Ouch, shall i dismiss my childhood PKI-knowledge? I've stumbled upon a certificate issue that I just can't figure out. As far as I known when a new certificate is created it's locked onto that (trust) chain, but here it's seems like the root certificate has been swap'ed with a another one which is second in chain. I've realized that I'll not be able to figure this out until I by occasion find a clue, so here's the facts.
The SSL Server Certificates issued by TDC some times use the Entrust root certificate. It looks like especially IE6/7 doesn't care much for it, that is until you removed the old root certificate from your trust store! As an example I'll take the website http://www.digitalsignatur.dk run and owned by ITST.
Seen with Firefox 3
If you access the website with SSL/TLS and look and view the SSL Server Certificate Information:

This is all pretty straight (serial numer 3E:2C:75:88
, and the TDC Internet Root CA:

with the serialnumber 42:86:EC:F3
:

and the root certificate is from Entrust:

Seen with Internet Explorer 7
But if you were to do the same with IE7 the certificate path looks like:
where the root certificate is the TDC Internet Root CA
(serialnumber 3a cc a5 4c
):
and in between is the TDC SSL Server CA with the serialnumber 3c 1a 02 e2
.
which is strange since it's different and has another serialnumber 3a cc a5 4c
(from a different CA so theses serialnumber are not related:

Whats even more strange is that when i remove this root certificate from the trust store I'll end up with:

Seen with nice little webtool from DigiCert
DigiCert has a nice little tool that display certificate chains from web servers called SSL Certificate Check, and it displays the (full) Entrust chain variant:

Seen with OpenSSL
This seems very confusing, so eliminate the browser userinterface differenties I'll try and call with OpenSSL_
openssl s_client -showcerts -connect www.digitalsignatur.dk:443
CONNECTED(00000003) depth=2 /C=DK/O=TDC Internet/OU=TDC Internet Root CA verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=DK/ST=Denmark/L=Copenhagen/O=IT & Telestyrelsen/OU=IT & Telestyrelsen/CN=www.digitalsignatur.dk i:/C=DK/O=TDC/OU=TDC SSL Server CA -----BEGIN CERTIFICATE----- MIIF5DCCBMygAwIBAgIEPix1iDANBgkqhkiG9w0BAQUFADA3MQswCQYDVQQGEwJE SzEMMAoGA1UEChMDVERDMRowGAYDVQQLExFUREMgU1NMIFNlcnZlciBDQTAeFw0w NzA4MDMxMjQ5NDdaFw0wOTEwMDgwNzQ4MzFaMIGPMQswCQYDVQQGEwJESzEQMA4G A1UECBMHRGVubWFyazETMBEGA1UEBxMKQ29wZW5oYWdlbjEbMBkGA1UEChQSSVQg JiBUZWxlc3R5cmVsc2VuMRswGQYDVQQLFBJJVCAmIFRlbGVzdHlyZWxzZW4xHzAd BgNVBAMTFnd3dy5kaWdpdGFsc2lnbmF0dXIuZGswggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCvUu8dz7+LEfvMb9WwBjgwmyKA0ihZYLPuZiEbEwhK/7Wv 7YrSZmfjjQIh1yqdJw7SLw0hv5RZYWimqFW4xXiuLpI0sTAJxCdTV/eeMem7bOiC dfN1+yC8UtZPUJOkiGfpAt0AdqheAcU0vMMJd5ntqK9X8sw8h8b1XDHbFK57zhAP bQ+zo8ieXfDcR7iMDLMD03TH+MU8CuRCear36YZ1pnmc3S/FzWWgsHhj65H2olTg bZo+UzxRQUDYwWSE8qf4eJxNzD6KD5MgPoqAHrcvIqO4afqhJSz4e/1SiE54estC pCVdwpsF0oNzD1lxJ6ekR+EPJ9jPYBgIBwH30C71AgMBAAGjggKdMIICmTALBgNV HQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgZAMIIBgAYDVR0gBIIBdzCCAXMwggFv BgsrBgEEAaIiAgEBATCCAV4wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlm aWthdC5kay9yZXBvc2l0b3J5MIIBKQYIKwYBBQUHAgIwggEbMBMWDFREQyBJbnRl cm5ldDADAgEBGoIBAkRldHRlIGNlcnRpZmlrYXQgZXIgdWRzdGVkdCB1bmRlciBU REMgSW50ZXJuZXQgQ0FzIENlcnRpZmlrYXQgUG9saXRpayBmb3IgU1NMIFNlcnZl ciBjZXJ0aWZpa2F0ZXIgKE9JRD0xLjMuNi4xLjQuMS40Mzg2LjIuMS4xLjEpLiBU aGlzIGNlcnRpZmljYXRlIGlzIGlzc3VlZCB1bmRlciBUREMgSW50ZXJuZXQgQ0Fz IENlcnRpZmljYXRlIFBvbGljeSBmb3IgU1NMIFNlcnZlciBjZXJ0aWZpY2F0ZXMg KE9JRD0xLjMuNi4xLjQuMS40Mzg2LjIuMS4xLjEpLjAdBgNVHSUEFjAUBggrBgEF