OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

samldemotech message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: Certificates


Title: RE: Certificates

Please create separate signing vs SSL certs.

 

And we also need 2 SSL server certs, one for each machine.  But it’s not because our IDP and SP are on different machines.  They’re not.  Our demo app and web access management product uses IIS on one machine, but our IDP and SP runs under WebLogic on another machine.  So we need SSL server certs for both.  Browsers will bounce back and forth between them during the exchanges.

 

Rob Philpott
Senior Consulting Engineer 
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com


From: Thomas Wisniewski [mailto:Thomas.Wisniewski@entrust.com]
Sent: Monday, January 31, 2005 4:34 PM
To: adam.dong@Sun.COM; Rich Salz
Cc: samldemotech
Subject: RE: Certificates

 

Rich, from my recollection of the meetings, you need a separate certs for the idp and sp (based on the host name).

As to whether you have one for signing and one for ssl (for the IDP and SP), it does not matter to me.

Note that the client cert is probably irrelevant since we are not using soap.

Tom.

-----Original Message-----
From: Xuesi Dong [mailto:adam.dong@Sun.COM]
Sent: Monday, January 31, 2005 3:57 PM
To: Rich Salz
Cc: samldemotech
Subject: Re: Certificates

 

See comment below.

thanks,
adam

 

Rich Salz wrote:
> I'm attaching a sample root certificate -- seem okay?
>
> I'm also confused as to how many certificates to create. SSL requires
> the CN to match the hostname, so there's at least one/device for
> everyone (i.e., in most cases two).
>
> The next question is do we have
>       an ssl client cert; and

No need for client cert.

>       an ssl server cert; and
>       a digital signature cert
> or
>       a single "omnibus" cert
>

so the question is two certs (one for ssl server, and one for signing)
or one cert (for both purpose).

before (in previous events) we had ssl cert and signing cert separate.

but either way is ok with me.

 

