Mind Dump, Tech And Life Blog
written by Ivan Alenko
published under license Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)copy! share!
posted at 21. Apr '18

Generovanie self-signed certifikátu (dlhé a kompletné)

Vytvorené Streda 12 február 2014

Namiesto openssl sa bude používať certtool z GNU TLS. Self-signed certifikát. Self-signed certifikát nie je v prehliadači platný, pokiaľ sa neimportuje do neho náš certifikát CA. No, root certifikát som generoval asi na tri krát a prvý webserverový asi päť krát, kým to všetko išlo ako malo. Aj preto je tu kopa výpisov.

apt-get install gnutls-bin

Kroky:

  • vygenerovať súkromný kľúč pre certifikačnú autoritu
  • vygenerovať súkromný kľúč pre web server
  • vygenerovať certifikát certifikačnej autority
  • vygenerovať žiadosť o podpísanie certifikátu web serveru
  • vygenerovať certifikát pre web server
  • overiť

Generovanie súkromného kľúča

certtool --generate-privkey --outfile root_key.pem --rsa --hash=sha512 --password=xxxx

Certifikát CA

badboy@toobad:~/server/certifikaty$ certtool --generate-self-signed --load-privkey root_key.pem --outfile ca.myrtana.cert
Generating a self signed certificate...
Enter password: 
Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.
Common name: myrtana.sk CA ;-)
UID: 
Organizational unit name: lounging on the sofa
Organization name: myrtana.sk
Locality name: The Internet
State or province name: Slovakia
Country name (2 chars): SK
Enter the subject's domain component (DC): 
This field should not be used in new certificates.
E-mail: 
Enter the certificate's serial number in decimal (default: 1392176566): 


Activation/Expiration time.
The certificate will expire in (days): 3650


Extensions.
Does the certificate belong to an authority? (y/N): y
Path length constraint (decimal, -1 for no constraint): 
Is this a TLS web client certificate? (y/N): y
Will the certificate be used for IPsec IKE operations? (y/N): n
Is this a TLS web server certificate? (y/N): y
Enter a dnsName of the subject of the certificate: 
Enter a URI of the subject of the certificate: 
Enter the IP address of the subject of the certificate: 
Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n): y
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): y
Will the certificate be used to sign other certificates? (y/N): y
Will the certificate be used to sign CRLs? (y/N): y
Will the certificate be used to sign code? (y/N): y
Will the certificate be used to sign OCSP requests? (y/N): y
Will the certificate be used for time stamping? (y/N): y
Enter the URI of the CRL distribution point: http://myrtana.sk/certs/crl
X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 52faedb6
        Validity:
                Not Before: Wed Feb 12 03:42:47 UTC 2014
                Not After: Sat Feb 10 03:43:06 UTC 2024
        Subject: CN=myrtana.sk CA \;-),OU=lounging on the sofa,O=myrtana.sk,L=The Internet,ST=Slovakia,C=SK
        Subject Public Key Algorithm: RSA
        Algorithm Security Level: Normal (2432 bits)
                Modulus (bits 2432):
                        00:cc:65:e0:4b:9f:49:bf:0d:09:28:a0:8c:90:ce:1d
                        8b:80:cf:ea:e4:f4:e9:92:ba:4a:6e:f6:f7:9a:2f:8a
                        2a:fb:84:98:a3:80:c2:59:8a:ca:c5:3d:13:b2:08:e5
                        60:02:32:d7:0c:85:db:92:1d:a2:12:61:f1:e6:59:a4
                        75:0f:51:9e:9a:88:3a:c9:d6:05:a7:b0:ad:c4:19:69
                        3b:b7:de:38:e7:63:88:ef:86:91:a6:df:2a:44:38:7b
                        5f:da:7f:ef:be:31:cc:93:7d:91:ef:e4:d3:12:b8:a0
                        5a:be:79:64:92:51:5d:94:eb:e9:08:77:a0:01:ba:1e
                        b2:00:df:1e:6d:b2:4c:40:a0:8a:68:d0:f5:e5:d0:d0
                        54:db:33:7d:f6:fa:83:d0:94:ac:54:84:7a:43:ab:81
                        b9:eb:08:34:f5:a9:9c:09:5a:48:fe:2f:56:90:2d:38
                        11:69:cb:8d:63:3c:1b:09:87:b4:30:5a:e0:3a:0f:66
                        4e:40:f0:be:5d:0c:15:17:9d:c4:ad:dc:d2:ec:32:a2
                        56:bb:ca:d4:50:9f:6d:6b:4c:84:25:0c:68:32:66:2f
                        69:57:20:93:ea:c7:a4:21:97:22:00:31:f4:d1:a5:47
                        79:63:44:d6:78:0c:e8:cd:65:b7:27:59:f9:c9:aa:bc
                        d9:21:ad:1b:df:6e:4c:a6:7f:e5:f6:fe:98:f8:46:78
                        05:4e:38:98:59:69:22:da:95:de:ea:31:ba:2f:38:e6
                        15:2f:b3:05:c8:33:18:a3:57:24:61:37:0b:3c:69:72
                        11
                Exponent (bits 24):
                        01:00:01
        Extensions:
                Basic Constraints (critical):
                        Certificate Authority (CA): TRUE
                Key Purpose (not critical):
                        TLS WWW Client.
                        TLS WWW Server.
                        Code signing.
                        OCSP signing.
                        Time stamping.
                Key Usage (critical):
                        Digital signature.
                        Key encipherment.
                        Certificate signing.
                        CRL signing.
                Subject Key Identifier (not critical):
                        f26c3005c389b3e0d2cdf8c71183247be3b70df8
                CRL Distribution points (not critical):
                        URI: http://myrtana.sk/certs/crl
Other Information:
        Public Key ID:
                f26c3005c389b3e0d2cdf8c71183247be3b70df8
        Public key's random art:
                +--[ RSA 2432]----+
                |  ...+o.         |
                |  .o+ =o         |
                | o.=oo o.        |
                |. +o+o..         |
                | . .o.*.S        |
                |    .ooX         |
                |     .E =        |
                |       .         |
                |                 |
                +-----------------+

