The certificate is received in ASN.1 DER format. Not PEM.
The only thing I want to do is verify the signature of the certificate, and
thus verify the signature itself.
It is self-signed so the public key in the certificate should be used to
verify the signature, but it isn't working.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3593335860 (0xd62df434)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=NL1SPF002
Validity
Not Before: Nov 13 12:51:00 2013 GMT
Not After : Nov 13 12:51:00 2014 GMT
Subject: CN=NL1SPF002
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c7:42:a0:7f:ff:a8:1f:65:a0:39:dc:63:d9:8b:
09:7c:f2:d3:59:6d:84:a6:4b:1f:05:de:30:1b:6b:
fa:42:b0:86:8c:88:75:9f:a9:57:5b:b2:6e:e6:60:
79:d7:12:1e:22:1b:91:18:d5:93:41:80:28:2c:4d:
f7:d5:46:a6:3e:9d:55:e1:a2:89:86:ed:dc:88:9d:
1b:de:b8:f2:03:5a:56:5b:0e:cb:97:3d:b1:32:74:
6a:a8:3b:24:6c:45:e7:1a:69:eb:2c:ef:d7:fd:c1:
4c:60:2a:6d:ba:4b:a3:34:3c:d6:56:4a:3e:ca:32:
cd:6c:5c:47:a1:05:e6:e7:8d
Exponent: 3 (0x3)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage:
Digital Signature, Certificate Sign
X509v3 Extended Key Usage:
Trust Root
Signature Algorithm: sha1WithRSAEncryption
c2:3a:8d:8e:2c:a2:b5:46:7f:cf:05:e2:01:38:c7:df:6f:6e:
5f:4e:e1:94:42:65:5a:67:bb:21:48:fe:e1:fc:eb:ab:be:b2:
34:65:ac:99:2e:2f:53:20:87:ec:a5:0a:14:5d:3a:08:dc:2b:
f2:1c:9e:46:f0:b3:e9:f9:26:fc:6e:12:bd:bf:95:4f:e7:bc:
11:ce:7c:22:05:b3:c7:28:e8:e9:67:a5:05:1b:a0:47:c0:e1:
dc:b2:d1:96:9d:46:90:97:66:c0:26:0f:88:90:a2:d1:6f:88:
bb:cb:fe:f4:bb:a1:90:99:ab:82:a4:87:27:95:80:27:a4:59:
69:87
DER format:
30 82 01 d6 30 82 01 3f a0 03 02 01 02 02 05 00 d6 2d f4 34 30 0d 06 09 2a
86 48 86 f7 0d 01 01 05 05 00 30 14 31 12 30 10 06 03 55 04 03 13 09 4e 4c
31 53 50 46 30 30 32 30 1e 17 0d 31 33 31 31 31 33 31 32 35 31 30 30 5a 17
0d 31 34 31 31 31 33 31 32 35 31 30 30 5a 30 14 31 12 30 10 06 03 55 04 03
13 09 4e 4c 31 53 50 46 30 30 32 30 81 9d 30 0d 06 09 2a 86 48 86 f7 0d 01
01 01 05 00 03 81 8b 00 30 81 87 02 81 81 00 c7 42 a0 7f ff a8 1f 65 a0 39
dc 63 d9 8b 09 7c f2 d3 59 6d 84 a6 4b 1f 05 de 30 1b 6b fa 42 b0 86 8c 88
75 9f a9 57 5b b2 6e e6 60 79 d7 12 1e 22 1b 91 18 d5 93 41 80 28 2c 4d f7
d5 46 a6 3e 9d 55 e1 a2 89 86 ed dc 88 9d 1b de b8 f2 03 5a 56 5b 0e cb 97
3d b1 32 74 6a a8 3b 24 6c 45 e7 1a 69 eb 2c ef d7 fd c1 4c 60 2a 6d ba 4b
a3 34 3c d6 56 4a 3e ca 32 cd 6c 5c 47 a1 05 e6 e7 8d 02 01 03 a3 36 30 34
30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 0b 06 03 55 1d 0f 04
04 03 02 02 84 30 14 06 03 55 1d 25 04 0d 30 0b 06 09 2b 06 01 05 05 07 30
01 0b 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 c2 3a 8d 8e
2c a2 b5 46 7f cf 05 e2 01 38 c7 df 6f 6e 5f 4e e1 94 42 65 5a 67 bb 21 48
fe e1 fc eb ab be b2 34 65 ac 99 2e 2f 53 20 87 ec a5 0a 14 5d 3a 08 dc 2b
f2 1c 9e 46 f0 b3 e9 f9 26 fc 6e 12 bd bf 95 4f e7 bc 11 ce 7c 22 05 b3 c7
28 e8 e9 67 a5 05 1b a0 47 c0 e1 dc b2 d1 96 9d 46 90 97 66 c0 26 0f 88 90
a2 d1 6f 88 bb cb fe f4 bb a1 90 99 ab 82 a4 87 27 95 80 27 a4 59 69 87
On Wed, Nov 27, 2013 at 3:45 PM, Salz, Rich <rs...@akamai.com> wrote:
> NID is an internal openssl implementation detail; X509 data structures
> have OID’s.
>
>
>
> Post the PEM of the cert.
>
>
>
> /r$
>
>
>
> --
>
> Principal Security Engineer
>
> Akamai Technology
>
> Cambridge, MA
>
>
>