> If we use the "three certs" option, note that the DN's will say things like
>       O=DataPower SSLClient, CN=myxs.datapower.com
>       O=DataPower Signing, CN=myxs.datapower.com
>
> Right now the "omnibus" cert as the "omnibus" tag in the O field; I'll
> get rid of that.
>
> My plan is to create keys and mail out pkcs#12 files to folks, along
> with "PEM" files.  FYI, I am attaching samples of each kind of client
> cert (sslclient.pem, sslserver.pem, signing.pem, omnibus.pem) and a
> sample root cert (root.pem)
>
> I want to grind all these out tonite....  speak quickly. :)
>
>       /r$
>
>
>
>
>
> ------------------------------------------------------------------------
>
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 0 (0x0)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: O=SAML Demo, CN=CA
>         Validity
>             Not Before: Jan 31 20:17:54 2005 GMT
>             Not After : Jun 15 20:17:54 2006 GMT
>         Subject: O=SAML Demo, CN=CA
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (2048 bit)
>                 Modulus (2048 bit):
>                     00:b6:c5:66:3f:6d:fb:d4:64:98:bd:b6:fa:87:47:
>                     6b:29:21:0a:51:ce:7a:86:2d:a9:20:ff:51:4a:f6:
>                     56:49:69:a1:62:52:31:9b:35:4a:f4:68:5c:05:f3:
>                     6a:f7:e7:7c:2b:e4:7f:46:4e:cf:56:d7:e3:a7:74:
>                     79:28:e0:03:5a:8e:c8:80:6b:67:3f:cf:76:96:82:
>                     aa:96:4a:c1:1c:0f:7f:5a:71:c8:79:63:de:b0:d0:
>                     9d:0a:78:a7:d0:bf:d3:84:4d:88:58:8c:85:84:5d:
>                     df:2d:29:22:a9:bf:00:68:1e:7e:24:0c:a0:d3:99:
>                     66:51:29:3d:b2:78:f6:7f:4b:f2:61:17:04:c0:81:
>                     46:d4:16:a0:19:fc:d0:d2:01:88:31:b4:03:95:43:
>                     7d:38:a2:90:56:70:c8:bd:a9:0b:9a:15:4a:92:ad:
>                     69:bf:b1:1d:75:15:c3:4b:15:fc:e3:ec:0d:95:e7:
>                     1a:57:c4:5a:e6:62:99:6b:52:5b:ec:be:b6:44:e1:
>                     62:41:fc:40:2a:3c:68:b7:b8:cb:6f:7b:54:4c:71:
>                     92:49:ab:0a:a8:43:51:ef:c5:5c:7b:f6:e5:85:61:
>                     8b:f4:d2:97:8e:ec:e8:53:8b:0b:7c:3b:59:71:64:
>                     3a:d4:2b:10:5f:7e:ef:29:0b:c4:0c:2b:4e:f4:42:
>                     47:c5
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>             X509v3 Authority Key Identifier:
>                 keyid:BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
>             X509v3 Basic Constraints: critical
>                 CA:TRUE
>             X509v3 Key Usage: critical
>                 Certificate Sign, CRL Sign
>             Netscape Cert Type:
>                 SSL CA, S/MIME CA, Object Signing CA
>     Signature Algorithm: sha1WithRSAEncryption
