Hello list,
For the past 6 hours, I have not made any iota of progress towards getting this
to work. The certificate chain is Root CA > Intermediate CA > Client and Server
cert. The openssl x509 -text outputs for the CA's are included in E-Mail
attachments.
postconf -n
postconf: warning: /etc/postfix/master.cf: undefined parameter:
submission_sender_restrictions
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_protocols = all
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
mydestination =
mynetworks = 52.14.9.241/32 107.173.129.223/32 127.0.0.1/32
newaliases_path = /usr/bin/newaliases.postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = lhprojects.net, lhpmail.us
relay_transport = smtp:smtp.lhpmail.us:587
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 5s
smtp_extra_recipient_limit = 10
smtp_use_tls = yes
smtpd_banner = $myhostname - Connected to LHProjects Information Network E-Mail
Server
smtpd_milters = inet:127.0.0.1:11332
smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces
reject_unauth_destination
smtpd_tls_cert_file = /etc/ssl/postfix/mx.cert.pem
smtpd_tls_key_file = /etc/ssl/postfix/mx.key.pem
smtpd_tls_loglevel = 2
unknown_local_recipient_reject_code = 550
postconf -Mf
postconf: warning: /etc/postfix/master.cf: undefined parameter:
submission_sender_restrictions
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_recipient_restrictions=permit_tls_clientcerts,reject
-o smtpd_tls_req_ccert=yes
-o smtpd_tls_auth_only=no
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_cert_file=/etc/postfix/ssl/submission.cert
-o smtpd_tls_key_file=/etc/postfix/ssl/submission.key
-o smtpd_tls_fingerprint_digest=sha1
-o relay_clientcerts=hash:/etc/postfix/relay_clientcerts
-o smtpd_relay_restrictions=permit_tls_clientcerts,reject
-o smtpd_tls_CAfile=/etc/postfix/ssl/ca_new2.pem
-o smtpd_sender_restrictions=$submission_sender_restrictions
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_data_restrictions=
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
Relevent logs:
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]: initializing the
server-side TLS engine
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]: connect from
unknown[192.168.103.201]
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]: discarding EHLO
keywords: CHUNKING
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]: setting up TLS
connection from unknown[192.168.103.201]
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: TLS cipher list
"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH:!aNULL"
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:before SSL initialization
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:before SSL initialization
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS read client hello
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write server hello
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write change cipher spec
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:TLSv1.3 write encrypted extensions
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write certificate request
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write certificate
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:TLSv1.3 write server certificate verify
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write finished
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:TLSv1.3 early data
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:TLSv1.3 early data
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: depth=1 verify=0
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=LHProjects Certificate Authority/CN=LHP MX CA
V1/[email protected]
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: depth=2 verify=1
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=LHProjects Information Network CA/CN=LHPRojects Root CA V2
Extended/[email protected]
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: depth=1 verify=1