Is the above information ok? (y/N): y


Signing certificate...

Sekcia Key Usage je sakra dôležitá, inak bude prehliadač odmietať certifikát. Ja som zabudol Digital signature (voľba signing (DHE…)) a potom napise Firefox toto:

Zabezpečené pripojenie zlyhalo

Pri pripájaní k piwik.myrtana.sk sa vyskytla chyba. Typ certifikátu nie je pre aplikáciu schválený. (Kód chyby: sec_error_inadequate_cert_type)

Podľa súdruhov zo stackoverflow.com treba povolit v rozšíreniach:

Your key usage and extended key usages are clearly not for a TLS server:

            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Key Usage:
                Digital Signature

For a web server you'd obviously want the "TLS Web Server Authentication" extended key usage.

For the key usage, it's less obvious, but you'd want the Key Encipherment too.

Generate a private key for Nginx

Ďalší súkromný kľúč, dajme tomu bez hesla:

badboy@toobad:~/server/certifikaty$ certtool --generate-privkey --outfile nginx2.pem --rsa --hash=sha512
Generating a 2432 bit RSA private key...

Generate a certificate request (CSR)

badboy@toobad:~/server/certifikaty$ certtool --generate-request --load-privkey nginx2.pem --outfile webmail.myrtana.sk.csr
Generating a PKCS #10 certificate request...
Common name: webmail.myrtana.sk
Organizational unit name: lounging on the sofa
Organization name: myrtana.sk
Locality name: The Internet
State or province name: Slovakia
Country name (2 chars): SK
Enter the subject's domain component (DC): 
UID: 
Enter a dnsName of the subject of the certificate: 
Enter a URI of the subject of the certificate: 
Enter the IP address of the subject of the certificate: 
Enter the e-mail of the subject of the certificate: 
Enter a challenge password: 
Does the certificate belong to an authority? (y/N): n
Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n): y
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): y
Is this a TLS web client certificate? (y/N): y
Is this a TLS web server certificate? (y/N): y