BQcDAQYIKwYBBQUHAwIwgYgGA1UdHwSBgDB+ME6gTKBKpEgwRjELMAkGA1UEBhMC REsxDDAKBgNVBAoTA1REQzEaMBgGA1UECxMRVERDIFNTTCBTZXJ2ZXIgQ0ExDTAL BgNVBAMTBENSTDUwLKAqoCiGJmh0dHA6Ly9jcmwuY2VydGlmaWthdC5kay9TU0xT ZXJ2ZXIuY3JsMB8GA1UdIwQYMBaAFP0ewrMIOpXR1KWHzs1BhHPvM3QNMB0GA1Ud DgQWBBSmEU1UoMDPNsbifEVXezHYiL6VzjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEB BQUAA4IBAQAfhgL26nxQsx+jMN8qTf+ItPAt6K+aT85jbI3iWTzzWRTVAMNlCJ5c ekx/9kZdk38Z/EqiC/eX9iVkUBvlRio3kVKefF4uEA5qKuOxGecSRxQA/daCPnWl DAcwrQYYRwzy6nV+6PhHXuKidAVn6gul1YhJCzIqAGhDQ+qrnJekRORICKx+uU8S oBhUjOQX+ckCFlP22Fvg6MjpfUgskj/KWOVPdQVpovWyr31K0PZGdjjAmSiTPash YCrXywVBretLP7zxMH2kBXPPcZJpd1bsGjfxXaC99BcKnMaPx77sr/BeMRUDgemH jjF1Mjjomv+QQcyolfJMoG58CEdy49Ti -----END CERTIFICATE----- 1 s:/C=DK/O=TDC/OU=TDC SSL Server CA i:/C=DK/O=TDC Internet/OU=TDC Internet Root CA -----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIEPBoC4jANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg Um9vdCBDQTAeFw0wNjA5MjgxMDQwNTBaFw0xMTA5MjgxMTEwNTBaMDcxCzAJBgNV BAYTAkRLMQwwCgYDVQQKEwNUREMxGjAYBgNVBAsTEVREQyBTU0wgU2VydmVyIENB MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ccg54uj7AKBZCwhFQbn 0ovjkDjjFw2pi1eMHlWqlHLm6dUMtfuL77fIkNUAFSurGfMFL1xoaXVaq5z4c7gC G2pEkHdg3F4RHAOv6JvpbMDBRFLyNUgC6x9tk4YG9qGsGtDTljAT+ATKorFPszho CP5SAKOGgnMY/MGoxYhOFjjc5+PfpqZNO5nG/FbzzB+lwrgEuwi6odMA92/2Zgi1 xRr0AxfnhkZPfKU9XHrLEsaPnk3DH2gXf1q++h4YMSwWX7Kqp+ffKA2wIIeKOZ33 bXNyMXjgi6EYQyALjCpZCdZX4ok9DSUEx1WXOy2AOrKMcMTF1vvJOxAQOJthyq0E ewIDAQABo4IBEDCCAQwwgZMGA1UdHwSBizCBiDBaoFigVqRUMFIxCzAJBgNVBAYT AkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRlcm5l dCBSb290IENBMQ0wCwYDVQQDEwRDUkwxMCqgKKAmhiRodHRwOi8vY3JsLmNlcnRp ZmlrYXQuZGsvUm9vdF9DQS5jcmwwCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGxk Acf9hW2syNqeUAiFCLU8VqhQMB0GA1UdDgQWBBT9HsKzCDqV0dSlh87NQYRz7zN0 DTAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY2LjADAgSQMA0GCSqG SIb3DQEBBQUAA4IBAQB+VBS3Zq0ssgJyK5rKWmT3acI6fEsYRrarBGVT5uRCmc5n f/feHmvqWOcV34mLe9tupz4WajwAciJscRRPqG+4vqZ7IzBc9Ubs86Txe2U9ym+K jiSzjzPdQZO1K9vhZAsREvmYE7LA2ehmjNgr+y9RJUME8xt/urVlIFKt8TuvK40K lk1bPO6gKFSrNd16Lt4K9nKS4aXV9Gzhe95PQXDFl+JOT5dTZKW5o4n+KjSqyAvB YMfKX+63Cu4ZKVcOjitVkFFins65Sic2gROLbl632kWIhX1qxnBFD3tzEs/4kIYQ iF87CrLQg6VObcAWfnc6VKPwT0YOdNEVwG0ORkYM -----END CERTIFICATE----- 2 s:/C=DK/O=TDC Internet/OU=TDC Internet Root CA i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority -----BEGIN CERTIFICATE----- MIIF/TCCBWagAwIBAgIEQobs8zANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEw MTIxODQ4NTJaFw0xMTEwMTIxOTE4NTJaMEMxCzAJBgNVBAYTAkRLMRUwEwYDVQQK EwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRlcm5ldCBSb290IENBMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhAvJHVYx/XmaCLDEAedLdI nUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNuZp+Jpd/gQlBn+h9sHvTQ Bda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a0vnRrEvLznWv3Hv6gXPU /Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc14izbSysseLlJ28TQx5yc 5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGNeGlVRGn1ypYcNIUXJXfi 9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcDR0G2l8ktCkEiu7vmpwID AQABo4IC9zCCAvMwEgYDVR0TAQH/BAgwBgEB/wIBATAnBgNVHSUEIDAeBggrBgEF BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMIIBLgYDVR0gBIIBJTCCASEwggEdBgkq hkiG9n0HSwIwggEOMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0 L2NwczCB4wYIKwYBBQUHAgIwgdYagdNGb3IgdXNlIHNvbGVseSB3aXRoIFNTTCBj ZXJ0aWZpY2F0ZXMgaXNzdWVkIGJ5IFREQyBTb2x1dGlvbnMgQS9TIHRvIGF1dGhv cml6ZWQgc3Vic2NyaWJlcnMuXFxyXFxuRE9FUyBOT1QgcmVwcmVzZW50IGFueSBl bmRvcnNlbWVudCBieSBFbnRydXN0IEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMgYXMg dG8gdGhlIGlkZW50aXR5IG9mIGFueSBjZXJ0aWZpY2F0ZSBob2xkZXIuMIIBGAYD VR0fBIIBDzCCAQswKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvc2VydmVy MS5jcmwwgd6ggduggdikgdUwgdIxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtFbnRy dXN0Lm5ldDE7MDkGA1UECxMyd3d3LmVudHJ1c3QubmV0L0NQUyBpbmNvcnAuIGJ5 IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3Qu bmV0IExpbWl0ZWQxOjA4BgNVBAMTMUVudHJ1c3QubmV0IFNlY3VyZSBTZXJ2ZXIg Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwCwYDVR0PBAQD AgEGMB8GA1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMB0GA1UdDgQWBBRs ZAHH/YVtrMjanlAIhQi1PFaoUDAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIAgTAN BgkqhkiG9w0BAQUFAAOBgQACKnOmebpCKJSVzmLtMnJUZT8lr4GYVqcd8GvSI7kw IkBmdu6LpS2qiTT13Ol/8cLP2H4BohFyRFoOHDmDDBLua/2FJOopuMoKcHGs4wIS LrHvp55O2Wxot2NVlYlAKWDUDfoopqgCMehJNfRoxWMykBQsZWcX/cLvmUvNZToM 2w== -----END CERTIFICATE----- --- Server certificate subject=/C=DK/ST=Denmark/L=Copenhagen/O=IT & Telestyrelsen/OU=IT & Telestyrelsen/CN=www.digitalsignatur.dk issuer=/C=DK/O=TDC/OU=TDC SSL Server CA --- No client certificate CA names sent --- SSL handshake has read 4229 bytes and written 443 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 0C1F00006565DB37FA6FDE7DF84AE3A4D8BE99EA56E3BAFD22B8B2C12D7E61F9 Session-ID-ctx: Master-Key: 0D9CF82D54AE2942CBACBA4C26687467743DCBFA6AADA581C6A023513976EDA84DB23F265A249EE46A372BE95CD98422 Key-Arg : None Krb5 Principal: None Start Time: 1222526140 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---
This gives a pretty straight answer that the Entrust chain is returned. Before digging into why IE/MS thinks otherwise I extract all the detailed certificate information with the openssl x509
command:
openssl x509 -text -in cert0.crt (having pasted the content into a file with that name)
which gives:
Certificate: Data: Version: 3 (0x2) Serial Number: 1043101064 (0x3e2c7588) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DK, O=TDC, OU=TDC SSL Server CA Validity Not Before: Aug 3 12:49:47 2007 GMT Not After : Oct 8 07:48:31 2009 GMT Subject: C=DK, ST=Denmark, L=Copenhagen, O=IT & Telestyrelsen, OU=IT & Telestyrelsen, CN=www.digitalsignatur.dk Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:af:52:ef:1d:cf:bf:8b:11:fb:cc:6f:d5:b0:06: 38:30:9b:22:80:d2:28:59:60:b3:ee:66:21:1b:13: 08:4a:ff:b5:af:ed:8a:d2:66:67:e3:8d:02:21:d7: 2a:9d:27:0e:d2:2f:0d:21:bf:94:59:61:68:a6:a8: 55:b8:c5:78:ae:2e:92:34:b1:30:09:c4:27:53:57: f7:9e:31:e9:bb:6c:e8:82:75:f3:75:fb:20:bc:52: d6:4f:50:93:a4:88:67:e9:02:dd:00:76:a8:5e:01: c5:34:bc:c3:09:77:99:ed:a8:af:57:f2:cc:3c:87: c6:f5:5c:31:db:14:ae:7b:ce:10:0f:6d:0f:b3:a3: c8:9e:5d:f0:dc:47:b8:8c:0c:b3:03:d3:74:c7:f8: c5:3c:0a:e4:42:79:aa:f7:e9:86:75:a6:79:9c:dd: 2f:c5:cd:65:a0:b0:78:63:eb:91:f6:a2:54:e0:6d: 9a:3e:53:3c:51:41:40:d8:c1:64:84:f2:a7:f8:78: 9c:4d:cc:3e:8a:0f:93:20:3e:8a:80:1e:b7:2f:22: a3:b8:69:fa:a1:25:2c:f8:7b:fd:52:88:4e:78:7a: cb:42:a4:25:5d:c2:9b:05:d2:83:73:0f:59:71:27: a7:a4:47:e1:0f:27:d8:cf:60:18:08:07:01:f7:d0: 2e:f5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment Netscape Cert Type: SSL Server X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.4386.2.1.1.1 CPS: http://www.certifikat.dk/repository User Notice: Organization: TDC Internet Number: 1 Explicit Text: Dette certifikat er udstedt under TDC Internet CAs Certifikat Politik for SSL Server certifikater (OID=1.3.6.1.4.1.4386.2.1.1.1). This certificate is issued under TDC Internet CAs Certificate Policy for SSL Server certificates (OID=1.3.6.1.4.1.4386.2.1.1.1). X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: DirName:/C=DK/O=TDC/OU=TDC SSL