Benutzer mit den meisten Antworten
Server 2012 R2 IIS | SChannel
Frage
-
Hallo,
bei Zugriff via HTTPS treten bei 2 Zertifikaten folgende Fehler auf und die Verbindung mit dem Client wird abgebrochen:
Ereignis 36888, SChannel
Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 80. Der Windows-SChannel-Fehlerstatus lautet: 1101.darauf folgt:
Ereignis 36888, SChannel
Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 80. Der Windows-SChannel-Fehlerstatus lautet: 1250.Auf dem Server befinden sich noch weitere HTTPS Seiten, diese funktionieren einwandfrei. Alle Zertifikate sind ausgestellt worden von thawte.
Die beiden 'defekten' Zertifikate wurden am 29.06.16 ausgestellt und der einzige unterschied zu den restlichen ist die CA, diese ist "thawte DV SSL SHA256 CA".Analyse der "thawte DV SSL SHA256 CA":
Certificate: Data: Version: 3 (0x2) Serial Number: 3e:23:34:5a:ed:2c:0a:51:7b:26:de:d4:80:1d:10:aa Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 Validity Not Before: Jun 10 00:00:00 2014 GMT Not After : Jun 9 23:59:59 2024 GMT Subject: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL SHA256 CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b3:ac:0d:7f:ad:bb:13:4d:94:5f:67:42:6a:d0: 89:71:a9:ed:74:04:93:24:c8:4d:56:a1:f0:91:96: 84:d9:84:6a:cf:52:21:e3:1a:b1:54:4c:e6:c6:9e: 9e:4b:38:a9:96:54:1d:f5:b3:ed:92:04:d0:6e:54: 90:6e:2f:e9:7d:98:b4:8a:2d:12:a3:b4:42:47:1d: 7f:5f:40:e1:fc:7f:91:a6:01:dc:55:a4:50:78:2a: 63:3f:84:7e:2c:c8:2b:21:b6:c6:0e:5e:bc:b8:b1: d4:1b:98:b3:c6:f8:e1:e8:28:ed:32:44:1b:cb:7f: f7:e4:b1:11:eb:c6:08:b0:5b:ee:a8:c2:ec:46:aa: 8f:29:df:b9:b7:a4:03:a0:35:7a:58:3f:8b:29:47: c1:d2:22:fa:2c:c6:c7:6c:cd:d3:f7:58:32:93:94: d1:6f:a9:2a:9c:0f:0a:28:92:ab:14:0a:b6:df:ed: 40:7a:64:07:54:ce:ea:75:97:32:b9:96:a0:75:c9: 77:31:02:74:af:54:77:4f:99:a2:81:4b:79:59:b8: 92:3f:f9:07:ea:42:74:57:2e:35:ec:55:8a:fc:61: 3c:3e:57:71:92:3b:ab:e4:c1:e1:17:2c:64:36:00: 84:b5:7c:1a:7d:b0:41:33:7c:23:f6:4e:77:5a:2c: c1:4b Exponent: 65537 (0x10001) X509v3 extensions: Authority Information Access: OCSP - URI:http://t.symcd.com X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 2.16.840.1.113733.1.7.54 CPS: https://www.thawte.com/cps X509v3 CRL Distribution Points: Full Name: URI:http://t.symcb.com/ThawtePCA-G3.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Alternative Name: DirName:/CN=SymantecPKI-1-695 X509v3 Subject Key Identifier: 7D:29:31:2F:C1:1E:6E:AE:31:05:6A:B3:EB:1C:CD:A9:DD:AE:80:9A X509v3 Authority Key Identifier: keyid:AD:6C:AA:94:60:9C:ED:E4:FF:FA:3E:0A:74:2B:63:03:F7:B6:59:BF Signature Algorithm: sha256WithRSAEncryption 36:ff:a2:f1:1c:7e:b9:51:7b:94:d3:5a:7b:48:25:d3:37:a2: 82:2a:2d:5f:38:1e:87:67:ec:c9:31:ab:d7:92:33:b8:bd:35: ca:b1:80:70:04:82:7c:88:cc:37:2e:16:74:6e:93:40:63:ca: 8d:7b:ff:07:28:e6:f9:33:ab:f0:61:8d:3d:ca:83:c5:50:d8: bd:69:39:1f:ae:bc:b7:ee:15:c5:8d:04:06:20:33:28:04:99: c5:9c:11:f5:01:0f:47:5e:d8:89:99:a5:ce:c2:80:fe:46:fa: ef:b6:1b:a8:91:b2:83:b3:e2:57:0d:1a:e4:96:d5:bc:f7:bd: 6d:03:f8:62:7e:eb:f8:42:09:fe:09:64:a4:c9:5c:b8:d2:39: 0b:79:02:9e:15:39:1d:c0:d9:cd:1c:5f:68:76:8d:f3:1e:2d: fa:bf:a7:49:a2:0d:97:f5:96:c2:e9:6c:d4:cd:47:0b:8b:8a: 01:8b:db:fa:cf:92:75:2e:de:3e:a7:73:b5:fe:03:51:a7:42: c3:c7:42:6b:a9:6f:be:f6:20:e1:8e:bf:9f:09:8e:e5:08:e8: 92:93:77:3e:49:44:9c:7f:e9:79:9d:ff:4b:af:e0:38:57:34: 0d:5f:11:32:12:92:a9:61:88:81:a5:1e:f8:a0:f0:45:5a:86: 71:20:85:85Als Vergleich eine der funktionierenden CA's:
Certificate: Data: Version: 3 (0x2) Serial Number: 2c:69:e1:2f:6a:67:0b:d9:9d:d2:0f:91:9e:f0:9e:51 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA Validity Not Before: Jun 10 00:00:00 2014 GMT Not After : Jun 9 23:59:59 2024 GMT Subject: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL CA - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ea:94:07:85:c8:41:2c:f6:83:12:6c:92:5f:ab: 1f:00:d4:96:6f:74:cd:2e:11:e9:6c:0f:39:01:b9: 48:90:40:39:4d:c4:a2:c8:79:6a:a5:9a:bd:91:44: 65:77:54:ad:ff:25:5f:ee:42:fb:b3:02:0f:ea:5d: 7a:dd:1a:54:9e:d7:73:42:9b:cc:79:5f:c5:4d:f4: b7:0b:18:39:20:7a:dd:50:01:5d:34:45:5f:4c:11: 0e:f5:87:26:26:b4:b0:f3:7e:71:a0:31:71:50:89: 68:5a:63:8a:14:62:e5:8c:3a:16:55:0d:3e:eb:aa: 80:1d:71:7a:e3:87:07:ab:bd:a2:74:cd:da:08:01: 9d:1b:cc:27:88:8c:47:d4:69:25:42:d6:bb:50:6d: 85:50:d0:48:82:0d:08:9f:e9:23:e3:42:c6:3c:98: b8:bb:6e:c5:70:13:df:19:1d:01:fd:d2:b5:4e:e6: 62:f4:07:fa:6b:7d:11:77:c4:62:4f:40:4e:a5:78: 97:ab:2c:4d:0c:a7:7c:c3:c4:50:32:9f:d0:70:9b: 0f:ff:ff:75:59:34:85:ad:49:d5:35:ee:4f:5b:d4: d4:36:95:a0:7e:e8:c5:a1:1c:bd:13:4e:7d:ee:63: 6a:96:19:99:c8:a7:2a:00:e6:51:8d:46:eb:30:58: e8:2d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 2.16.840.1.113733.1.7.54 CPS: https://www.thawte.com/cps X509v3 Key Usage: critical Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://t.symcd.com X509v3 CRL Distribution Points: Full Name: URI:http://t.symcb.com/ThawtePCA.crl X509v3 Subject Alternative Name: DirName:/CN=SymantecPKI-1-698 X509v3 Subject Key Identifier: 9F:B8:C1:A9:6C:F2:F5:C0:22:2A:94:ED:5C:99:AC:D4:EC:D7:C6:07 X509v3 Authority Key Identifier: keyid:7B:5B:45:CF:AF:CE:CB:7A:FD:31:92:1A:6A:B6:F3:46:EB:57:48:50 Signature Algorithm: sha256WithRSAEncryption 53:54:f2:47:a8:02:d7:ef:aa:35:78:be:4a:08:0d:90:18:4b: 6d:9e:2a:53:2b:e9:54:17:77:74:29:7e:d0:37:07:05:b8:e4: fa:b8:b4:63:98:44:dc:c6:4f:81:06:8c:3a:be:c7:30:57:c6: 70:fc:d6:93:19:9f:c3:55:d7:3e:1f:72:8a:9d:30:5a:35:97: 32:cb:63:e4:c6:72:df:fb:68:ca:69:2f:db:cd:50:38:3e:2b: bb:ab:3b:82:c7:fd:4b:9b:bd:7c:41:98:ef:01:53:d8:35:8f: 25:c9:03:06:e6:9c:57:c1:51:0f:9e:f6:7d:93:4d:f8:76:c8: 3a:6b:f4:c4:8f:33:32:7f:9d:21:84:34:d9:a7:f9:92:fa:41: 91:61:84:05:9d:a3:79:46:ce:67:e7:81:f2:5e:ac:4c:bc:a8: ab:6a:6d:15:e2:9c:4e:5a:d9:63:80:bc:f7:42:eb:9a:44:c6: 8c:6b:06:36:b4:8b:32:89:de:c2:f1:a8:26:aa:a9:ac:ff:ea: 71:a6:e7:8c:41:fa:17:35:bb:b3:87:31:a9:93:c2:c8:58:e1: 0a:4e:95:83:9c:b9:ed:3b:a5:ef:08:e0:74:f9:c3:1b:e6:07: a3:ee:07:d7:42:22:79:21:a0:a1:d4:1d:26:d3:d0:d6:a6:5d: 2b:41:c0:79Ich sehe dort keinen gravierenden unterschied, welcher einen fatal-error in SChannel hervorrufen sollte.
Antworten
-
OK, habe die beiden Zertifikate reissuen lassen mit 4096bit und siehe da, es funktioniert. Könnte also sehr wohl an der Key-Length liegen. Für den Vergleich folgen nochmal die Analysen der beiden neuen Zertifikate.
"si"-Neu:
Certificate: Data: Version: 3 (0x2) Serial Number: 1f:0c:5a:e4:0d:16:d2:40:9b:70:24:60:b8:e6:1a:f1 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL SHA256 CA Validity Not Before: Jul 12 00:00:00 2016 GMT Not After : Jun 29 23:59:59 2019 GMT Subject: CN=****si.***.** Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:ad:aa:8d:b9:f0:49:18:c8:5e:8c:95:58:46:bd: db:3a:ca:64:0d:29:a3:e5:4f:2b:22:d0:d1:60:28: b8:1b:0c:38:09:f8:db:46:d4:f3:b6:8a:ab:06:f4: 2a:aa:f7:12:a8:e4:ff:80:58:b5:b9:b3:79:9a:8b: df:fb:4c:3e:47:03:1c:08:69:5b:0c:f6:b6:9d:e4: 71:3e:4e:88:98:bb:eb:8e:b9:5d:2a:d2:d6:2b:3d: d1:37:c1:5e:0b:52:8c:34:ec:05:dd:52:99:06:6a: 20:30:75:0c:1a:9c:d0:75:43:0e:f2:8e:d4:b1:91: 34:b3:25:8f:16:d7:c8:fd:e9:2e:c1:df:8f:70:42: 2e:e9:c7:2b:3c:1c:1f:b3:ed:9d:0b:fd:c6:18:1c: ca:da:05:a0:03:79:e0:a1:d7:dd:73:41:59:57:16: e3:03:25:bb:18:2e:54:25:5b:da:80:67:a1:b2:06: 7b:c3:16:1d:cb:d8:86:19:63:d8:ed:f3:c0:3a:a4: c7:c6:4d:01:73:bc:f9:2f:a5:9a:c2:59:bb:6b:9c: 0f:27:62:b2:0b:59:4c:0a:91:9c:2b:3b:af:01:1c: 47:a5:6b:6e:11:12:4a:4f:ec:7b:e6:eb:d8:14:ce: c9:b1:ad:2f:72:42:a1:1d:ff:73:f7:16:d9:60:cc: be:0a:50:f4:7c:da:ed:ad:9f:33:66:fd:7a:70:22: 07:d1:93:71:65:0d:0c:b3:1c:47:36:63:9e:0b:a2: 20:43:03:32:78:3c:d4:d8:31:8d:37:71:20:99:0d: c7:91:c4:81:99:96:c2:a3:7f:83:a0:43:28:3c:f1: fd:8a:f8:6a:e7:a2:82:50:d0:c6:66:f0:ed:4a:01: 60:9b:61:a0:9a:c8:f0:32:88:41:4b:b0:eb:58:30: e3:66:80:2d:bc:9f:75:5f:91:d7:37:c9:db:8f:05: 0c:b4:a2:13:14:9c:18:20:34:f4:95:db:6b:af:d6: a1:62:5e:3e:80:9d:7f:85:2b:d6:bc:d2:aa:0c:3b: 31:f9:95:e1:65:ab:64:f6:3f:8c:01:24:14:60:4e: b6:4e:84:f9:92:a3:e7:38:6c:b0:85:03:10:3e:91: a5:47:59:30:7e:ec:af:bf:45:6f:19:1e:86:96:3f: 40:98:f2:e3:fc:28:d7:64:96:be:85:81:82:12:7b: 8f:7f:14:27:58:da:d0:25:a2:ca:13:b5:ea:b2:96: ea:a3:50:0d:99:1d:7c:6a:6f:56:6e:44:af:3d:3d: 25:d9:40:27:ee:a8:f5:52:87:52:70:b4:3b:8e:d9: 29:0b:1e:e7:63:4a:67:8a:68:31:75:05:92:63:16: 01:72:c9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:****si.***.** X509v3 Basic Constraints: CA:FALSE X509v3 CRL Distribution Points: Full Name: URI:http://tm.symcb.com/tm.