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=LHProjects Certificate Authority/CN=LHP MX CA
V1/[email protected]
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: depth=0 verify=1
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=Mail Servers/CN=smtp.lhpmail.us/[email protected]
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS read client certificate
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS read certificate verify
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS read finished
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: Issuing session ticket, key expiration: 1632915961
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write session ticket
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=Mail Servers/CN=smtp.lhpmail.us/[email protected]
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
issuer=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=LHProjects Certificate Authority/CN=LHP MX CA
V1/[email protected]
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: subject_CN=smtp.lhpmail.us, issuer=LHP MX CA V1,
fingerprint=87:0F:12:04:F3:A1:BD:3A:E1:38:33:3E:62:65:8E:B1:A6:4D:A5:60,
pkey_fingerprint=00:AC:ED:99:56:33:22:A0:CA:75:9D:69:4B:C4:E5:2B:45:7C:1E:6D
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]: certificate
verification failed for unknown[192.168.103.201]: not designated for use as a
CA certificate
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]: Untrusted TLS
connection established from unknown[192.168.103.201]: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits)
client-digest SHA256
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]: NOQUEUE: abort:
TLS from unknown[192.168.103.201]: Client certificate not trusted
Sep 29 07:16:02 centos8mx-dev postfix/submission/smtpd[17603]: disconnect from
unknown[192.168.103.201] ehlo=1 starttls=1 commands=2
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]: connect from
unknown[192.168.103.201]
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]: discarding EHLO
keywords: CHUNKING
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]: setting up TLS
connection from unknown[192.168.103.201]
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: TLS cipher list
"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH:!aNULL"
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:before SSL initialization
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:before SSL initialization
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS read client hello
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write server hello
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write change cipher spec
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:TLSv1.3 write encrypted extensions
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write certificate request
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write certificate
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:TLSv1.3 write server certificate verify
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write finished
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:TLSv1.3 early data
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:TLSv1.3 early data
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: depth=1 verify=0
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=LHProjects Certificate Authority/CN=LHP MX CA
V1/[email protected]
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: depth=2 verify=1
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=LHProjects Information Network CA/CN=LHPRojects Root CA V2
Extended/[email protected]
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: depth=1 verify=1
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=LHProjects Certificate Authority/CN=LHP MX CA
V1/[email protected]
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: depth=0 verify=1