Generate certificate for a domain

Generate certificate from certificate request and sign it with CA key.

badboy@toobad:~/server/certifikaty$ certtool --generate-certificate --load-request webmail.myrtana.sk.csr --load-ca-certificate ca.myrtana.cert --load-ca-privkey root_key.pem --outfile webmail.myrtana.sk.cert
Generating a signed certificate...
Enter password: 
Enter the certificate's serial number in decimal (default: 1392177878): 


Activation/Expiration time.
The certificate will expire in (days): 1095


Extensions.
Do you want to honour the extensions from the request? (y/N): 
Does the certificate belong to an authority? (y/N): n
Is this a TLS web client certificate? (y/N): y
Will the certificate be used for IPsec IKE operations? (y/N): n
Is this a TLS web server certificate? (y/N): y
Enter a dnsName of the subject of the certificate: 
Enter a URI of the subject of the certificate: 
Enter the IP address of the subject of the certificate: 
Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n): y
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): y
X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 52faf2d6
        Validity:
                Not Before: Wed Feb 12 04:04:39 UTC 2014
                Not After: Sat Feb 11 04:04:43 UTC 2017
        Subject: CN=webmail.myrtana.sk,OU=lounging on the sofa,O=myrtana.sk,L=The Internet,ST=Slovakia,C=SK
        Subject Public Key Algorithm: RSA
        Algorithm Security Level: Normal (2432 bits)
                Modulus (bits 2432):
                        00:f6:ec:53:6b:83:3c:51:a8:7f:85:16:0d:70:d3:82
                        17:f8:28:38:36:7a:41:a2:c9:33:3e:6e:32:36:9f:97
                        c3:5f:aa:ec:16:9e:72:b3:41:d6:b6:f1:0c:98:f5:0e
                        ae:c6:7e:9d:e2:fd:f7:cc:48:98:8b:7f:1a:04:08:3e
                        6b:18:84:99:51:15:bc:48:e7:37:20:2c:df:a4:38:ef
                        de:32:92:a8:f9:83:fe:75:d7:96:7f:64:67:94:ae:46
                        3a:4e:a1:b2:2b:9c:ec:f1:ca:96:4a:95:1c:3f:1b:d6
                        6b:a4:33:27:43:95:a6:52:d8:d3:aa:e3:36:c5:4f:a3
                        19:16:f0:b4:6a:12:41:81:a6:68:e3:c1:d1:32:48:5a
                        19:d9:d3:ce:1f:0a:cd:f2:47:23:24:93:b3:d7:40:6a
                        68:9f:a1:03:a9:0b:e2:3c:f2:f3:df:eb:03:8b:6b:ea
                        fd:0f:a1:4f:11:ef:ac:5b:73:b5:28:58:cf:52:47:f6
                        d3:f2:db:f8:51:ea:b2:0b:e5:fa:cb:f1:69:52:ae:53
                        21:a2:15:49:b0:a8:33:e4:05:52:c2:fa:c9:93:50:a6
                        62:9c:a3:9f:3d:94:87:4d:d3:35:0a:74:b8:46:cb:d7
                        8c:67:76:b1:b8:be:f4:3c:cf:3d:ec:f7:fa:39:f6:f8
                        29:f7:80:6d:18:6f:50:3d:99:ef:8e:4d:ed:99:da:9e
                        9e:c4:06:37:bf:63:ef:87:da:27:0d:00:91:17:01:30
                        b0:ff:d4:6e:47:a9:78:a7:3f:d0:4e:97:38:8a:70:0d
                        6d
                Exponent (bits 24):
                        01:00:01
        Extensions:
                Basic Constraints (critical):
                        Certificate Authority (CA): FALSE
                Key Purpose (not critical):
                        TLS WWW Client.
                        TLS WWW Server.
                Key Usage (critical):
                        Digital signature.
                        Key encipherment.
                Subject Key Identifier (not critical):
                        b0a46a76ab81919292a3926e6eac6c14bbfcdbf7
                Authority Key Identifier (not critical):
                        f26c3005c389b3e0d2cdf8c71183247be3b70df8
                CRL Distribution points (not critical):
                        URI: http://myrtana.sk/certs/crl
Other Information:
        Public Key ID:
                b0a46a76ab81919292a3926e6eac6c14bbfcdbf7
        Public key's random art:
                +--[ RSA 2432]----+
                |                 |
                |                 |
                |      o          |
                | =   o o         |
                |O o . . S        |
                |+B .             |
                |O * .            |
                |+X o.. .         |
                |B+o+o.. .E       |
                +-----------------+

Is the above information ok? (y/N): y


Signing certificate...

Firefox, Curl a Iron/Chromium idú

Overenie

Cez curl

Curl odmieta pripojenie, ak je certifikát nesprávny. Takže ak vypíše nejaké HTML, ide to.

curl --cacert ca.myrtana.cert https://piwik.myrtana.sk
<!DOCTYPE html>
<!--[if lt IE 9 ]>
<html class="old-ie"> <![endif]-->
<!--[if (gte IE 9)|!(IE)]><!-->
<html><!--<![endif]-->
.....

Cez OpenSSL

openssl verify -verbose -purpose any -CAfile ./trusted_certs.pem ./myserver.mydomain.cert

V podrobnostiach o certifikáte môže byť pár iných vecí, lebo toto je jeden z pokusov.

badboy@toobad:~/server/certifikaty$ openssl s_client -CAfile ca.myrtana.cert -connect piwik.myrtana.sk:443
CONNECTED(00000003)
depth=1 CN = "Myrtana.sk CA ;-)", UID = ronon, OU = lounging on the sofa, O = myrtana.sk, L = The Internet, ST = Slovakia, C = SK, DC = myrtana.sk
verify return:1
depth=0 CN = piwik.myrtana.sk, OU = lounging on the sofa, O = myrtana.sk, L = The Internet, ST = Slovakia, C = SK, DC = myrtana.sk, UID = ronon
verify return:1
---
Certificate chain
 0 s:/CN=piwik.myrtana.sk/OU=lounging on the sofa/O=myrtana.sk/L=The Internet/ST=Slovakia/C=SK/DC=myrtana.sk/UID=ronon
   i:/CN=Myrtana.sk CA ;-)/UID=ronon/OU=lounging on the sofa/O=myrtana.sk/L=The Internet/ST=Slovakia/C=SK/DC=myrtana.sk
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFMjCCA+qgAwIBAgIEUvrfnjANBgkqhkiG9w0BAQsFADCBujEaMBgGA1UEAwwR
TXlydGFuYS5zayBDQSA7LSkxFTATBgoJkiaJk/IsZAEBEwVyb25vbjEdMBsGA1UE
CxMUbG91bmdpbmcgb24gdGhlIHNvZmExEzARBgNVBAoTCm15cnRhbmEuc2sxFTAT
BgNVBAcTDFRoZSBJbnRlcm5ldDERMA8GA1UECBMIU2xvdmFraWExCzAJBgNVBAYT
AlNLMRowGAYKCZImiZPyLGQBGRYKbXlydGFuYS5zazAiGA8yMDE0MDIxMjAyNDI0
MFoYDzIwMTcwMjExMDI0MjQzWjCBuTEZMBcGA1UEAxMQcGl3aWsubXlydGFuYS5z
azEdMBsGA1UECxMUbG91bmdpbmcgb24gdGhlIHNvZmExEzARBgNVBAoTCm15cnRh
bmEuc2sxFTATBgNVBAcTDFRoZSBJbnRlcm5ldDERMA8GA1UECBMIU2xvdmFraWEx
CzAJBgNVBAYTAlNLMRowGAYKCZImiZPyLGQBGRYKbXlydGFuYS5zazEVMBMGCgmS
JomT8ixkAQETBXJvbm9uMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEA
x6lLgyUWzEVMWmdzgidWneThrwD1lSvj352d0ygeuoALg5LT2Tim2l6+L1cGp35f
JUxzldJZ/eMDa5wo40k8rQpDI6QtR4Ba4GDxuDqmoN8ZZnouY1fW8aPBMDWS2+/G
SsfJK0i6x1Z+CYVQ+1+MRvPSsn7WfI1MectIrH3ZWfoDbGNqjFdhz9pr0Yj0z5OZ
kXXTS/crxTxfDEc2KvX3ijj5guUHa2S2eHqgAeqwKicAee41gTD+7AT4rzZR8s1I
gJTtv66QCgTm4eEOI2qmoLxdZFfeVhAwkpJgExlGn37+jZWf+u/z9iTU5UyFkxJi
4ixCelyXhkmqIeU2SzE2Tlnnz+3N9agVtnzo0LK2piKN8b3ljKMUS7nx3gpnCDpc