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 CPS: https://www.thawte.com/cps User Notice: Explicit Text: https://www.thawte.com/repository X509v3 Authority Key Identifier: keyid:7D:29:31:2F:C1:1E:6E:AE:31:05:6A:B3:EB:1C:CD:A9:DD:AE:80:9A X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Authority Information Access: OCSP - URI:http://tm.symcd.com CA Issuers - URI:http://tm.symcb.com/tm.crt CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1(0) Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E: 2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC Timestamp : Jul 12 12:08:48.527 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:20:5D:10:40:19:64:42:61:78:55:D4:FC: 71:09:37:F7:EF:87:6C:35:00:3A:99:CF:7F:9B:DA:F1: BD:17:7C:58:02:21:00:9E:ED:00:3A:1A:7B:E7:02:E3: 54:20:00:A8:21:CB:A7:DE:EC:13:C1:AA:60:1A:78:42: A0:BE:B5:8E:B3:D2:A7 Signed Certificate Timestamp: Version : v1(0) Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A: 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10 Timestamp : Jul 12 12:08:48.584 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:62:8A:75:3D:A1:40:CC:81:46:C7:AF:D4: AF:3C:C1:17:EF:C4:68:D6:DE:8D:46:FA:EC:95:48:46: 4F:51:37:52:02:20:61:30:32:32:C0:D8:1C:79:B1:AE: D6:2E:47:07:FB:25:71:36:DD:2B:8E:97:CB:AC:7C:FE: DA:6A:BD:B0:1D:04 Signed Certificate Timestamp: Version : v1(0) Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC: 71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4 Timestamp : Jul 12 12:08:48.584 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:6B:0F:0A:B9:A0:34:90:78:55:C9:D7:35: 7A:4B:08:BF:55:54:17:E3:26:19:2D:C7:4E:DB:B1:CA: D6:39:DD:42:02:21:00:A8:42:7B:E0:69:FC:85:93:A6: 77:FE:C2:02:B1:87:10:A2:BD:0F:8C:E1:90:25:42:7D: 0F:9C:F2:2A:FA:DD:69 Signed Certificate Timestamp: Version : v1(0) Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66: A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB Timestamp : Jul 12 12:08:49.127 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:70:04:4F:DE:CD:27:56:B1:E5:D4:D2:5B: 26:7D:9C:68:AD:97:0F:A5:60:6A:BC:B8:49:C2:0F:9B: AC:25:D2:5B:02:21:00:A9:E2:90:1A:3C:81:AB:DF:2C: 48:58:74:3B:E0:C4:D7:B3:70:80:A9:78:97:BC:FF:F2: A5:DB:EE:9B:94:6C:67 Signature Algorithm: sha256WithRSAEncryption 34:ac:91:5d:4f:22:6c:42:b5:80:5f:26:c5:01:49:2e:8c:32: 7f:87:9f:af:1d:bb:6d:7e:74:49:34:d5:f3:55:80:3f:bf:26: d9:75:0e:ea:61:4c:32:58:d5:cb:7a:69:24:9f:e9:d2:2c:c5: 0b:e4:d1:6d:05:4a:eb:95:32:d5:4f:b1:c2:d8:6b:ae:1b:ab: a0:9c:dd:56:31:aa:33:85:b2:a8:2f:f1:81:f5:71:1c:ac:9e: 79:36:bb:b4:92:4f:2a:b9:70:9c:6e:c2:37:b7:6f:af:df:c1: 97:f7:43:0c:71:b7:42:6e:ab:74:fa:b1:9d:c1:c6:23:15:4d: 39:4f:b1:66:88:ed:2e:68:5f:4c:df:2b:3f:8b:3c:da:de:87: 66:77:45:f8:27:e1:ec:94:ff:9c:35:01:08:6c:0c:12:73:e4: 1c:a2:f8:37:8b:d1:59:82:77:cb:8d:7c:06:a5:47:61:81:74: d7:df:3d:41:24:7e:33:d5:20:6f:02:67:9e:2b:b3:ac:c7:03: ad:33:65:06:04:27:93:0a:e4:f0:de:fa:b9:39:5f:c6:c8:e0: 4c:c9:8c:d1:af:1c:ae:18:36:1e:29:65:f0:ad:bd:b1:d8:05: d2:e9:e5:4c:d8:75:d3:9c:79:21:75:16:2d:8a:6f:a2:82:90: 99:87:c1:fb
"hr"-Neu:
Certificate: Data: Version: 3 (0x2) Serial Number: 5d:79:a3:8a:ca:72:37:b0:38:20:87:37:83:90:ee:6a Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL SHA256 CA Validity Not Before: Jul 12 00:00:00 2016 GMT Not After : Jun 29 23:59:59 2019 GMT Subject: CN=****hr.***.** Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:d8:c8:fc:d2:98:ed:78:c5:5e:dd:b6:30:3d:76: a6:eb:b9:32:2b:f6:13:28:0f:d5:d1:18:30:50:37: d3:d9:5a:40:94:ad:d9:43:86:e1:e3:e7:68:7a:cc: 28:0b:c5:b4:7b:82:4b:6b:5b:47:c7:b9:2a:6c:4f: 1a:fc:1f:64:46:24:31:7a:01:a2:aa:11:32:87:47: 65:c4:c6:3a:07:ba:cc:19:4b:b9:b3:77:b1:3f:7b: fc:90:93:b0:f6:e8:fe:a8:55:ca:04:60:84:ef:1f: a7:73:2d:8a:72:07:4e:bb:c5:eb:1d:bb:23:57:ec: 0e:bb:33:04:28:c9:6d:23:08:b9:a1:31:7e:6e:ef: 2c:ea:3f:d6:0b:24:a5:a3:2e:c8:69:b7:c6:71:15: 93:f6:26:f2:66:ef:47:13:14:82:79:3b:c9:de:c5: 8b:35:f3:b3:51:8a:f7:8f:92:d6:2e:0d:66:c6:7a: fb:3e:2f:c2:1e:2b:96:a6:3e:e0:64:da:72:54:cc: 0e:f7:ac:a1:a1:5e:da:b5:bc:86:4c:07:ac:1e:ea: 2f:65:bb:fa:13:4e:70:18:07:91:8d:20:d9:be:2b: aa:49:04:25:b3:ba:a0:e3:4c:73:fd:fc:98:39:4d: ab:11:46:2b:ee:82:f2:04:8f:6e:62:6d:8e:13:b9: 47:2d:8f:d2:09:dd:4a:19:9f:31:52:93:69:7a:dc: 02:0b:48:7a:70:66:8e:cd:97:a7:19:38:33:0b:63: 1b:e7:aa:a7:5d:0d:d0:05:50:17:47:8e:51:aa:da: 9f:16:54:c5:25:2c:28:fd:6c:cb:28:bf:15:07:c6: 49:97:28:f7:e0:d9:1e:a0:00:8a:5d:ac:d7:d2:bf: af:da:a6:13:f6:70:99:f5:a9:8a:36:98:4c:44:88: fe:4b:56:2b:c2:2d:e4:39:49:28:fd:a6:98:78:68: e3:6d:b0:7b:c6:26:ff:c9:3f:ce:2c:17:b2:d6:79: 8a:f5:f8:b2:31:60:f2:0f:6d:2c:0f:47:08:b2:3e: 80:0e:f4:2c:e2:eb:7a:57:77:cc:be:4d:f6:67:ff: 38:95:b9:d0:45:8e:20:ea:1f:69:50:d2:a3:77:60: 0f:06:28:9b:f1:2b:5a:cd:b5:78:53:09:f5:e1:26: cc:f4:4d:58:76:bd:2d:5d:25:9b:11:a0:c7:5d:0a: 71:a7:7f:9b:9c:2c:a3:d0:c5:d6:d5:d4:ab:da:1c: 1e:db:af:8c:a3:0a:2f:16:6e:ef:6a:3d:7b:6d:2b: ff:f8:d7:8d:3d:d1:93:38:ec:13:15:aa:8e:76:49: 38:43:79:ac:79:af:c1:a3:26:5c:a4:4d:b1:8b:88: 42:7c:81 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:****hr.