxVH+olfF9bZP4Y4VRu86QbSBXlaQZLXGZNPsTPPt41UjIDE4K7x5xXtVbYBu
>
2YCw0g1tG3JkDqF4hDN1FRH4kAB4rZFPM5yc5C1VsghZdllIfd52yKCtJb9eHRKZ
>
ANujP3MtPY2K8PubgT3mGMADiHZkdClDyE/QxQIDAQABo2UwYzAdBgNVHQ4EFgQU
>
LTKLnXQMdGDDaUk85i5u0Yge7WwwHwYDVR0jBBgwFoAUvjc4LCnEzoZGo/tc+Pi4
>
emspFiAwDgYDVR0PAQH/BAQDAgeAMBEGCWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG
>
9w0BAQUFAAOCAQEAsY7ZRGB9tIwhQLhfgns/GiMk6PslM6CRq8BLweVbqtMSX9cc
>
kRmv4ByT/wCSAOutAPUVQyGHXHBNsVlWBgWTAC4nPs9Hzr69oPr6CSr9jISknP8r
>
dj4S6O/z8sHVui0f4BapMfiIGVJTFItRIC914qXOWKD5wzqOJnzPavOhYYwPs0IB
>
XeoT89+vZgyIh1P8CW6NVXeRRoMItiAOA7PDS5pdH5wl6ZNFxR63/gLM+KchTrJr
>
yHWvEJGAMbXffAqMwAgx+jaex1kjGYqAUiovZMxY8OBsu7VJxWJevaL0vSdA9wyo
> JI2O6w3+KTyvUZvEC0r100psh7hqT9zBMzzQqg==
> -----END CERTIFICATE-----
>
>
>
------------------------------------------------------------------------
>
> Certificate:
> Data:
>
Version: 3 (0x2)
>
Serial Number: 1 (0x1)
>
Signature Algorithm: sha1WithRSAEncryption
>
Issuer: O=SAML Demo, CN=CA
>
Validity
>
Not Before: Jan 31 20:18:11 2005 GMT
>
Not After : Jan 31 20:18:11 2006 GMT
>
Subject: O=datapower sslserver, CN=mysp.datapower.com
>
Subject Public Key Info:
>
Public Key Algorithm: rsaEncryption
>
RSA Public Key: (1024 bit)
>
Modulus (1024 bit):
>
00:9b:60:fb:c8:af:62:5d:24:ce:e7:bf:1b:01:86:
>
24:74:ca:87:3c:fa:e0:a8:ab:e2:2a:b2:90:21:28:
>
6b:f1:d4:29:cf:16:ef:28:32:83:4b:4b:b8:26:a0:
>
95:9f:d5:58:43:62:9c:15:f0:f8:70:33:10:d6:f7:
>
46:5a:0d:ae:9a:83:db:ab:a8:d4:2c:d4:a3:e1:75:
>
13:fd:5f:86:7d:84:e6:ff:44:49:44:e5:00:36:e0:
>
73:6a:86:f8:c3:59:55:da:41:92:ca:47:fe:29:b0:
>
06:58:62:49:7a:a1:2e:20:11:c1:e4:60:d1:4e:3f:
>
42:e4:05:e2:4e:0a:ae:a5:57
>
Exponent: 65537 (0x10001)
>
X509v3 extensions:
>
X509v3 Subject Key Identifier:
>
1D:22:0E:66:D9:10:FC:9F:4A:DE:BA:01:30:BB:29:AB:BA:E5:05:7F
>
X509v3 Authority Key Identifier:
>
keyid:BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
>
X509v3 Key Usage: critical
>
Key Encipherment
>
Netscape Cert Type:
>
SSL Server
> Signature
Algorithm: sha1WithRSAEncryption
>
8f:06:8d:a2:9f:95:c3:02:5f:0f:7f:1c:23:7e:81:4b:8f:cd:
>
40:27:6c:5c:94:7b:c2:46:67:7a:40:49:1c:8a:a3:b8:a7:85:
>
7d:92:33:56:3b:b7:1b:e9:c7:cb:f9:02:dd:b5:1c:43:fb:7c:
>
89:96:3f:a9:d0:1d:bb:97:0b:5a:1c:c1:d3:6c:02:e6:4a:52:
>
e6:87:19:19:b0:3b:26:5a:92:23:af:33:9d:9c:ce:3b:32:2e:
>
bb:2c:d3:cc:00:74:61:b1:67:ec:1b:3c:76:86:c0:1f:eb:a8:
>
db:66:30:e9:e4:c2:75:bc:f1:32:8f:73:4e:3f:54:ba:69:f7:
>
ce:f5:3b:a1:37:7e:db:af:6b:00:a4:22:56:17:82:ea:84:02:
>
bb:bd:ef:03:47:92:7e:23:b5:f8:a4:dc:40:a2:d1:48:45:6a:
>
63:71:02:77:29:f6:d5:d8:df:c5:d9:8b:ea:d3:9b:55:45:1d:
>
32:5b:1d:45:bb:07:3b:0f:fd:df:ec:97:6d:e9:9b:e9:78:10:
>
e7:9a:a1:04:2f:a7:43:4e:fc:2c:da:cd:6e:02:41:c2:39:ea:
>
62:31:af:fa:13:36:c3:cf:2b:0d:87:4b:61:1a:c5:d2:90:62:
>
89:16:40:fc:97:c3:a9:e7:8c:32:05:93:89:d4:6e:7a:71:77:
>
09:de:dc:10
> -----BEGIN CERTIFICATE-----
> MIICuDCCAaCgAwIBAgIBATANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
>
IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDEzMTIwMTgxMVoXDTA2MDEzMTIwMTgx
>
MVowOzEcMBoGA1UEChMTZGF0YXBvd2VyIHNzbHNlcnZlcjEbMBkGA1UEAxMSbXlz
>
cC5kYXRhcG93ZXIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbYPvI
>
r2JdJM7nvxsBhiR0yoc8+uCoq+IqspAhKGvx1CnPFu8oMoNLS7gmoJWf1VhDYpwV
>
8PhwMxDW90ZaDa6ag9urqNQs1KPhdRP9X4Z9hOb/RElE5QA24HNqhvjDWVXaQZLK
>
R/4psAZYYkl6oS4gEcHkYNFOP0LkBeJOCq6lVwIDAQABo2UwYzAdBgNVHQ4EFgQU
>
HSIOZtkQ/J9K3roBMLspq7rlBX8wHwYDVR0jBBgwFoAUvjc4LCnEzoZGo/tc+Pi4
>
emspFiAwDgYDVR0PAQH/BAQDAgUgMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG
>
9w0BAQUFAAOCAQEAjwaNop+VwwJfD38cI36BS4/NQCdsXJR7wkZnekBJHIqjuKeF
>
fZIzVju3G+nHy/kC3bUcQ/t8iZY/qdAdu5cLWhzB02wC5kpS5ocZGbA7JlqSI68z
> nZzOOzIuuyzTzAB0YbFn7Bs8dobAH+uo22Yw6eTCdbzxMo9zTj9Uumn3zvU7oTd+
>
269rAKQiVheC6oQCu73vA0eSfiO1+KTcQKLRSEVqY3ECdyn21djfxdmL6tObVUUd
>
MlsdRbsHOw/93+yXbemb6XgQ55qhBC+nQ078LNrNbgJBwjnqYjGv+hM2w88rDYdL
>
YRrF0pBiiRZA/JfDqeeMMgWTidRuenF3Cd7cEA==
> -----END CERTIFICATE-----