Server CA/CN=CRL5 URI:http://crl.certifikat.dk/SSLServer.crl X509v3 Authority Key Identifier: keyid:FD:1E:C2:B3:08:3A:95:D1:D4:A5:87:CE:CD:41:84:73:EF:33:74:0D X509v3 Subject Key Identifier: A6:11:4D:54:A0:C0:CF:36:C6:E2:7C:45:57:7B:31:D8:88:BE:95:CE X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 1f:86:02:f6:ea:7c:50:b3:1f:a3:30:df:2a:4d:ff:88:b4:f0: 2d:e8:af:9a:4f:ce:63:6c:8d:e2:59:3c:f3:59:14:d5:00:c3: 65:08:9e:5c:7a:4c:7f:f6:46:5d:93:7f:19:fc:4a:a2:0b:f7: 97:f6:25:64:50:1b:e5:46:2a:37:91:52:9e:7c:5e:2e:10:0e: 6a:2a:e3:b1:19:e7:12:47:14:00:fd:d6:82:3e:75:a5:0c:07: 30:ad:06:18:47:0c:f2:ea:75:7e:e8:f8:47:5e:e2:a2:74:05: 67:ea:0b:a5:d5:88:49:0b:32:2a:00:68:43:43:ea:ab:9c:97: a4:44:e4:48:08:ac:7e:b9:4f:12:a0:18:54:8c:e4:17:f9:c9: 02:16:53:f6:d8:5b:e0:e8:c8:e9:7d:48:2c:92:3f:ca:58:e5: 4f:75:05:69:a2:f5:b2:af:7d:4a:d0:f6:46:76:38:c0:99:28: 93:3d:ab:21:60:2a:d7:cb:05:41:ad:eb:4b:3f:bc:f1:30:7d: a4:05:73:cf:71:92:69:77:56:ec:1a:37:f1:5d:a0:bd:f4:17: 0a:9c:c6:8f:c7:be:ec:af:f0:5e:31:15:03:81:e9:87:8e:31: 75:32:38:e8:9a:ff:90:41:cc:a8:95:f2:4c:a0:6e:7c:08:47: 72:e3:d4:e2
and the next
Certificate: Data: Version: 3 (0x2) Serial Number: 1008337634 (0x3c1a02e2) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DK, O=TDC Internet, OU=TDC Internet Root CA Validity Not Before: Sep 28 10:40:50 2006 GMT Not After : Sep 28 11:10:50 2011 GMT Subject: C=DK, O=TDC, OU=TDC SSL Server CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:d9:c7:20:e7:8b:a3:ec:02:81:64:2c:21:15:06: e7:d2:8b:e3:90:38:e3:17:0d:a9:8b:57:8c:1e:55: aa:94:72:e6:e9:d5:0c:b5:fb:8b:ef:b7:c8:90:d5: 00:15:2b:ab:19:f3:05:2f:5c:68:69:75:5a:ab:9c: f8:73:b8:02:1b:6a:44:90:77:60:dc:5e:11:1c:03: af:e8:9b:e9:6c:c0:c1:44:52:f2:35:48:02:eb:1f: 6d:93:86:06:f6:a1:ac:1a:d0:d3:96:30:13:f8:04: ca:a2:b1:4f:b3:38:68:08:fe:52:00:a3:86:82:73: 18:fc:c1:a8:c5:88:4e:16:38:dc:e7:e3:df:a6:a6: 4d:3b:99:c6:fc:56:f3:cc:1f:a5:c2:b8:04:bb:08: ba:a1:d3:00:f7:6f:f6:66:08:b5:c5:1a:f4:03:17: e7:86:46:4f:7c:a5:3d:5c:7a:cb:12:c6:8f:9e:4d: c3:1f:68:17:7f:5a:be:fa:1e:18:31:2c:16:5f:b2: aa:a7:e7:df:28:0d:b0:20:87:8a:39:9d:f7:6d:73: 72:31:78:e0:8b:a1:18:43:20:0b:8c:2a:59:09:d6: 57:e2:89:3d:0d:25:04:c7:55:97:3b:2d:80:3a:b2: 8c:70:c4:c5:d6:fb:c9:3b:10:10:38:9b:61:ca:ad: 04:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 CRL Distribution Points: DirName:/C=DK/O=TDC Internet/OU=TDC Internet Root CA/CN=CRL1 URI:http://crl.certifikat.dk/Root_CA.crl X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:6C:64:01:C7:FD:85:6D:AC:C8:DA:9E:50:08:85:08:B5:3C:56:A8:50 X509v3 Subject Key Identifier: FD:1E:C2:B3:08:3A:95:D1:D4:A5:87:CE:CD:41:84:73:EF:33:74:0D X509v3 Basic Constraints: CA:TRUE 1.2.840.113533.7.65.0: 0 ..V6.0.... Signature Algorithm: sha1WithRSAEncryption 7e:54:14:b7:66:ad:2c:b2:02:72:2b:9a:ca:5a:64:f7:69:c2: 3a:7c:4b:18:46:b6:ab:04:65:53:e6:e4:42:99:ce:67:7f:f7: de:1e:6b:ea:58:e7:15:df:89:8b:7b:db:6e:a7:3e:16:6a:3c: 00:72:22:6c:71:14:4f:a8:6f:b8:be:a6:7b:23:30:5c:f5:46: ec:f3:a4:f1:7b:65:3d:ca:6f:8a:8e:24:b3:8f:33:dd:41:93: b5:2b:db:e1:64:0b:11:12:f9:98:13:b2:c0:d9:e8:66:8c:d8: 2b:fb:2f:51:25:43:04:f3:1b:7f:ba:b5:65:20:52:ad:f1:3b: af:2b:8d:0a:96:4d:5b:3c:ee:a0:28:54:ab:35:dd:7a:2e:de: 0a:f6:72:92:e1:a5:d5:f4:6c:e1:7b:de:4f:41:70:c5:97:e2: 4e:4f:97:53:64:a5:b9:a3:89:fe:2a:34:aa:c8:0b:c1:60:c7: ca:5f:ee:b7:0a:ee:19:29:57:0e:8e:2b:55:90:51:62:9e:ce: b9:4a:27:36:81:13:8b:6e:5e:b7:da:45:88:85:7d:6a:c6:70: 45:0f:7b:73:12:cf:f8:90:86:10:88:5f:3b:0a:b2:d0:83:a5: 4e:6d:c0:16:7e:77:3a:54:a3:f0:4f:46:0e:74:d1:15:c0:6d: 0e:46:46:0c
a the final one:
Certificate: Data: Version: 3 (0x2) Serial Number: 1116138739 (0x4286ecf3) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority Validity Not Before: Oct 12 18:48:52 2006 GMT Not After : Oct 12 19:18:52 2011 GMT Subject: C=DK, O=TDC Internet, OU=TDC Internet Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:c4:b8:40:bc:91:d5:63:1f:d7:99:a0:8b:0c:40: 1e:74:b7:48:9d:46:8c:02:b2:e0:24:5f:f0:19:13: a7:37:83:6b:5d:c7:8e:f9:84:30:ce:1a:3b:fa:fb: ce:8b:6d:23:c6:c3:6e:66:9f:89:a5:df:e0:42:50: 67:fa:1f:6c:1e:f4:d0:05:d6:bf:ca:d6:4e:e4:68: 60:6c:46:aa:1c:5d:63:e1:07:86:0e:65:00:a7:2e: a6:71:c6:bc:b9:81:a8:3a:7d:1a:d2:f9:d1:ac:4b: cb:ce:75:af:dc:7b:fa:81:73:d4:fc:ba:bd:41:88: d4:74:b3:f9:5e:38:3a:3c:43:a8:d2:95:4e:77:6d: 13:0c:9d:8f:78:01:b7:5a:20:1f:03:37:35:e2:2c: db:4b:2b:2c:78:b9:49:db:c4:d0:c7:9c:9c:e4:8a: 20:09:21:16:56:66:ff:05:ec:5b:e3:f0:cf:ab:24: 24:5e:c3:7f:70:7a:12:c4:d2:b5:10:a0:b6:21:e1: 8d:78:69:55:44:69:f5:ca:96:1c:34:85:17:25:77: e2:f6:2f:27:98:78:fd:79:06:3a:a2:d6:5a:43:c1: ff:ec:04:3b:ee:13:ef:d3:58:5a:ff:92:eb:ec:ae: da:f2:37:03:47:41:b6:97:c9:2d:0a:41:22:bb:bb: e6:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, OCSP Signing X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/cps User Notice: Explicit Text: For use solely with SSL certificates issued by TDC Solutions A/S to authorized subscribers.\\r\\nDOES NOT represent any endorsement by Entrust Inc. or its affiliates as to the identity of any certificate holder. X509v3 CRL Distribution Points: URI:http://crl.entrust.net/server1.crl DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A X509v3 Subject Key Identifier: 6C:64:01:C7:FD:85:6D:AC:C8:DA:9E:50:08:85:08:B5:3C:56:A8:50 1.2.840.113533.7.65.0: 0 ..V7.1.... Signature Algorithm: sha1WithRSAEncryption 02:2a:73:a6:79:ba:42:28:94:95:ce:62:ed:32:72:54:65:3f: 25:af:81:98:56:a7:1d:f0:6b:d2:23:b9:30:22:40:66:76:ee: 8b:a5:2d:aa:89:34:f5:dc:e9:7f:f1:c2:cf:d8:7e:01:a2:11: 72:44:5a:0e:1c:39:83:0c:12:ee:6b:fd:85:24:ea:29:b8:ca: 0a:70:71:ac:e3:02:12:2e:b1:ef:a7:9e:4e:d9:6c:68:b7:63: 55:95:89:40:29:60:d4:0d:fa:28:a6:a8:02:31:e8:49:35:f4: 68:c5:63:32:90:14:2c:65:67:17:fd:c2:ef:99:4b:cd:65:3a: 0c:db
The Certificate chain recommended by TDC
On the site for rootcertificates the complete certificate chain that can be used in an Apache HTTPD webserver:
#tdcssl-tdcroot: -----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIEPBoC4jANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg Um9vdCBDQTAeFw0wNjA5MjgxMDQwNTBaFw0xMTA5MjgxMTEwNTBaMDcxCzAJBgNV BAYTAkRLMQwwCgYDVQQKEwNUREMxGjAYBgNVBAsTEVREQyBTU0wgU2VydmVyIENB MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ccg54uj7AKBZCwhFQbn 0ovjkDjjFw2pi1eMHlWqlHLm6dUMtfuL77fIkNUAFSurGfMFL1xoaXVaq5z4c7gC G2pEkHdg3F4RHAOv6JvpbMDBRFLyNUgC6x9tk4YG9qGsGtDTljAT+ATKorFPszho CP5SAKOGgnMY/MGoxYhOFjjc5+PfpqZNO5nG/FbzzB+lwrgEuwi6odMA92/2Zgi1 xRr0AxfnhkZPfKU9XHrLEsaPnk3DH2gXf1q++h4YMSwWX7Kqp+ffKA2wIIeKOZ33 bXNyMXjgi6EYQyALjCpZCdZX4ok9DSUEx1WXOy2AOrKMcMTF1vvJOxAQOJthyq0E ewIDAQABo4IBEDCCAQwwgZMGA1UdHwSBizCBiDBaoFigVqRUMFIxCzAJBgNVBAYT AkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRlcm5l dCBSb290IENBMQ0wCwYDVQQDEwRDUkwxMCqgKKAmhiRodHRwOi8vY3JsLmNlcnRp ZmlrYXQuZGsvUm9vdF9DQS5jcmwwCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGxk Acf9hW2syNqeUAiFCLU8VqhQMB0GA1UdDgQWBBT9HsKzCDqV0dSlh87NQYRz7zN0 DTAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY2LjADAgSQMA0GCSqG SIb3DQEBBQUAA4IBAQB+VBS3Zq0ssgJyK5rKWmT3acI6fEsYRrarBGVT5uRCmc5n f/feHmvqWOcV34mLe9tupz4WajwAciJscRRPqG+4vqZ7IzBc9Ubs86Txe2U9ym+K jiSzjzPdQZO1K9vhZAsREvmYE7LA2ehmjNgr+y9RJUME8xt/urVlIFKt8TuvK40K lk1bPO6gKFSrNd16Lt4K9nKS4aXV9Gzhe95PQXDFl+JOT5dTZKW5o4n+KjSqyAvB YMfKX+63Cu4ZKVcOjitVkFFins65Sic2gROLbl632kWIhX1qxnBFD3tzEs/4kIYQ iF87CrLQg6VObcAWfnc6VKPwT0YOdNEVwG0ORkYM -----END CERTIFICATE----- #tdcroot-entrustssl: -----BEGIN CERTIFICATE----- MIIF/TCCBWagAwIBAgIEQobs8zANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEw MTIxODQ4NTJaFw0xMTEwMTIxOTE4NTJaMEMxCzAJBgNVBAYTAkRLMRUwEwYDVQQK EwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRlcm5ldCBSb290IENBMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhAvJHVYx/XmaCLDEAedLdI nUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNuZp+Jpd/gQlBn+h9sHvTQ Bda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a0vnRrEvLznWv3Hv6gXPU /Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc14izbSysseLlJ28TQx5yc 5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGNeGlVRGn1ypYcNIUXJXfi 9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcDR0G2l8ktCkEiu7vmpwID AQABo4IC9zCCAvMwEgYDVR0TAQH/BAgwBgEB/wIBATAnBgNVHSUEIDAeBggrBgEF BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMIIBLgYDVR0gBIIBJTCCASEwggEdBgkq hkiG9n0HSwIwggEOMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0 L2NwczCB4wYIKwYBBQUHAgIwgdYagdNGb3IgdXNlIHNvbGVseSB3aXRoIFNTTCBj ZXJ0aWZpY2F0ZXMgaXNzdWVkIGJ5IFREQyBTb2x1dGlvbnMgQS9TIHRvIGF1dGhv cml6ZWQgc3Vic2NyaWJlcnMuXFxyXFxuRE9FUyBOT1QgcmVwcmVzZW50IGFueSBl bmRvcnNlbWVudCBieSBFbnRydXN0IEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMgYXMg dG8gdGhlIGlkZW50aXR5IG9mIGFueSBjZXJ0aWZpY2F0ZSBob2xkZXIuMIIBGAYD VR0fBIIBDzCCAQswKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvc2VydmVy MS5jcmwwgd6ggduggdikgdUwgdIxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtFbnRy dXN0Lm5ldDE7MDkGA1UECxMyd3d3LmVudHJ1c3QubmV0L0NQUyBpbmNvcnAuIGJ5 IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3Qu bmV0IExpbWl0ZWQxOjA4BgNVBAMTMUVudHJ1c3QubmV0IFNlY3VyZSBTZXJ2ZXIg Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwCwYDVR0PBAQD AgEGMB8GA1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMB0GA1UdDgQWBBRs ZAHH/YVtrMjanlAIhQi1PFaoUDAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIAgTAN BgkqhkiG9w0BAQUFAAOBgQACKnOmebpCKJSVzmLtMnJUZT8lr4GYVqcd8GvSI7kw IkBmdu6LpS2qiTT13Ol/8cLP2H4BohFyRFoOHDmDDBLua/2FJOopuMoKcHGs4wIS LrHvp55O2Wxot2NVlYlAKWDUDfoopqgCMehJNfRoxWMykBQsZWcX/cLvmUvNZToM 2w== -----END CERTIFICATE----- #entrustssl-entrustssl -----BEGIN CERTIFICATE----- MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1 MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/ I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3 wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5 BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0 MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN 95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd 2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI= -----END CERTIFICATE-----
the humanreadble version is something like:
#tdcssl-tdcroot: Certificate: Data: Version: 3 (0x2) Serial Number: 1008337634 (0x3c1a02e2) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DK, O=TDC Internet, OU=TDC Internet Root CA Validity Not Before: Sep 28 10:40:50 2006 GMT Not After : Sep 28 11:10:50 2011 GMT Subject: C=DK, O=TDC, OU=TDC SSL Server CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:d9:c7:20:e7:8b:a3:ec:02:81:64:2c:21:15:06: e7:d2:8b:e3:90:38:e3:17:0d:a9:8b:57:8c:1e:55: aa:94:72:e6:e9:d5:0c:b5:fb:8b:ef:b7:c8:90:d5: 00:15:2b:ab:19:f3:05:2f:5c:68:69:75:5a:ab:9c: f8:73:b8:02:1b:6a:44:90:77:60:dc:5e:11:1c:03: af:e8:9b:e9:6c:c0:c1:44:52:f2:35:48:02:eb:1f: 6d:93:86:06:f6:a1:ac:1a:d0:d3:96:30:13:f8:04: ca:a2:b1:4f:b3:38:68:08:fe:52:00:a3:86:82:73: 18:fc:c1:a8:c5:88:4e:16:38:dc:e7:e3:df:a6:a6: 4d:3b:99:c6:fc:56:f3:cc:1f:a5:c2:b8:04:bb:08: ba:a1:d3:00:f7:6f:f6:66:08:b5:c5:1a:f4:03:17: e7:86:46:4f:7c:a5:3d:5c:7a:cb:12:c6:8f:9e:4d: c3:1f:68:17:7f:5a:be:fa:1e:18:31:2c:16:5f:b2: aa:a7:e7:df:28:0d:b0:20:87:8a:39:9d:f7:6d:73: 72:31:78:e0:8b:a1:18:43:20:0b:8c:2a:59:09:d6: 57:e2:89:3d:0d:25:04:c7:55:97:3b:2d:80:3a:b2: 8c:70:c4:c5:d6:fb:c9:3b:10:10:38:9b:61:ca:ad: 04:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 CRL Distribution Points: DirName:/C=DK/O=TDC Internet/OU=TDC Internet Root CA/CN=CRL1 URI:http://crl.certifikat.dk/Root_CA.crl X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:6C:64:01:C7:FD:85:6D:AC:C8:DA:9E:50:08:85:08:B5:3C:56:A8:50 X509v3 Subject Key Identifier: FD:1E:C2:B3:08:3A:95:D1:D4:A5:87:CE:CD:41:84:73:EF:33:74:0D X509v3 Basic Constraints: CA:TRUE 1.2.840.113533.7.65.0: 0 ..V6.0.... Signature Algorithm: sha1WithRSAEncryption 7e:54:14:b7:66:ad:2c:b2:02:72:2b:9a:ca:5a:64:f7:69:c2: 3a:7c:4b:18:46:b6:ab:04:65:53:e6:e4:42:99:ce:67:7f:f7: de:1e:6b:ea:58:e7:15:df:89:8b:7b:db:6e:a7:3e:16:6a:3c: 00:72:22:6c:71:14:4f:a8:6f:b8:be:a6:7b:23:30:5c:f5:46: ec:f3:a4:f1:7b:65:3d:ca:6f:8a:8e:24:b3:8f:33:dd:41:93: b5:2b:db:e1:64:0b:11:12:f9:98:13:b2:c0:d9:e8:66:8c:d8: 2b:fb:2f:51:25:43:04:f3:1b:7f:ba:b5:65:20:52:ad:f1:3b: af:2b:8d:0a:96:4d:5b:3c:ee:a0:28:54:ab:35:dd:7a:2e:de: 0a:f6:72:92:e1:a5:d5:f4:6c:e1:7b:de:4f:41:70:c5:97:e2: 4e:4f:97:53:64:a5:b9:a3:89:fe:2a:34:aa:c8:0b:c1:60:c7: ca:5f:ee:b7:0a:ee:19:29:57:0e:8e:2b:55:90:51:62:9e:ce: b9:4a:27:36:81:13:8b:6e:5e:b7:da:45:88:85:7d:6a:c6:70: 45:0f:7b:73:12:cf:f8:90:86:10:88:5f:3b:0a:b2:d0:83:a5: 4e:6d:c0:16:7e:77:3a:54:a3:f0:4f:46:0e:74:d1:15:c0:6d: 0e:46:46:0c #tdcroot-entrustssl: Certificate: Data: Version: 3 (0x2) Serial Number: 1116138739 (0x4286ecf3) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority Validity Not Before: Oct 12 18:48:52 2006 GMT Not After : Oct 12 19:18:52 2011 GMT Subject: C=DK, O=TDC Internet, OU=TDC Internet Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:c4:b8:40:bc:91:d5:63:1f:d7:99:a0:8b:0c:40: 1e:74:b7:48:9d:46:8c:02:b2:e0:24:5f:f0:19:13: a7:37:83:6b:5d:c7:8e:f9:84:30:ce:1a:3b:fa:fb: ce:8b:6d:23:c6:c3:6e:66:9f:89:a5:df:e0:42:50: 67:fa:1f:6c:1e:f4:d0:05:d6:bf:ca:d6:4e:e4:68: 60:6c:46:aa:1c:5d:63:e1:07:86:0e:65:00:a7:2e: a6:71:c6:bc:b9:81:a8:3a:7d:1a:d2:f9:d1:ac:4b: cb:ce:75:af:dc:7b:fa:81:73:d4:fc:ba:bd:41:88: d4:74:b3:f9:5e:38:3a:3c:43:a8:d2:95:4e:77:6d: 13:0c:9d:8f:78:01:b7:5a:20:1f:03:37:35:e2:2c: db:4b:2b:2c:78:b9:49:db:c4:d0:c7:9c:9c:e4:8a: 20:09:21:16:56:66:ff:05:ec:5b:e3:f0:cf:ab:24: 24:5e:c3:7f:70:7a:12:c4:d2:b5:10:a0:b6:21:e1: 8d:78:69:55:44:69:f5:ca:96:1c:34:85:17:25:77: e2:f6:2f:27:98:78:fd:79:06:3a:a2:d6:5a:43:c1: ff:ec:04:3b:ee:13:ef:d3:58:5a:ff:92:eb:ec:ae: da:f2:37:03:47:41:b6:97:c9:2d:0a:41:22:bb:bb: e6:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, OCSP Signing X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/cps User Notice: Explicit Text: For use solely with SSL certificates issued by TDC Solutions A/S to authorized subscribers.\\r\\nDOES NOT represent any endorsement by Entrust Inc. or its affiliates as to the identity of any certificate holder. X509v3 CRL Distribution Points: URI:http://crl.entrust.net/server1.crl DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A X509v3 Subject Key Identifier: 6C:64:01:C7:FD:85:6D:AC:C8:DA:9E:50:08:85:08:B5:3C:56:A8:50 1.2.840.113533.7.65.0: 0 ..V7.1.... Signature Algorithm: sha1WithRSAEncryption 02:2a:73:a6:79:ba:42:28:94:95:ce:62:ed:32:72:54:65:3f: 25:af:81:98:56:a7:1d:f0:6b:d2:23:b9:30:22:40:66:76:ee: 8b:a5:2d:aa:89:34:f5:dc:e9:7f:f1:c2:cf:d8:7e:01:a2:11: 72:44:5a:0e:1c:39:83:0c:12:ee:6b:fd:85:24:ea:29:b8:ca: 