***.** X509v3 Basic Constraints: CA:FALSE X509v3 CRL Distribution Points: Full Name: URI:http://tm.symcb.com/tm.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 CPS: https://www.thawte.com/cps User Notice: Explicit Text: https://www.thawte.com/repository X509v3 Authority Key Identifier: keyid:7D:29:31:2F:C1:1E:6E:AE:31:05:6A:B3:EB:1C:CD:A9:DD:AE:80:9A X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Authority Information Access: OCSP - URI:http://tm.symcd.com CA Issuers - URI:http://tm.symcb.com/tm.crt CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1(0) Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E: 2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC Timestamp : Jul 12 12:08:14.979 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D3:A5:BE:A1:D2:7C:45:62:94:2A:54: F6:25:22:87:98:11:30:A4:76:2B:64:DF:05:18:59:92: 49:94:B7:E4:7B:02:21:00:83:35:1E:62:D2:86:38:9A: CB:27:89:30:5D:14:CE:D9:87:FB:87:98:DD:80:24:90: 11:C5:B8:58:D4:D9:E9:1B Signed Certificate Timestamp: Version : v1(0) Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A: 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10 Timestamp : Jul 12 12:08:15.036 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AC:56:1B:CE:E1:B4:F4:EF:9B:4D:71: 36:21:27:99:C2:20:63:E6:DA:58:6E:8F:B1:76:5F:22: 1B:1F:1F:80:C9:02:21:00:8C:8C:6D:78:5E:C2:74:1C: 1F:7C:BD:92:68:24:3F:8C:A4:89:82:97:70:E8:A1:C5: 23:18:EB:4A:75:7F:97:A1 Signed Certificate Timestamp: Version : v1(0) Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC: 71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4 Timestamp : Jul 12 12:08:15.030 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:0D:6D:BC:F9:22:AA:43:10:55:D3:C1:C0: CF:DC:78:FF:B7:98:D3:19:49:84:02:19:94:BE:EE:6B: 47:B5:46:18:02:21:00:C5:21:EE:C8:32:9F:BB:9E:AF: 8D:BE:9C:44:47:F2:9F:E9:83:EC:34:2B:19:F4:11:48: FF:8C:81:22:AF:9A:57 Signed Certificate Timestamp: Version : v1(0) Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66: A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB Timestamp : Jul 12 12:08:15.500 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:85:5E:8F:A2:0E:23:62:DA:9A:65:07: 7E:62:C3:56:01:4C:D4:42:16:86:52:A0:AB:56:EF:88: A3:61:3D:AC:A2:02:21:00:F0:98:5A:84:3D:49:20:E8: EA:C9:25:56:0D:C6:E3:13:61:39:72:8F:99:C6:13:8A: EA:1E:C7:A3:31:59:FF:91 Signature Algorithm: sha256WithRSAEncryption 89:f5:e7:88:37:c4:5b:65:b2:65:17:df:ef:de:e7:60:b8:50: ff:37:68:cf:46:d1:58:a1:a6:f6:6d:d1:fd:7d:1c:47:92:a2: 34:97:48:44:5e:68:1a:98:d6:db:55:36:5e:b1:0c:a8:05:4f: 46:90:74:4d:07:32:33:ca:01:a3:50:d1:81:92:9b:6d:11:51: af:a8:82:d3:21:2c:7b:f9:24:c8:56:fa:ec:12:6b:7c:de:3b: 8f:0d:61:9c:92:35:25:55:68:a3:ba:1b:5c:a9:e5:05:18:2f: c7:3b:d6:26:ea:f1:69:f4:1d:7c:71:e0:82:55:98:56:fa:71: 43:55:c8:a4:bd:07:99:07:8c:04:28:20:5b:c3:5c:c9:90:59: e8:81:6c:80:47:f1:8f:3d:f3:d8:b8:93:81:28:87:17:01:18: f1:ce:21:e0:dc:6c:5a:03:8d:c5:72:27:fd:0d:03:78:17:cd: c6:83:44:92:7e:a0:d8:46:57:b1:70:86:10:f1:07:29:b0:66: 49:3b:47:92:03:98:7d:5d:ff:1c:8c:fa:55:9b:35:b7:9e:4e: df:9e:d0:f1:2c:d5:a4:36:9f:ac:ca:82:7e:43:ae:ec:3c:79: b2:53:5a:d5:13:7e:63:74:83:b7:1e:d8:a4:ae:63:3f:2a:1d: 2a:9b:57:80- Als Antwort markiert Arcson Dienstag, 12. Juli 2016 12:36
Alle Antworten
-
Moin,
mach mal einen Dump Von zwei Zertifikaten (funktionierend / nicht funktionierend) mit
certutil -store my <SerialNumber>
und schau, ob sie im gleichen Provider (RSA-CSP / CNG-KSP) gelandet sind.
Evgenij Smirnov
msg services ag, Berlin -> http://www.msg-services.de
my personal blog (mostly German) -> http://it-pro-berlin.de
Windows Server User Group, Berlin -> http://www.winsvr-berlin.de
Mark Minasi Technical Forum, reloaded -> http://newforum.minasi.comIn theory, there is no difference between theory and practice. In practice, there is.