T3oz+Di4MwmgxTAwBbNx/wIDAQABo4HaMIHXMBkGA1UdEQQSMBCCDm5zMS5teXJ0
YW5hLnNrMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwegADAxBgNVHSUE
KjAoBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNV
HQ4EFgQUloM4mfvNlY/kUXH2XRVp3dp1Fi4wHwYDVR0jBBgwFoAUhFbsZoeNpc9F
euOmaSkS51Z1LE0wJQYDVR0fBB4wHDAaoBigFoYUbXlydGFuYS5zay9jZXJ0cy9j
cmwwDQYJKoZIhvcNAQELBQADggExALfY292yw9EKq1CPnMv6FNgWACA3zs9eBVwM
W7ynlyIvuaW05rJ2iVsG0Zz2qCKsWIUDEDDaR/mUbIbjGLCwO0jYjDWDcPiu/WBK
AdUTIsgyI+7pUTyOSbY+KV3QHs7+WeOutspxZjh1z5KfGRb11MNHd173MGrAttm+
F4voksuNZdtrFcaWmnBTwOzeAMcVrWtF7p8YSA0aygvDMpTWQ0JzRtQn03nCZoj5
VEIc8M7MrdyS6RjqTaXj0MdFCf3lldU50rBMbrTyKWK9fpGZIJGuJF0SviGKXqAl
Q7Ejsw6X3Tr2CYTK178al5iNUgoggD4dWvrmGw/6CXR6/SQ+wkuw/DMhurtA1pDx
2pfyCZgq7y8OwM4WW1/8SUay4/BzS4f9GYnmsz3IjfSSTwr6cZg=
-----END CERTIFICATE-----
subject=/CN=piwik.myrtana.sk/OU=lounging on the sofa/O=myrtana.sk/L=The Internet/ST=Slovakia/C=SK/DC=myrtana.sk/UID=ronon
issuer=/CN=Myrtana.sk CA ;-)/UID=ronon/OU=lounging on the sofa/O=myrtana.sk/L=The Internet/ST=Slovakia/C=SK/DC=myrtana.sk
---
No client certificate CA names sent
---
SSL handshake has read 2047 bytes and written 451 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2432 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: 6F4D37C818C904B30B4160C081E77723F0E7803CE01BBE70D263295D4891C25C
    Session-ID-ctx: 
    Master-Key: B1766EAE84372F37374EAB66E693AA4941ABF4D5A5994C79F2B8F2112616F874EC283411319F47F66B563617F873CCEA
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - d3 4d 69 84 c1 d3 b0 53-58 5b f6 2c 3e 49 90 1c   .Mi....SX[.,>I..
    0010 - 63 7c 9b f6 65 4b f0 4a-33 8b fc 26 c2 59 83 d5   c|..eK.J3..&.Y..
    0020 - 9f 5a 34 a9 cc ab ea ff-d6 3c d2 cd eb 28 2a e8   .Z4......<...(*.
    0030 - ad f2 cd 8b 1a 7e 52 cf-18 2e 9a 52 4e 44 e3 a0   .....~R....RND..
    0040 - 36 96 e3 e4 0b aa ba 9e-88 87 af a1 f8 c8 e2 8d   6...............
    0050 - 3d b8 dc e8 8e 33 b4 48-1f 36 b6 48 bc 95 ff f1   =....3.H.6.H....
    0060 - fa 4c 74 6d c0 20 55 98-bf b8 0f 06 6f 2e 5f 84   .Ltm. U.....o._.
    0070 - ba f3 a5 1c e2 ab 8c 5d-66 57 4f 5a d5 6a 07 83   .......]fWOZ.j..
    0080 - d9 74 b6 78 a2 e8 03 1c-68 93 c9 f1 d2 98 b2 85   .t.x....h.......
    0090 - 73 91 5b 28 f8 51 cd a5-df 8f ed cb 09 ec 85 3f   s.[(.Q.........?