0a:70:71:ac:e3:02:12:2e:b1:ef:a7:9e:4e:d9:6c:68:b7:63: 55:95:89:40:29:60:d4:0d:fa:28:a6:a8:02:31:e8:49:35:f4: 68:c5:63:32:90:14:2c:65:67:17:fd:c2:ef:99:4b:cd:65:3a: 0c:db #entrustssl-entrustssl Certificate: Data: Version: 3 (0x2) Serial Number: 927650371 (0x374ad243) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority Validity Not Before: May 25 16:09:40 1999 GMT Not After : May 25 16:39:40 2019 GMT Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff: af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1: 0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81: 26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71: d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24: da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29: 92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8: ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81: b1:16:19:61:b9:54:b6:e6:43 Exponent: 3 (0x3) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 CRL Distribution Points: DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1 URI:http://www.entrust.net/CRL/net1.crl X509v3 Private Key Usage Period: Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A X509v3 Subject Key Identifier: F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A X509v3 Basic Constraints: CA:TRUE 1.2.840.113533.7.65.0: 0 ..V4.0.... Signature Algorithm: sha1WithRSAEncryption 90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb: 47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d: f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31: c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb: a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58: 0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54: 73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06: f9:b2
Want can I conclude?
That the view in firefox, OpenSSL and DigiCert seems right and that IE will display the same when the old root certificate is removed from the certificate store. At present I can't tell the exact reason for whats going on here, but i you known I'll be glad to hear of it!
4 comments :
This is due to the fact that your IE7 will ask Microsoft if it is safe to trust the certificate presented.
Microsoft has Root Certificate Program:
http://support.microsoft.com/kb/931125
The members can ask Microsoft to push out new CA certificates.
This is what is going on in IE7 (you get a self-seigned CA certificate from TDC Internet Root CA)
Hi anon
Thank you for you're comment. I still don't get how the 'wrong' certificate got into the chain (upstream)?
Brgds Brian
If the guess wins on the thecasinosource.com subsequent spin, it's released, and the player could pull it back. The guess could not remain in prison on consecutive spins -- a second consecutive zero makes the guess a loser. This is a very favorable rule for the player, and one that's uncommon in the United States.
The croupier often starts the wheel spinning in a counterclockwise direction 온라인카지노 after which spins a small ivory or plastic ball onto the bowl’s again observe in reverse direction|the other way|the incorrect way}. Making outside bets will return you much less cash, however your chances of successful are considerably higher. Bets are positioned on the desk, correlating with the slots the ball can probably land in. People love to comply with the Martingale technique after they play roulette as a result of|as a end result of} it is the easiest betting technique on the planet. If you are be} serious about playing in} roulette for cash, want to|you should|you have to} treat your winnings as if they that they} didn't exist.
Post a Comment