-
Hier einige Ergebnisse von "certutil -store webhosting":
Seriennummer: 2d07122e248fc783a86b8688246fb974 Aussteller: CN=thawte DV SSL CA - G2, OU=Domain Validated SSL, O=thawte, Inc., C=US Nicht vor: 27.01.2015 02:00 Nicht nach: 27.01.2018 01:59 Antragsteller: CN=****hu.***.** Kein Stammzertifikat Zertifikathash(sha1): e3 6c 66 1d 21 bc 90 d1 77 ae b7 39 92 be 15 be e7 00 99 96 Schlüsselcontainer = le-77184581-b334-4c51-8527-90597876db61 Eindeutiger Containername: 7fe2995c59850328295287317b45abfd_8f923a5e-cdb7-4cfb-b16d-6346fb9b91c6 Anbieter = Microsoft RSA SChannel Cryptographic Provider Verschlüsselungstest wurde durchgeführt Seriennummer: 5e415a7d9e6be599c4f133b617052c33 Aussteller: CN=thawte DV SSL CA - G2, OU=Domain Validated SSL, O=thawte, Inc., C=US Nicht vor: 10.06.2016 02:00 Nicht nach: 18.11.2018 01:59 Antragsteller: CN=****mo.***.** Kein Stammzertifikat Zertifikathash(sha1): 95 e3 36 d2 07 1e ef 28 1b 98 3c 9e e0 c4 fd 4e 25 89 5d a6 Schlüsselcontainer = {1767AC9B-E1D0-43D5-826E-A9A79934E227} Eindeutiger Containername: f6c90ea73081cf942e10415d3444446f_8f923a5e-cdb7-4cfb-b16d-6346fb9b91c6 Anbieter = Microsoft Enhanced Cryptographic Provider v1.0 Verschlüsselungstest wurde durchgeführt Seriennummer: 0a5a91fdb3177dfd2233501e396c5113 Aussteller: CN=thawte DV SSL SHA256 CA, OU=Domain Validated SSL, O=thawte, Inc., C=US Nicht vor: 29.06.2016 02:00 Nicht nach: 30.06.2019 01:59 Antragsteller: CN=****hr.***.** Kein Stammzertifikat Zertifikathash(sha1): d1 7a 40 75 84 11 9b 73 69 c6 ee 18 cb 38 91 a1 2e ff e2 ba Schlüsselcontainer = {7C3DAB64-40AD-41AD-882A-B2667F2390F7} Eindeutiger Containername: 9dfe317ef7606f9595d94f5493e95a7e_8f923a5e-cdb7-4cfb-b16d-6346fb9b91c6 Anbieter = Microsoft Enhanced Cryptographic Provider v1.0 Verschlüsselungstest wurde durchgeführt Seriennummer: 3b0dcf1748db88f03e7e6db4ed0f0a95 Aussteller: CN=thawte DV SSL SHA256 CA, OU=Domain Validated SSL, O=thawte, Inc., C=US Nicht vor: 29.06.2016 02:00 Nicht nach: 30.06.2019 01:59 Antragsteller: CN=****si.***.** Kein Stammzertifikat Zertifikathash(sha1): 94 1c 53 c9 13 26 51 db 51 94 98 7e e5 83 44 7a 84 d5 02 73 Schlüsselcontainer = {CDDFF0FC-B001-4EA4-B1AB-674E5C7C35EA} Eindeutiger Containername: 135de0788acc309024753540e387bcf0_8f923a5e-cdb7-4cfb-b16d-6346fb9b91c6 Anbieter = Microsoft Enhanced Cryptographic Provider v1.0 Verschlüsselungstest wurde durchgeführtDie Zertifikate mit CN "hu" und "mo" funktionieren, "hr" und "si" nicht.
Da "mo", "hr" "und "si" dennoch alle denselben Provider ("Microsoft Enhanced Cryptographic Provider v1.0") verwenden, folgen einmal die Analysen der End-Zertifikate."mo":
Certificate: Data: Version: 3 (0x2) Serial Number: 5e:41:5a:7d:9e:6b:e5:99:c4:f1:33:b6:17:05:2c:33 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL CA - G2 Validity Not Before: Jun 10 00:00:00 2016 GMT Not After : Nov 17 23:59:59 2018 GMT Subject: CN=****mo.***.** Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:c4:03:32:ce:20:b6:17:e7:68:f4:d2:42:16:aa: 58:5f:7e:61:b6:31:b5:d6:98:fa:78:a1:43:7f:ac: 74:3e:63:ed:99:64:a4:9f:a2:e9:78:ae:ad:a8:f3: 72:54:88:50:a5:bd:f6:42:73:40:f7:05:25:7f:8e: 1d:67:88:c9:f1:93:96:0c:02:9a:e9:ef:85:33:74: ed:7d:99:ec:d1:39:66:9c:75:60:55:a0:86:65:3a: 5f:c3:1d:6c:02:5c:32:a0:70:48:95:e4:19:72:85: 83:38:35:7b:f4:11:6a:5a:15:36:52:77:95:51:44: 92:8d:cf:d3:91:9c:75:8d:f7:4c:aa:04:75:4c:e5: 2f:0e:de:f6:55:28:bd:38:bb:4b:a4:5a:96:ae:89: ea:82:c3:6c:8d:8b:e3:72:fd:be:52:08:a5:c7:a2: 4e:95:3d:5e:ff:33:6f:47:aa:25:c4:d5:fa:0b:2b: d7:8c:2f:cb:c6:31:f6:6f:b7:00:a3:53:7b:d2:b5: 68:d1:7d:c7:05:6f:a2:77:95:c7:a3:bc:d1:c6:b2: 35:c7:ab:ff:2b:e5:ea:cb:83:75:6b:a8:de:06:5c: 29:0a:9c:47:5f:84:55:4f:54:34:b6:94:a2:b9:5b: c3:3d:ef:09:3f:ec:90:c2:da:41:c5:c6:e8:f3:34: 3e:c4:d1:1d:39:16:db:78:d4:4d:e4:43:f6:91:fa: 2e:5c:47:99:e0:5f:74:3c:5f:c5:07:fd:18:2e:88: 39:e9:0f:86:b9:ef:e9:57:ba:f3:a4:ce:e1:92:14: 46:98:4b:c9:ed:87:d5:d8:78:41:7c:15:8f:75:59: 02:34:55:17:35:3b:55:4e:2b:26:fa:c4:26:86:c8: 2d:48:49:74:9a:90:32:58:ee:5f:22:a6:ca:a6:d1: 9b:be:eb:40:93:44:38:6e:2d:eb:4a:ad:af:84:6e: ef:bd:8e:d6:fb:79:e3:a5:48:3f:16:51:1a:66:e8: 38:8a:2a:89:e0:9c:1b:0a:b1:64:92:34:d2:b6:bc: 6a:50:39:43:74:28:b1:24:d8:4f:3d:3b:c6:0c:67: 0e:c9:17:d9:5d:2e:f7:80:b3:45:f9:73:a8:86:d3: 74:04:c8:8d:89:c7:47:22:cf:3f:35:5a:0a:b8:e3: 8c:fa:9a:ae:0f:2b:79:59:65:55:5c:a0:82:7b:46: ce:f1:28:36:78:c7:2b:87:1e:4f:0b:68:b0:97:d7: d1:61:80:89:6f:c6:aa:44:eb:0d:6f:db:83:c8:38: 5a:95:18:43:fa:95:e5:62:36:06:ee:02:35:be:d7: 10:b3:2d:11:8d:7d:24:9e:a7:ba:44:11:37:e3:14: 53:81:4b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:****mo.***.