>         46:11:a5:84:a3:7d:2b:1b:54:dd:e0:8b:8c:f3:b7:a0:e2:a0:
>         51:a6:c5:9d:b4:ab:6f:cd:5e:8c:f6:a3:a9:ba:c4:4d:df:9d:
>         4c:34:8d:d1:03:0c:99:2d:1d:3f:3f:8b:d7:97:f0:52:02:85:
>         a6:c4:f3:ab:2e:5f:8f:ab:79:46:3c:e9:9b:b5:0e:b6:47:fb:
>         8e:8d:26:65:00:ed:55:a5:32:89:bf:92:bb:19:58:f9:26:d4:
>         1c:75:2b:78:59:9a:3d:a6:23:c7:42:72:d3:58:56:c1:82:e3:
>         36:ef:63:aa:23:9f:a2:5c:ec:60:78:61:f4:b1:65:8c:5f:20:
>         f3:76:96:f0:dd:72:92:5e:d9:ca:34:76:9f:de:fc:a1:63:c3:
>         a5:30:c2:b8:ea:4e:3b:75:b8:46:0d:36:a4:7e:24:74:c4:0a:
>         02:1e:99:f7:f9:a3:9e:da:b1:85:37:41:ee:d3:3e:a3:93:d1:
>         cf:43:bd:cf:9c:8f:6e:c6:83:49:a7:03:3a:2e:5a:6b:3d:50:
>         ae:ef:f1:7f:6d:71:1e:87:9e:63:4d:f5:a2:36:1d:87:8f:0a:
>         08:f5:4f:e2:7e:fc:3c:8f:35:58:a5:15:29:dd:c0:82:8b:6e:
>         a0:e3:da:cd:07:4b:66:52:f3:5f:08:98:38:a2:72:8f:bb:68:
>         b7:b3:d6:29
> -----BEGIN CERTIFICATE-----
> MIIDMzCCAhugAwIBAgIBADANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
> IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDEzMTIwMTc1NFoXDTA2MDYxNTIwMTc1
> NFowITESMBAGA1UEChMJU0FNTCBEZW1vMQswCQYDVQQDEwJDQTCCASIwDQYJKoZI
> hvcNAQEBBQADggEPADCCAQoCggEBALbFZj9t+9RkmL22+odHaykhClHOeoYtqSD/
> UUr2VklpoWJSMZs1SvRoXAXzavfnfCvkf0ZOz1bX46d0eSjgA1qOyIBrZz/PdpaC
> qpZKwRwPf1pxyHlj3rDQnQp4p9C/04RNiFiMhYRd3y0pIqm/AGgefiQMoNOZZlEp
> PbJ49n9L8mEXBMCBRtQWoBn80NIBiDG0A5VDfTiikFZwyL2pC5oVSpKtab+xHXUV
> w0sV/OPsDZXnGlfEWuZimWtSW+y+tkThYkH8QCo8aLe4y297VExxkkmrCqhDUe/F
> XHv25YVhi/TSl47s6FOLC3w7WXFkOtQrEF9+7ykLxAwrTvRCR8UCAwEAAaN2MHQw
> HQYDVR0OBBYEFL43OCwpxM6GRqP7XPj4uHprKRYgMB8GA1UdIwQYMBaAFL43OCwp
> xM6GRqP7XPj4uHprKRYgMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
> MBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEARhGlhKN9KxtU
> 3eCLjPO3oOKgUabFnbSrb81ejPajqbrETd+dTDSN0QMMmS0dPz+L15fwUgKFpsTz
> qy5fj6t5Rjzpm7UOtkf7jo0mZQDtVaUyib+SuxlY+SbUHHUreFmaPaYjx0Jy01hW
> wYLjNu9jqiOfolzsYHhh9LFljF8g83aW8N1ykl7ZyjR2n978oWPDpTDCuOpOO3W4
> Rg02pH4kdMQKAh6Z9/mjntqxhTdB7tM+o5PRz0O9z5yPbsaDSacDOi5aaz1Qru/x
> f21xHoeeY031ojYdh48KCPVP4n78PI81WKUVKd3AgotuoOPazQdLZlLzXwiYOKJy
> j7tot7PWKQ==
> -----END CERTIFICATE-----
>
>
> ------------------------------------------------------------------------
>
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 4 (0x4)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: O=SAML Demo, CN=CA
>         Validity
>             Not Before: Jan 31 20:18:23 2005 GMT
>             Not After : Jan 31 20:18:23 2006 GMT
>         Subject: O=datapower omnibus, CN=mysp.datapower.com
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (1024 bit)
>                 Modulus (1024 bit):
>                     00:d8:27:5a:28:bc:16:51:e6:39:60:55:42:f1:ab:
>                     33:55:07:c0:fa:b9:ed:e5:02:1d:58:72:4b:bc:2a:
>                     3a:bc:54:a8:c2:cf:fd:23:4d:cc:0d:ff:0a:fa:27:
>                     9e:89:58:2e:82:c6:7f:6b:b1:40:4f:eb:d4:65:85:
>                     da:a6:17:28:54:7d:d5:2e:51:28:37:55:5b:f7:ea:
>                     8e:b6:d5:86:ad:fa:d9:d6:84:70:c3:86:28:63:b6:
>                     8f:3b:f6:ec:82:3e:43:06:21:43:72:2f:4e:83:7c:
>                     67:eb:5a:94:14:0d:2c:89:3c:1b:a9:12:0c:df:44:
>                     a8:55:de:f2:fc:72:c1:7f:0d
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 37:FE:1E:C0:6E:3B:81:DC:CC:8E:52:12:40:E3:60:B1:4A:E5:08:66
>             X509v3 Authority Key Identifier:
>                 keyid:BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
>             X509v3 Basic Constraints:
>                 CA:FALSE
>             X509v3 Key Usage: critical
>                 Digital Signature, Key Encipherment
>             Netscape Cert Type:
>                 SSL Client, SSL Server
>     Signature Algorithm: sha1WithRSAEncryption
>         0e:29:28:ae:04:50:46:65:11:e2:29:18:21:4f:dc:67:df:aa:
>         3a:0e:e9:df:94:97:64:1d:e5:19:d1:fb:db:2b:db:b3:17:99:
>         7c:b1:d0:eb:00:4c:62:3a:19:fe:27:0d:26:c7:ec:42:f9:6d:
>         23:28:64:09:0c:e5:32:a1:16:27:f3:a5:03:fc:59:b0:fa:5a:
>         19:21:54:58:6f:2c:55:7c:f1:66:16:0c:8a:d8:7a:2d:e3:84:
>         70:d8:a9:34:a0:6b:2b:af:ef:af:68:b6:3f:f1:e5:5c:c5:14:
>         9f:1b:3a:4f:73:82:30:fc:b4:e0:67:98:1f:6a:63:08:b4:5a:
>         30:88:5b:9a:11:c5:d4:b0:cc:df:f8:9e:29:c2:ab:cc:fa:90:
>         a8:70:f7:e5:cb:0c:81:33:f8:72:1e:10:54:47:04:89:f0:29:
>         f4:f9:98:39:1d:7d:6d:ee:a4:69:8c:5f:f3:10:6a:67:44:5f:
>         2d:3a:3b:a4:d8:a9:6c:b3:30:28:5e:6f:a9:4e:db:83:33:64:
>         d0:1c:45:6e:12:46:b7:cb:7f:26:59:1e:cd:fb:6f:38:1d:39:
>         16:d3:f6:66:9d:d2:8a:e8:36:10:9a:e0:44:66:d7:3e:3b:bf:
>         e9:f3:4d:a1:fe:58:0c:4e:fa:5c:65:18:cc:b4:58:4b:98:62:
>         b3:23:34:76
> -----BEGIN CERTIFICATE-----
> MIICwTCCAamgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
> IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDEzMTIwMTgyM1oXDTA2MDEzMTIwMTgy
> M1owOTEaMBgGA1UEChMRZGF0YXBvd2VyIG9tbmlidXMxGzAZBgNVBAMTEm15c3Au
> ZGF0YXBvd2VyLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2CdaKLwW
> UeY5YFVC8aszVQfA+rnt5QIdWHJLvCo6vFSows/9I03MDf8K+ieeiVgugsZ/a7FA
> T+vUZYXaphcoVH3VLlEoN1Vb9+qOttWGrfrZ1oRww4YoY7aPO/bsgj5DBiFDci9O
> g3xn61qUFA0siTwbqRIM30SoVd7y/HLBfw0CAwEAAaNwMG4wHQYDVR0OBBYEFDf+
> HsBuO4HczI5SEkDjYLFK5QhmMB8GA1UdIwQYMBaAFL43OCwpxM6GRqP7XPj4uHpr
> KRYgMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMBEGCWCGSAGG+EIBAQQEAwIG
> wDANBgkqhkiG9w0BAQUFAAOCAQEADikorgRQRmUR4ikYIU/cZ9+qOg7p35SXZB3l