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=Mail Servers/CN=smtp.lhpmail.us/[email protected]
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS read client certificate
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS read certificate verify
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS read finished
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: Issuing session ticket, key expiration: 1632915961
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
SSL_accept:SSLv3/TLS write session ticket
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
subject=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=Mail Servers/CN=smtp.lhpmail.us/[email protected]
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
issuer=/C=US/ST=Pennsylvania/L=Philadelphia/O=LHProjects Information
Network/OU=LHProjects Certificate Authority/CN=LHP MX CA
V1/[email protected]
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]:
unknown[192.168.103.201]: subject_CN=smtp.lhpmail.us, issuer=LHP MX CA V1,
fingerprint=87:0F:12:04:F3:A1:BD:3A:E1:38:33:3E:62:65:8E:B1:A6:4D:A5:60,
pkey_fingerprint=00:AC:ED:99:56:33:22:A0:CA:75:9D:69:4B:C4:E5:2B:45:7C:1E:6D
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]: certificate
verification failed for unknown[192.168.103.201]: not designated for use as a
CA certificate
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]: Untrusted TLS
connection established from unknown[192.168.103.201]: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits)
client-digest SHA256
Sep 29 07:16:49 centos8mx-dev postfix/submission/smtpd[17603]: NOQUEUE: abort:
TLS from unknown[192.168.103.201]: Client certificate not trusted
I've manually double checked the the certificates over a dozens times, search
the internet for any information on how to correctly create CA certs but
AFAICT. Nothing seems amiss. While the error seems obvious on the surface, it's
extremely confusing to what's exactly the cause of the error. Which certificate
does it not like ? All this is being on done on a test VM. openssl verify
-purpose sslclient doesn't complain, I'm able to create and sign certs with
those CA certificates? What is it exactly that's breaking down here? Any
pointers would be greatly appreciated here.
Regards.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3461926757273396585 (0x300b3c0b2db36569)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Pennsylvania, L = Philadelphia, O = LHProjects
Information Network, OU = LHProjects Information Network CA, CN = LHPRojects
Root CA V2 Extended, emailAddress = "[email protected]"
Validity
Not Before: Sep 29 05:49:00 2021 GMT
Not After : Mar 30 09:49:00 2023 GMT
Subject: C = US, ST = Pennsylvania, L = Philadelphia, O = LHProjects
Information Network, OU = LHProjects Certificate Authority, CN = LHP MX CA V1,
emailAddress = "[email protected]"
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:c6:e3:d0:52:3c:e7:d4:9e:55:19:c8:85:bf:
4e:e6:19:e1:bb:6a:7a:2b:28:98:17:a7:35:04:a6:
5d:16:2d:6b:0b:0e:a6:27:0e:ff:bd:c3:8b:05:c1:
08:d3:6d:6c:ff:21:72:f3:f1:5e:74:03:ab:35:e5:
54:cd:6d:ab:f8:f3:6d:d7:b8:68:f3:a9:c6:20:25:
c7:c3:bf:72:59:3b:3c:87:65:3b:14:2a:e0:21:59:
df:60:db:69:cc:ce:3e:25:b4:f0:16:14:70:dd:a4:
b3:2c:06:e1:a0:61:8f:70:ce:de:29:4a:a6:5d:d9:
cb:f2:be:ea:31:4d:a7:78:6d:73:ac:48:31:2c:ac:
95:74:eb:11:39:a8:d1:1f:a3:49:28:7a:7f:97:87:
87:d4:bb:32:61:b5:76:15:08:05:73:df:01:6c:82:
5e:59:87:0f:86:b8:6e:f9:99:65:a8:87:6f:e1:2d:
fb:69:88:a7:6d:5d:33:9d:33:da:71:f7:87:6e:79:
ba:59:16:30:6a:e1:84:e0:fd:0d:53:a7:4a:e5:c5:
2e:ad:eb:b2:71:e7:54:0c:63:2b:9a:07:8c:f8:5a:
a0:4f:42:28:b6:11:ae:ac:61:37:c3:2c:0c:e0:7d:
fc:50:87:6c:ab:a8:c2:fe:8c:f5:0f:05:02:d6:05:
c5:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
F0:04:87:B8:5D:97:E7:79:48:E0:CA:5D:87:65:12:FC:D5:BC:21:14
X509v3 Authority Key Identifier:
keyid:99:E5:AF:15:0C:66:4A:CB:01:61:16:09:80:3E:F6:FC:3D:B1:D0:CD
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