** X509v3 Basic Constraints: CA:FALSE X509v3 CRL Distribution Points: Full Name: URI:http://tn.symcb.com/tn.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 CPS: https://www.thawte.com/cps User Notice: Explicit Text: https://www.thawte.com/repository X509v3 Authority Key Identifier: keyid:9F:B8:C1:A9:6C:F2:F5:C0:22:2A:94:ED:5C:99:AC:D4:EC:D7:C6:07 X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Authority Information Access: OCSP - URI:http://tn.symcd.com CA Issuers - URI:http://tn.symcb.com/tn.crt CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1(0) Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E: 2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC Timestamp : Jun 10 12:33:25.870 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:0B:0A:E9:D3:4F:ED:7A:B5:D0:D6:86:2B: F0:41:66:B3:A5:58:B2:89:A0:9D:A0:D8:B7:4B:C7:F4: 82:F8:08:9F:02:21:00:81:16:4A:2B:E9:5A:B6:3A:1B: 15:DD:A1:61:14:1F:19:1F:FA:72:18:CD:A1:39:77:CC: 92:D6:D0:98:86:67:F8 Signed Certificate Timestamp: Version : v1(0) Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A: 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10 Timestamp : Jun 10 12:33:25.907 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:39:C7:D0:F4:BA:60:BC:15:A8:71:4D:3A: 2E:40:FB:53:67:D4:19:1E:63:E7:5C:3B:2F:2B:02:20: ED:4A:42:4B:02:20:76:E6:09:8C:C1:B1:CC:D3:3A:B0: B1:AC:62:CF:74:E9:40:72:13:43:7D:8B:E8:A9:AB:E3: 82:3C:8B:94:09:3F Signed Certificate Timestamp: Version : v1(0) Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC: 71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4 Timestamp : Jun 10 12:33:25.917 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:D5:91:25:5B:32:C3:EC:AD:17:E9:E5: 18:18:C8:D6:98:E2:7E:4C:4C:78:09:83:AF:27:16:2B: 44:F3:B3:A6:15:02:20:17:60:FA:9C:D5:3F:FF:05:3A: F0:16:90:13:6F:2D:94:7E:6E:F3:16:3C:65:7D:D0:CE: FC:96:EF:E3:5C:A8:03 Signed Certificate Timestamp: Version : v1(0) Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66: A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB Timestamp : Jun 10 12:33:26.025 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:61:FC:2A:59:5D:72:4F:A9:4B:A5:82:F1: 54:45:54:A1:15:B4:18:18:C8:D5:86:B2:9C:A8:AA:C4: 1F:DD:F3:6E:02:21:00:9A:FF:84:20:17:46:76:EA:50: 5B:7B:51:C4:2C:D0:69:5E:EF:2A:8F:51:99:8A:C4:7E: 83:D5:05:74:F6:C6:D9 Signature Algorithm: sha256WithRSAEncryption 34:a0:f4:c3:5a:b9:ca:2d:72:5e:d4:0f:c2:5b:2d:7a:81:1c: 2c:74:a1:71:49:4b:85:89:25:98:93:6f:82:34:d0:87:8d:4f: 96:75:a2:90:4d:b1:df:3f:96:f3:18:13:72:e7:af:7d:46:06: 5c:4a:07:ea:06:94:0f:94:43:90:55:b2:d9:38:6d:c8:5f:6c: 5d:8b:95:d0:22:8e:42:6d:e6:2e:04:8a:3d:ff:1e:1c:70:ee: 65:63:1c:c9:32:02:df:a1:82:06:ce:18:c6:75:3f:88:4a:62: fe:df:7b:1e:86:5f:5d:37:91:e3:65:b5:e3:fa:82:f7:d1:6d: be:63:85:dd:e5:47:33:91:96:2a:51:cd:e6:63:99:4b:59:be: 35:ba:4a:2f:fc:1e:73:5e:71:be:f4:ba:d6:10:b3:e5:2b:7e: e0:5d:c0:26:d3:86:c0:31:67:06:86:80:68:50:a6:38:86:ca: ba:82:b2:5a:c0:ed:25:35:f1:33:ee:f4:98:83:28:67:ec:93: 76:f3:ea:3f:36:38:ea:d6:df:0a:57:8b:36:3d:d3:53:2b:81: 61:27:b3:53:d6:df:98:04:8e:b3:4e:77:94:52:13:d8:39:a1: 5b:91:f3:17:6b:d8:5c:31:4d:c1:a9:c8:74:5d:37:94:95:48: ef:b7:7d:65"hr":
Certificate: Data: Version: 3 (0x2) Serial Number: 0a:5a:91:fd:b3:17:7d:fd:22:33:50:1e:39:6c:51:13 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL SHA256 CA Validity Not Before: Jun 29 00:00:00 2016 GMT Not After : Jun 29 23:59:59 2019 GMT Subject: CN=****hr.***.** Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4048 bit) Modulus: 00:b5:dd:c7:bc:47:51:e7:ae:64:34:00:20:0c:e1: 1c:0d:e3:1c:66:ed:c0:da:19:97:4f:1c:6e:d4:ce: 05:53:10:42:ea:75:82:22:a4:2d:0e:e8:24:97:8f: 57:bd:1f:a7:c1:e2:40:00:c2:09:f0:bd:59:1f:a9: b7:2b:c5:72:79:49:e1:58:71:19:15:6c:78:ea:68: 2e:bd:7a:15:9e:6a:52:1a:97:37:d2:5a:fb:39:9c: dc:e5:8e:5b:d8:e4:d7:a7:0f:2b:b6:f7:33:41:e8: 11:2f:88:41:c5:7f:56:17:77:ab:99:e0:f3:32:34: b0:5a:3f:f6:fc:3b:b3:2f:27:00:d6:20:c3:d1:81: cc:98:d3:cd:be:17:2e:f7:1a:16:96:0b:37:2c:14: 31:e5:39:01:91:c6:7a:5d:5b:3c:6c:f1:5f:a5:37: 96:24:03:a7:be:7a:a1:54:7c:d8:ea:c9:b1:d0:07: a5:5d:ea:e4:90:6a:03:87:5e:af:ac:e9:7f:6f:db: 08:d4:8c:a9:0e:bc:75:d7:61:f6:28:25:1d:ab:33: 2a:00:f4:46:12:39:98:0a:d3:dd:ed:56:6b:15:d5: cb:a3:a5:7f:4b:73:4a:31:0b:e3:cf:53:76:9d:28: b1:4f:13:fe:56:2f:48:ab:31:01:7e:18:17:3f:dd: b0:04:d8:d6:94:04:6f:3d:90:ff:9e:4a:f9:37:a8: 41:27:9e:36:3d:f7:0b:60:20:8e:75:cb:e6:7e:de: 63:5d:16:16:7e:f6:20:c0:72:39:59:f2:b1:72:8b: ff:15:30:57:0e:af:68:93:24:88:ac:a7:45:43:ec: a6:06:43:29:ed:61:8d:07:9d:62:57:15:3d:85:5d: ea:91:6c:c7:80:21:4f:c7:a3:96:0f:4b:17:1c:c9: 39:97:90:50:21:62:a3:83:71:84:ab:a2:1a:7b:61: fb:b4:36:de:05:f6:81:36:d4:72:ef:6b:c6:8b:8d: 0f:5f:d7:04:0c:dc:18:c6:40:86:d5:11:0b:5a:58: de:45:20:17:5a:d5:48:b8:11:b6:d6:05:80:fa:25: 07:9f:04:85:02:9f:ed:b4:05:e0:0f:dd:77:61:68: 4a:a6:2b:e2:9b:4b:e8:ca:cd:3b:04:d1:5a:a8:ae: ee:25:db:ac:ed:03:4e:44:79:71:b5:ac:e6:e3:33: 1d:68:f7:12:1c:43:31:16:39:be:12:f3:5b:50:da: 4a:38:3b:f8:e6:1d:51:66:e7:6c:e5:f2:94:5e:0c: b0:01:57:93:0e:68:0f:41:58:7e:c9:b3:ef:b0:52: e8:4f:88:25:00:d1:49:9c:b4:48:23:0f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:****hr.