    Start Time: 1392175202
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
^[[Bread:errno=0

Nenastavovať dnsName

To dnsName netreba nastavovať.-..ideálne, lebo môže písať not OK. Tak som sa dočítal na stackoverflow.

root@starz:~# curl --cacert ca.myrtana.cert https://piwik.myrtana.sk --verbose
• About to connect() to piwik.myrtana.sk port 443 (#0)
• Trying 37.205.11.69...
• connected
• Connected to piwik.myrtana.sk (37.205.11.69) port 443 (#0)
• successfully set certificate verify locations:
• CAfile: ca.myrtana.cert
  CApath: /etc/ssl/certs
• SSLv3, TLS handshake, Client hello (1):
• SSLv3, TLS handshake, Server hello (2):
• SSLv3, TLS handshake, CERT (11):
• SSLv3, TLS handshake, Server key exchange (12):
• SSLv3, TLS handshake, Server finished (14):
• SSLv3, TLS handshake, Client key exchange (16):
• SSLv3, TLS change cipher, Client hello (1):
• SSLv3, TLS handshake, Finished (20):
• SSLv3, TLS change cipher, Client hello (1):
• SSLv3, TLS handshake, Finished (20):
• SSL connection using ECDHE-RSA-AES256-SHA
• Server certificate:
• subject: CN=piwik.myrtana.sk; OU=lounging on the sofa; O=myrtana.sk; L=The Internet; ST=Slovakia; C=SK; DC=myrtana.sk; UID=ronon
• start date: CN=piwik.myrtana.sk; OU=lounging on the sofa; O=myrtana.sk; L=The Internet; ST=Slovakia; C=SK; DC=myrtana.sk; UID=ronon
• expire date: CN=piwik.myrtana.sk; OU=lounging on the sofa; O=myrtana.sk; L=The Internet; ST=Slovakia; C=SK; DC=myrtana.sk; UID=ronon
• subjectAltName does not match piwik.myrtana.sk
• Closing connection #0
• SSLv3, TLS alert, Client hello (1):
• SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK

Kontrola reťazca certifikátu

Cerfifikáty sa reťazia, aby sa oddelili pre rôzne typy. Je vhodné konečný certifikát vytvoriť zreťazením celej cesty až po CA certifikát. Stačí na to cat na public certifikát CA a web servera.

openssl s_client -connect www.godaddy.com:443
...
Certificate chain
 0 s:/C=US/ST=Arizona/L=Scottsdale/1.3.6.1.4.1.311.60.2.1.3=US
     /1.3.6.1.4.1.311.60.2.1.2=AZ/O=GoDaddy.com, Inc
     /OU=MIS Department/CN=www.GoDaddy.com
     /serialNumber=0796928-7/2.5.4.15=V1.0, Clause 5.(b)
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc.
     /OU=http://certificates.godaddy.com/repository
     /CN=Go Daddy Secure Certification Authority
     /serialNumber=07969287
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc.
     /OU=http://certificates.godaddy.com/repository
     /CN=Go Daddy Secure Certification Authority
     /serialNumber=07969287
   i:/C=US/O=The Go Daddy Group, Inc.
     /OU=Go Daddy Class 2 Certification Authority
 2 s:/C=US/O=The Go Daddy Group, Inc.
     /OU=Go Daddy Class 2 Certification Authority
   i:/L=ValiCert Validation Network/O=ValiCert, Inc.
     /OU=ValiCert Class 2 Policy Validation Authority
     /CN=http://www.valicert.com//emailAddress=info@valicert.com
...

Add Comment