OCSP Signing
X509v3 CRL Distribution Points:
Full Name:
URI:http://ocsp.lhprojects.net/crlV2.pem
Authority Information Access:
OCSP - URI:http://ocsp.lhprojects.net:6139
Netscape Cert Type:
SSL CA, S/MIME CA, Object Signing CA
Netscape Comment:
Created by LHProjects Certificate Authority
Signature Algorithm: sha256WithRSAEncryption
6f:81:32:f2:a8:c4:38:33:af:2b:f0:ea:e8:62:9c:64:b6:6f:
8b:6a:aa:21:7c:ce:bc:69:64:a1:c1:de:27:3d:0a:de:d8:66:
12:5f:18:03:58:d0:ce:d0:56:1e:26:a8:b9:55:60:ed:2e:d2:
46:5c:eb:36:0d:d9:34:13:9b:d7:af:cd:f6:1f:9a:67:6c:6b:
bd:60:c7:4f:f0:f8:fd:99:a8:90:85:be:74:db:cb:4b:b4:f0:
7c:d0:21:e0:1e:ab:bd:3c:4d:2a:8d:87:86:67:cb:c3:19:80:
5c:c1:2f:be:87:61:c8:a6:19:7a:cc:b0:bc:11:77:81:ae:b5:
12:c6:92:d9:92:0d:fd:93:07:ec:de:f3:2f:6a:65:3c:cf:03:
17:1f:99:20:50:64:0e:83:33:97:4e:b5:7e:f5:82:6e:b7:f4:
12:35:a7:51:3e:64:1b:f5:52:c4:46:2f:de:3c:98:e0:68:d9:
6a:25:34:54:ad:f9:c8:07:a5:45:c0:29:9c:b2:b9:d1:c1:5b:
32:7f:d1:f1:35:61:a8:08:41:d1:bb:62:9e:35:ed:ea:ee:10:
7c:bf:ad:07:04:44:73:ae:70:8f:e6:77:90:13:30:4e:74:27:
1f:3e:0d:70:16:8f:1e:aa:55:f9:53:cb:bd:53:59:42:b1:32:
1f:bd:49:8e
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6588861623671820736 (0x5b7056bcc92991c0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Pennsylvania, L = Philadelphia, O = LHProjects
Information Network, OU = LHProjects Information Network CA, CN = LHPRojects
Root CA V2 Extended, emailAddress = "[email protected]"
Validity
Not Before: Mar 30 09:49:00 2019 GMT
Not After : Mar 30 09:49:00 2023 GMT
Subject: C = US, ST = Pennsylvania, L = Philadelphia, O = LHProjects
Information Network, OU = LHProjects Information Network CA, CN = LHPRojects
Root CA V2 Extended, emailAddress = "[email protected]"
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:85:8c:76:50:0f:75:6c:c1:45:54:14:d1:aa:
52:ca:86:a1:53:34:53:68:9f:f7:97:c7:ae:d9:96:
41:95:e0:de:b0:72:2d:3a:22:b9:97:43:2a:41:b5:
12:32:d0:96:f3:67:52:fd:75:ec:1c:c5:fe:dd:41:
b4:53:bf:d0:09:e1:e5:51:fa:9a:15:da:55:e5:af:
38:cc:ec:ac:a8:48:27:0b:1c:d0:62:8f:9d:d5:0a:
43:c1:3f:f4:36:7e:61:e7:86:9f:47:de:3f:2d:b9:
c3:16:a1:e0:94:2c:98:1a:82:83:7a:c2:2f:51:8c:
19:62:bd:ae:1c:9f:01:f6:28:dd:7c:d1:94:d0:97:
74:71:c4:6e:70:2d:9a:e1:2e:e3:9f:62:3c:e8:82:
d5:1c:0c:9b:83:bd:af:79:ce:ac:55:c0:f2:17:fb:
ff:ce:7e:ec:30:f4:c6:18:9b:35:bc:ef:50:11:b4:
a1:e5:8a:ff:49:cb:a8:e1:83:e3:b1:09:bb:a0:fb:
97:6f:80:a1:cb:6c:e7:37:31:2c:64:95:59:d1:56:
49:d0:35:a1:fd:02:5e:b6:82:17:31:53:c4:ef:e7:
f8:cf:df:94:d2:ca:19:62:ab:22:ca:ee:5c:8d:b2:
f3:bd:32:66:9c:bf:b5:a4:9e:0e:a7:a7:ec:e1:f6:
79:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
99:E5:AF:15:0C:66:4A:CB:01:61:16:09:80:3E:F6:FC:3D:B1:D0:CD
X509v3 Authority Key Identifier:
keyid:99:E5:AF:15:0C:66:4A:CB:01:61:16:09:80:3E:F6:FC:3D:B1:D0:CD
X509v3 Key Usage:
Certificate Sign, CRL Sign
X509v3 CRL Distribution Points:
Full Name:
URI:http://ocsp.lhprojects.net/crlV2.pem
Authority Information Access:
OCSP - URI:http://ocsp.lhprojects.net:6139
Netscape Cert Type:
SSL CA, S/MIME CA, Object Signing CA
Netscape Comment:
Created by LHProjects Certificate Authority
Signature Algorithm: sha256WithRSAEncryption
74:83:be:f2:63:c3:d9:93:14:05:2e:e8:db:6b:95:30:f9:87:
38:0f:b0:6e:4e:26:65:b6:eb:6a:4b:57:38:4c:7b:eb:0d:24:
c5:47:88:4b:6c:e2:d0:58:af:9f:e1:6e:ee:e2:a5:20:bb:e2:
aa:46:f3:88:d5:c5:92:7f:57:8b:98:72:26:9e:91:2c:c7:60:
68:09:9c:e4:21:68:e3:3d:1a:cb:d9:97:3f:66:d6:82:ab:80:
13:c7:fc:89:5a:7a:2e:08:5a:78:3c:5c:66:18:88:a7:7c:53:
fe:99:01:04:00:64:d9:98:3d:43:40:5c:0d:03:cd:b0:ae:0b:
97:72:fe:90:b0:1d:5f:94:cc:55:77:17:96:76:a7:f1:4c:4d:
73:e7:d4:47:70:6c:95:f6:3b:1c:f7:be:e1:52:bf:37:04:b6:
f2:36:d4:9d:40:a4:b7:8b:6a:67:8f:f3:53:54:41:61:bd:b9:
85:26:f5:b4:53:16:18:11:0b:b9:ad:8c:db:65:b4:71:98:e0:
e3:c3:e4:f0:e0:23:46:60:f5:dc:b5:28:a1:d9:49:44:e4:d0:
6d:39:1f:6d:33:04:87:58:3b:00:6f:90:bd:1c:5d:c2:e8:d1:
43:1b:c7:c8:4d:58:0f:0e:db:45:49:c0:be:14:f6:ee:8b:9f:
57:c7:ca:21
