> -----BEGIN CERTIFICATE-----
> MIIBSzCB/AIEN5gYKTAHBgUrDgMCAzAeMQswCQYDVQQGEwJQTDEPMA0GA1UEChMG
> b2ktd2JkMCYXETAwMDYxMzA5NTQwMy0wMTAwFxEwMTEyMTQwOTU0MDMtMDEwMDBI
> MQ8wDQYDVQQDEwZrdXJzMTAxEzARBgNVBAMTCnJlY2lwaWVudHMxDzANBgNVBAsT
> Bm9pLXdiZDEPMA0GA1UEChMGb2ktd2JkMFkwCwYJKoZIhvcNAQEBA0oAMEcCQN+q
> oPQMo4U+aULJjaw/EldK21DLJj+Z4KkiEWbNHpWcNO+8ZoTf4/c8YvawfSD+iTtS
> hG/dIeCZwYeh4/4bFMMCAwEAATAHBgUrDgMCAwNBAIUwzaEwGZVC98cd+Bu/DsYv
> 9YAF7QQHPDSWyARgOqMzkGXJUCfBT3MWY8ir5pFxSnoJiOCtOiqE+UMPv+8tRhw=
> -----END CERTIFICATE-----
The actual value of the modulus in that cert is:
DF AA A0 F4 0C A3 85 3E 69 42 C9 8D AC 3F 12 57
4A DB 50 CB 26 3F 99 E0 A9 22 11 66 CD 1E 95 9C
34 EF BC 66 84 DF E3 F7 3C 62 F6 B0 7D 20 FE 89
3B 52 84 6F DD 21 E0 99 C1 87 A1 E3 FE 1B 14 C3
The value is not encoded properly in the cert; because the high bit is set
it is supposed to have a leading zero byte. Technically it is specifying
a negative number, which is the value you were seeing from openssl.
Most cert parsing programs are aware of this bug and know that moduli
and such will always be positive numbers. Maybe there is some way to
configure your openssl to know that.