> GdH72yvbsxeZfLHQ6wBMYjoZ/icNJsfsQvltIyhkCQzlMqEWJ/OlA/xZsPpaGSFU
> WG8sVXzxZhYMith6LeOEcNipNKBrK6/vr2i2P/HlXMUUnxs6T3OCMPy04GeYH2pj
> CLRaMIhbmhHF1LDM3/ieKcKrzPqQqHD35csMgTP4ch4QVEcEifAp9PmYOR19be6k
> aYxf8xBqZ0RfLTo7pNipbLMwKF5vqU7bgzNk0BxFbhJGt8t/JlkezftvOB05FtP2
> Zp3Siug2EJrgRGbXPju/6fNNof5YDE76XGUYzLRYS5hisyM0dg==
> -----END CERTIFICATE-----
>
>
> ------------------------------------------------------------------------
>
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 3 (0x3)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: O=SAML Demo, CN=CA
>         Validity
>             Not Before: Jan 31 20:18:20 2005 GMT
>             Not After : Jan 31 20:18:20 2006 GMT
>         Subject: O=datapower signing, CN=mysp.datapower.com
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (1024 bit)
>                 Modulus (1024 bit):
>                     00:bc:19:ee:96:90:03:af:d3:4c:7e:00:1c:8a:ab:
>                     85:f2:0a:66:92:73:1f:5c:c0:df:46:9c:ad:7d:ca:
>                     6d:dc:26:32:5f:07:c3:de:28:57:e0:e2:6a:b2:2b:
>                     48:75:8b:ef:78:1f:ca:ad:4d:a4:de:d0:05:c9:0b:
>                     04:f0:cd:f9:2d:9b:db:2a:9e:e5:f4:e5:c1:38:df:
>                     5a:9d:cd:6e:65:b1:24:24:c0:b7:06:69:b1:71:7d:
>                     74:6e:b3:97:d3:f9:b4:3f:f3:f9:31:7d:a7:56:a9:
>                     6e:fc:91:e7:25:2b:46:96:1c:33:d5:f3:ee:55:e9:
>                     b3:bc:75:33:7a:56:29:0b:e3
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 56:19:C0:97:2B:44:BD:DC:C5:2D:00:D2:9E:39:20:AC:DD:1A:60:BB
>             X509v3 Authority Key Identifier:
>                 keyid:BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
>             X509v3 Basic Constraints:
>                 CA:FALSE
>             X509v3 Key Usage:
>                 Digital Signature
>     Signature Algorithm: sha1WithRSAEncryption
>         34:33:2d:ee:f6:d5:05:62:00:e1:b0:6c:26:42:a8:e0:f4:96:
>         d0:15:45:3f:d3:40:9d:7b:65:8e:93:4a:d9:7d:38:ec:a0:bc:
>         3b:d5:a2:89:cc:bf:23:98:85:6c:2e:fe:2b:53:ab:ef:24:a6:
>         b3:40:7e:b2:17:56:47:af:a7:c7:39:f1:48:1c:f1:98:54:a8:
>         a6:b8:a9:98:37:dd:d9:3b:bf:b7:44:2e:94:4a:85:00:e4:2f:
>         2b:19:c8:44:81:2c:e4:b0:64:b6:47:12:fd:c2:b8:a9:5c:25:
>         7c:d1:31:9e:c9:55:0f:e6:3d:a8:e2:ff:43:5e:80:af:6e:6a:
>         1d:2f:50:56:a0:1e:cf:6c:0a:d8:89:af:2c:28:91:ab:3e:61:
>         1f:22:e4:65:ba:c8:cf:08:56:3c:d2:03:c4:3a:f7:f3:f4:a4:
>         20:df:cb:3e:d2:70:bf:a4:a2:f1:1b:59:51:6a:78:4f:61:6f:
>         10:27:fc:ae:6c:69:c3:a2:2f:7c:a2:f6:47:cc:4d:6b:12:99:
>         d0:3f:fc:d9:9e:8b:23:25:1c:f3:e5:35:b5:bc:a7:59:fa:1c:
>         78:49:25:28:7a:d5:e2:8e:c6:dd:d2:1c:e8:26:20:45:a6:e7:
>         bf:14:28:d2:e8:d0:58:d9:6d:2c:82:58:55:08:5e:27:9a:65:
>         bd:38:9e:6b
> -----BEGIN CERTIFICATE-----
> MIICqzCCAZOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
> IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDEzMTIwMTgyMFoXDTA2MDEzMTIwMTgy
> MFowOTEaMBgGA1UEChMRZGF0YXBvd2VyIHNpZ25pbmcxGzAZBgNVBAMTEm15c3Au
> ZGF0YXBvd2VyLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvBnulpAD
> r9NMfgAciquF8gpmknMfXMDfRpytfcpt3CYyXwfD3ihX4OJqsitIdYvveB/KrU2k
> 3tAFyQsE8M35LZvbKp7l9OXBON9anc1uZbEkJMC3BmmxcX10brOX0/m0P/P5MX2n
> Vqlu/JHnJStGlhwz1fPuVemzvHUzelYpC+MCAwEAAaNaMFgwHQYDVR0OBBYEFFYZ
> wJcrRL3cxS0A0p45IKzdGmC7MB8GA1UdIwQYMBaAFL43OCwpxM6GRqP7XPj4uHpr
> KRYgMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4IBAQA0
> My3u9tUFYgDhsGwmQqjg9JbQFUU/00Cde2WOk0rZfTjsoLw71aKJzL8jmIVsLv4r
> U6vvJKazQH6yF1ZHr6fHOfFIHPGYVKimuKmYN93ZO7+3RC6USoUA5C8rGchEgSzk
> sGS2RxL9wripXCV80TGeyVUP5j2o4v9DXoCvbmodL1BWoB7PbArYia8sKJGrPmEf
> IuRlusjPCFY80gPEOvfz9KQg38s+0nC/pKLxG1lRanhPYW8QJ/yubGnDoi98ovZH
> zE1rEpnQP/zZnosjJRzz5TW1vKdZ+hx4SSUoetXijsbd0hzoJiBFpue/FCjS6NBY
> 2W0sglhVCF4nmmW9OJ5r
> -----END CERTIFICATE-----
>
>
> ------------------------------------------------------------------------
>
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 2 (0x2)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: O=SAML Demo, CN=CA
>         Validity
>             Not Before: Jan 31 20:18:14 2005 GMT
>             Not After : Jan 31 20:18:14 2006 GMT
>         Subject: O=datapower sslclient, CN=mysp.datapower.com
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (1024 bit)
>                 Modulus (1024 bit):
>                     00:c2:9d:c0:a9:5b:99:ad:c5:51:fe:a2:57:c5:f5:
>                     b6:4f:e1:8e:15:46:ef:3a:41:b4:81:5e:56:90:64:
>                     b5:c6:64:d3:ec:4c:f3:ed:e3:55:23:20:31:38:2b:
>                     bc:79:c5:7b:55:6d:80:6e:d9:80:b0:d2:0d:6d:1b:
>                     72:64:0e:a1:78:84:33:75:15:11:f8:90:00:78:ad:
>                     91:4f:33:9c:9c:e4:2d:55:b2:08:59:76:59:48:7d:
>                     de:76:c8:a0:ad:25:bf:5e:1d:12:99:00:db:a3:3f:
>                     73:2d:3d:8d:8a:f0:fb:9b:81:3d:e6:18:c0:03:88:
>                     76:64:74:29:43:c8:4f:d0:c5
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 2D:32:8B:9D:74:0C:74:60:C3:69:49:3C:E6:2E:6E:D1:88:1E:ED:6C
>             X509v3 Authority Key Identifier:
>                 keyid:BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
>             X509v3 Key Usage: critical
>                 Digital Signature
>             Netscape Cert Type:
>                 SSL Client
>     Signature Algorithm: sha1WithRSAEncryption
>         b1:8e:d9:44:60:7d:b4:8c:21:40:b8:5f:82:7b:3f:1a:23:24:
>         e8:fb:25:33:a0:91:ab:c0:4b:c1:e5:5b:aa:d3:12:5f:d7:1c:
>         91:19:af:e0:1c:93:ff:00:92:00:eb:ad:00:f5:15:43:21:87:
>         5c:70:4d:b1:59:56:06:05:93:00:2e:27:3e:cf:47:ce:be:bd:
>         a0:fa:fa:09:2a:fd:8c:84:a4:9c:ff:2b:76:3e:12:e8:ef:f3:
>         f2:c1:d5:ba:2d:1f:e0:16:a9:31:f8:88:19:52:53:14:8b:51:
>         20:2f:75:e2:a5:ce:58:a0:f9:c3:3a:8e:26:7c:cf:6a:f3:a1:
>         61:8c:0f:b3:42:01:5d:ea:13:f3:df:af:66:0c:88:87:53:fc:
>         09:6e:8d:55:77:91:46:83:08:b6:20:0e:03:b3:c3:4b:9a:5d:
>         1f:9c:25:e9:93:45:c5:1e:b7:fe:02:cc:f8:a7:21:4e:b2:6b:
>         c8:75:af:10:91:80:31:b5:df:7c:0a:8c:c0:08:31:fa:36:9e:
>         c7:59:23:19:8a:80:52:2a:2f:64:cc:58:f0:e0:6c:bb:b5:49:
>         c5:62:5e:bd:a2:f4:bd:27:40:f7:0c:a8:24:8d:8e:eb:0d:fe:
>         29:3c:af:51:9b:c4:0b:4a:f5:d3:4a:6c:87:b8:6a:4f:dc:c1:
>         33:3c:d0:aa
> -----BEGIN CERTIFICATE-----
> MIICuDCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
> IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDEzMTIwMTgxNFoXDTA2MDEzMTIwMTgx
> NFowOzEcMBoGA1UEChMTZGF0YXBvd2VyIHNzbGNsaWVudDEbMBkGA1UEAxMSbXlz
> cC5kYXRhcG93ZXIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCncCp
> W5mtxVH+olfF9bZP4Y4VRu86QbSBXlaQZLXGZNPsTPPt41UjIDE4K7x5xXtVbYBu
> 2YCw0g1tG3JkDqF4hDN1FRH4kAB4rZFPM5yc5C1VsghZdllIfd52yKCtJb9eHRKZ
> ANujP3MtPY2K8PubgT3mGMADiHZkdClDyE/QxQIDAQABo2UwYzAdBgNVHQ4EFgQU
> LTKLnXQMdGDDaUk85i5u0Yge7WwwHwYDVR0jBBgwFoAUvjc4LCnEzoZGo/tc+Pi4
> emspFiAwDgYDVR0PAQH/BAQDAgeAMBEGCWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG
> 9w0BAQUFAAOCAQEAsY7ZRGB9tIwhQLhfgns/GiMk6PslM6CRq8BLweVbqtMSX9cc
> kRmv4ByT/wCSAOutAPUVQyGHXHBNsVlWBgWTAC4nPs9Hzr69oPr6CSr9jISknP8r
> dj4S6O/z8sHVui0f4BapMfiIGVJTFItRIC914qXOWKD5wzqOJnzPavOhYYwPs0IB
> XeoT89+vZgyIh1P8CW6NVXeRRoMItiAOA7PDS5pdH5wl6ZNFxR63/gLM+KchTrJr
> yHWvEJGAMbXffAqMwAgx+jaex1kjGYqAUiovZMxY8OBsu7VJxWJevaL0vSdA9wyo
> JI2O6w3+KTyvUZvEC0r100psh7hqT9zBMzzQqg==
> -----END CERTIFICATE-----
>
>
> ------------------------------------------------------------------------
>
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1 (0x1)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: O=SAML Demo, CN=CA
>         Validity
>             Not Before: Jan 31 20:18:11 2005 GMT
>             Not After : Jan 31 20:18:11 2006 GMT
>         Subject: O=datapower sslserver, CN=mysp.datapower.com
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (1024 bit)
>                 Modulus (1024 bit):
>                     00:9b:60:fb:c8:af:62:5d:24:ce:e7:bf:1b:01:86:
>                     24:74:ca:87:3c:fa:e0:a8:ab:e2:2a:b2:90:21:28:
>                     6b:f1:d4:29:cf:16:ef:28:32:83:4b:4b:b8:26:a0:
>                     95:9f:d5:58:43:62:9c:15:f0:f8:70:33:10:d6:f7:
>                     46:5a:0d:ae:9a:83:db:ab:a8:d4:2c:d4:a3:e1:75:
>                     13:fd:5f:86:7d:84:e6:ff:44:49:44:e5:00:36:e0:
>                     73:6a:86:f8:c3:59:55:da:41:92:ca:47:fe:29:b0:
>                     06:58:62:49:7a:a1:2e:20:11:c1:e4:60:d1:4e:3f:
>                     42:e4:05:e2:4e:0a:ae:a5:57
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 1D:22:0E:66:D9:10:FC:9F:4A:DE:BA:01:30:BB:29:AB:BA:E5:05:7F
>             X509v3 Authority Key Identifier:
>                 keyid:BE:37:38:2C:29:C4:CE:86:46:A3:FB:5C:F8:F8:B8:7A:6B:29:16:20
>
>             X509v3 Key Usage: critical
>                 Key Encipherment
>             Netscape Cert Type:
>                 SSL Server
>     Signature Algorithm: sha1WithRSAEncryption
>         8f:06:8d:a2:9f:95:c3:02:5f:0f:7f:1c:23:7e:81:4b:8f:cd:
>         40:27:6c:5c:94:7b:c2:46:67:7a:40:49:1c:8a:a3:b8:a7:85:
>         7d:92:33:56:3b:b7:1b:e9:c7:cb:f9:02:dd:b5:1c:43:fb:7c:
>         89:96:3f:a9:d0:1d:bb:97:0b:5a:1c:c1:d3:6c:02:e6:4a:52:
>         e6:87:19:19:b0:3b:26:5a:92:23:af:33:9d:9c:ce:3b:32:2e:
>         bb:2c:d3:cc:00:74:61:b1:67:ec:1b:3c:76:86:c0:1f:eb:a8:
>         db:66:30:e9:e4:c2:75:bc:f1:32:8f:73:4e:3f:54:ba:69:f7:
>         ce:f5:3b:a1:37:7e:db:af:6b:00:a4:22:56:17:82:ea:84:02:
>         bb:bd:ef:03:47:92:7e:23:b5:f8:a4:dc:40:a2:d1:48:45:6a:
>         63:71:02:77:29:f6:d5:d8:df:c5:d9:8b:ea:d3:9b:55:45:1d:
>         32:5b:1d:45:bb:07:3b:0f:fd:df:ec:97:6d:e9:9b:e9:78:10:
>         e7:9a:a1:04:2f:a7:43:4e:fc:2c:da:cd:6e:02:41:c2:39:ea:
>         62:31:af:fa:13:36:c3:cf:2b:0d:87:4b:61:1a:c5:d2:90:62:
>         89:16:40:fc:97:c3:a9:e7:8c:32:05:93:89:d4:6e:7a:71:77:
>         09:de:dc:10
> -----BEGIN CERTIFICATE-----
> MIICuDCCAaCgAwIBAgIBATANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
> IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDEzMTIwMTgxMVoXDTA2MDEzMTIwMTgx
> MVowOzEcMBoGA1UEChMTZGF0YXBvd2VyIHNzbHNlcnZlcjEbMBkGA1UEAxMSbXlz
> cC5kYXRhcG93ZXIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbYPvI
> r2JdJM7nvxsBhiR0yoc8+uCoq+IqspAhKGvx1CnPFu8oMoNLS7gmoJWf1VhDYpwV
> 8PhwMxDW90ZaDa6ag9urqNQs1KPhdRP9X4Z9hOb/RElE5QA24HNqhvjDWVXaQZLK
> R/4psAZYYkl6oS4gEcHkYNFOP0LkBeJOCq6lVwIDAQABo2UwYzAdBgNVHQ4EFgQU
> HSIOZtkQ/J9K3roBMLspq7rlBX8wHwYDVR0jBBgwFoAUvjc4LCnEzoZGo/tc+Pi4
> emspFiAwDgYDVR0PAQH/BAQDAgUgMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG
> 9w0BAQUFAAOCAQEAjwaNop+VwwJfD38cI36BS4/NQCdsXJR7wkZnekBJHIqjuKeF
> fZIzVju3G+nHy/kC3bUcQ/t8iZY/qdAdu5cLWhzB02wC5kpS5ocZGbA7JlqSI68z
> nZzOOzIuuyzTzAB0YbFn7Bs8dobAH+uo22Yw6eTCdbzxMo9zTj9Uumn3zvU7oTd+
> 269rAKQiVheC6oQCu73vA0eSfiO1+KTcQKLRSEVqY3ECdyn21djfxdmL6tObVUUd
> MlsdRbsHOw/93+yXbemb6XgQ55qhBC+nQ078LNrNbgJBwjnqYjGv+hM2w88rDYdL
> YRrF0pBiiRZA/JfDqeeMMgWTidRuenF3Cd7cEA==
> -----END CERTIFICATE-----



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]