***.** X509v3 Basic Constraints: CA:FALSE X509v3 CRL Distribution Points: Full Name: URI:http://tm.symcb.com/tm.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 CPS: https://www.thawte.com/cps User Notice: Explicit Text: https://www.thawte.com/repository X509v3 Authority Key Identifier: keyid:7D:29:31:2F:C1:1E:6E:AE:31:05:6A:B3:EB:1C:CD:A9:DD:AE:80:9A X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Authority Information Access: OCSP - URI:http://tm.symcd.com CA Issuers - URI:http://tm.symcb.com/tm.crt CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1(0) Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E: 2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC Timestamp : Jun 29 14:58:40.476 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:2A:8B:12:D4:B4:B2:D6:56:A6:A8:A6:2C: E2:38:5C:78:AE:02:18:52:4B:CA:68:58:B8:CA:29:C7: D0:8C:AD:67:02:20:52:D9:9F:78:5F:28:59:EE:4F:99: D8:D7:73:E5:CA:0A:D1:79:C6:62:15:19:01:18:F0:71: AC:19:67:6F:79:D3 Signed Certificate Timestamp: Version : v1(0) Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A: 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10 Timestamp : Jun 29 14:58:40.538 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:16:06:54:6C:A5:7F:B0:FB:94:46:7D:E2: 04:F5:2D:9F:D9:40:56:A9:A9:FA:76:F0:29:8F:B7:CC: AD:08:67:CE:02:20:1F:9F:CC:9D:2E:F0:E8:BA:D0:B0: 15:EC:5F:FE:3F:73:D2:20:5F:7C:42:34:A7:FE:77:09: A1:84:85:6F:A7:AA Signed Certificate Timestamp: Version : v1(0) Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC: 71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4 Timestamp : Jun 29 14:58:40.508 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:B2:DE:BA:99:9C:DB:07:41:6B:D1:BD: AF:9A:24:7F:22:22:D1:03:A5:90:30:CA:EB:4E:C4:8A: 04:62:CB:5D:2B:02:21:00:E8:60:5A:C2:7A:E0:6A:7B: 67:60:CD:B2:F8:37:E1:51:BB:F8:30:AF:14:8F:3F:CC: 32:5B:81:EC:9D:35:ED:DF Signed Certificate Timestamp: Version : v1(0) Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66: A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB Timestamp : Jun 29 14:58:40.991 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:30:C4:15:86:6B:12:C9:69:7D:06:B5:32: C7:E4:2C:8E:CA:44:EE:1B:38:C8:53:4C:49:C3:98:BE: E3:C6:A5:CD:02:20:56:F8:2D:B4:FC:01:40:CD:BB:AD: 81:6F:75:FA:C9:CE:94:CB:AF:FC:F9:61:84:48:C7:FA: 30:8B:78:FB:F2:AC Signature Algorithm: sha256WithRSAEncryption 37:72:ff:b7:9c:a9:43:8b:8c:b4:70:87:4f:32:1c:a7:09:68: 73:20:4f:34:0f:ee:fe:8a:70:b4:eb:76:07:09:8e:da:bd:56: a4:65:6e:97:5d:f0:e5:09:0e:80:94:5a:a3:d5:4b:32:c2:d2: 01:d5:48:f3:97:03:f0:00:e7:89:77:ff:e1:66:ad:0c:df:38: cf:0e:d2:51:3d:6a:57:5f:df:23:95:3b:5d:4b:5b:73:ee:aa: dc:ef:e9:c5:7a:59:2a:ee:75:5d:3c:7f:35:7b:b3:f2:fa:0a: 03:a0:46:d1:38:80:4a:09:de:36:cc:f2:3a:88:22:f7:17:e5: b9:91:11:a1:72:81:b5:1c:1b:fa:5c:43:bb:7a:16:79:52:81: df:49:13:70:24:45:e3:24:bd:7e:55:19:14:24:de:72:ef:65: 10:60:0b:51:61:c4:73:55:44:68:61:2c:fe:50:f5:f0:11:b7: a5:6b:62:b5:e9:a4:d0:0d:c1:eb:7c:f3:50:9a:ab:a3:7f:f0: f6:5d:82:22:76:a4:0f:69:12:0d:54:f2:21:74:5e:b2:d8:c6: 1e:26:60:e3:ff:16:bb:6e:ce:b4:bd:19:3f:7d:55:93:c6:23: c9:bf:4b:77:9b:1c:70:5c:e9:ed:fc:50:f6:96:ea:fa:02:bb: 95:35:43:d6"si":
Certificate: Data: Version: 3 (0x2) Serial Number: 3b:0d:cf:17:48:db:88:f0:3e:7e:6d:b4:ed:0f:0a:95 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL SHA256 CA Validity Not Before: Jun 29 00:00:00 2016 GMT Not After : Jun 29 23:59:59 2019 GMT Subject: CN=****si.***.** Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4048 bit) Modulus: 00:c4:4c:5b:b8:e2:9b:98:31:e3:8b:4e:23:ec:74: 1f:c2:16:13:40:e4:f0:e5:2b:92:31:c2:8f:7a:e2: f5:f6:94:ab:74:be:0d:43:88:f9:1b:b8:26:a6:70: 68:10:28:bf:19:39:7c:61:26:cb:5d:93:fe:e0:df: 15:69:02:01:35:31:71:6f:91:14:7d:7c:32:f0:82: ef:36:26:39:fd:4e:b1:08:d8:6e:3e:b2:7e:b1:3f: c7:cf:73:14:c4:ce:53:2d:73:90:b5:db:1d:39:08: 3c:5e:06:b9:64:b3:4f:3f:36:81:64:43:98:2d:a1: 70:3a:67:58:d4:8c:17:3b:82:2e:9f:07:2b:89:ac: d5:10:8f:2d:6c:71:30:ac:95:4f:c2:a6:73:b0:51: f2:79:3a:d6:72:2d:40:bd:01:67:9d:e5:4f:93:ae: 8a:96:a7:29:44:d0:64:4b:fd:56:d2:20:b7:7c:77: aa:7a:7c:5d:8d:e7:47:6e:a8:90:b7:9c:0c:65:73: 2e:d2:1d:bc:d1:c4:ce:1a:2e:49:e5:29:e0:53:ee: bd:4b:7b:79:73:71:2f:ef:88:5e:d2:f5:3d:27:8a: ee:c7:cd:c5:88:fe:39:30:bb:41:42:12:b3:c5:14: b8:6c:75:d4:72:23:ac:cf:5c:a7:c3:37:8f:d2:c5: e5:c4:0e:3d:b4:c8:5f:f9:29:71:af:f4:bc:4b:7a: 3e:a8:6d:c1:f6:67:ff:a6:19:2b:ca:b8:9a:ae:11: 4c:48:cb:1e:fa:a3:46:ee:d1:48:7b:6c:d2:91:fd: 84:3a:e2:29:bd:57:1e:98:3c:98:34:49:e0:c6:f8: f5:72:72:bf:3a:26:d3:9b:8a:28:b8:4c:5f:97:ef: cc:66:eb:c5:4a:be:82:e3:71:41:4a:af:b6:60:de: 43:a6:6c:1e:12:69:c6:35:79:4d:49:9b:ca:fe:38: c1:f3:62:aa:dd:10:02:02:b3:fb:fe:9a:59:8e:c2: 65:0e:59:8f:2b:b6:73:b7:45:a4:54:51:67:e7:e8: 9d:4a:45:32:53:d5:f4:fc:47:f3:f5:fb:71:56:cc: 38:a6:b7:c9:4f:20:79:42:bb:38:77:87:d0:20:28: 0b:bb:3f:50:30:48:ba:fd:0f:9e:f2:d3:4b:12:83: 32:b7:cd:3a:09:a6:81:ee:d0:13:6e:3b:be:03:47: a4:c0:05:c1:31:07:79:75:6f:43:76:10:d0:d9:da: f3:f2:92:f6:2b:2d:3b:21:16:ef:0a:c4:14:dd:fd: 61:81:97:a4:31:27:df:37:32:4e:1d:67:b3:b2:1a: d1:84:20:b0:a9:19:be:a7:f2:9a:f7:37 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:****si.***.** X509v3 Basic Constraints: CA:FALSE X509v3 CRL Distribution Points: Full Name: URI:http://tm.symcb.com/tm.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 CPS: https://www.thawte.com/cps User Notice: Explicit Text: https://www.thawte.com/repository X509v3 Authority Key Identifier: keyid:7D:29:31:2F:C1:1E:6E:AE:31:05:6A:B3:EB:1C:CD:A9:DD:AE:80:9A X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Authority Information Access: OCSP - URI:http://tm.symcd.com CA Issuers - URI:http://tm.symcb.com/tm.crt CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1(0) Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E: 2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC Timestamp : Jun 29 14:58:27.382 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:30:70:F9:34:C1:BD:1C:64:73:F6:2C:6D: 80:A1:E2:37:DE:1F:39:B7:16:AE:DF:E1:83:8F:1A:5C: 5B:67:BA:DC:02:21:00:D5:B9:98:09:54:87:F9:2E:DA: 0C:D6:2D:63:BD:96:B3:58:34:2B:68:0C:C9:ED:24:CC: 4A:92:63:13:72:8F:D6 Signed Certificate Timestamp: Version : v1(0) Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A: 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10 Timestamp : Jun 29 14:58:27.408 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:5A:52:1E:04:D9:9A:69:BA:DB:8D:08:C7: F6:F0:81:52:FF:40:3D:A1:63:1A:AF:9A:04:BF:60:9C: FB:F2:AA:7C:02:21:00:89:14:5F:A9:D2:86:FB:FF:33: 0B:9C:24:0B:CF:0F:E9:2C:56:13:64:9E:66:11:40:A2: 34:59:F5:5C:DF:3B:07 Signed Certificate Timestamp: Version : v1(0) Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC: 71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4 Timestamp : Jun 29 14:58:27.408 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:28:FB:5E:B5:E7:0E:57:31:3F:58:E9:ED: 03:85:1C:61:E2:E8:CD:F4:84:8E:13:A4:35:13:63:8C: 67:4B:88:E9:02:21:00:B1:60:9E:7D:E3:BC:75:B3:D2: BE:72:27:10:0A:EA:53:EA:40:B0:10:1A:E3:98:DC:BA: 8F:A4:61:9C:6F:6F:CD Signed Certificate Timestamp: Version : v1(0) Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66: A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB Timestamp : Jun 29 14:58:27.889 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:D3:A8:AB:D4:65:81:72:E4:94:87:A6: 66:3F:D6:EE:8D:27:17:9F:6A:58:E9:A9:D0:54:E0:02: D8:01:93:8A:2A:02:20:23:AA:D7:2C:1B:B0:49:BD:4D: 07:76:82:88:A7:35:28:70:5B:9F:79:98:50:B9:11:52: 33:B9:2A:AE:27:48:AF Signature Algorithm: sha256WithRSAEncryption 91:a4:99:50:d2:ae:f7:99:76:82:da:15:a1:44:2e:23:c1:d4: 64:e0:67:55:c8:9c:f1:d5:da:41:57:7f:15:c8:f9:64:1a:3b: 80:3c:73:34:3a:51:11:ce:74:05:4d:00:c2:e9:d2:41:be:7b: b3:f7:00:3b:20:8c:ac:d1:cc:7c:7c:b4:b0:cf:03:b4:38:cf: c4:95:0a:0e:18:c8:05:bf:31:0d:80:53:6d:d4:a0:0d:76:a1: 7c:bf:29:98:a7:7c:74:2d:e5:4e:9d:91:d8:05:9c:11:fc:26: 30:f0:a1:17:7d:e2:67:87:7d:d6:2f:0e:45:cc:ca:d6:45:b5: 74:d7:c3:f5:fe:cf:b9:1f:47:5a:ad:67:67:b9:85:2b:f5:10: 7b:b3:c0:46:f1:4b:3c:83:af:ec:6f:42:89:bb:53:f2:d6:67: 0b:d1:4c:66:d3:06:38:a4:de:cf:03:20:af:80:d2:7a:15:08: dd:c0:d8:2e:15:56:a2:1e:7e:70:ca:14:9f:88:f2:24:eb:ad: 63:e0:8c:f7:ec:94:61:88:1a:82:74:ff:18:0f:22:4a:d6:11: d0:1e:4f:56:88:05:13:fa:83:bd:ee:b7:9b:8d:14:59:8b:3c: a3:9d:45:45:78:5c:ce:da:2f:c0:e6:95:37:18:d0:50:b0:9a: e7:c1:f9:2c
Bis auf, dass die Public-Key-Length nur 4048bit statt 4096 umfasst sehe ich dort nichts Auffälliges.
- Bearbeitet Arcson Dienstag, 12. Juli 2016 09:10
-
OK, habe die beiden Zertifikate reissuen lassen mit 4096bit und siehe da, es funktioniert. Könnte also sehr wohl an der Key-Length liegen. Für den Vergleich folgen nochmal die Analysen der beiden neuen Zertifikate.
"si"-Neu:
Certificate: Data: Version: 3 (0x2) Serial Number: 1f:0c:5a:e4:0d:16:d2:40:9b:70:24:60:b8:e6:1a:f1 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL SHA256 CA Validity Not Before: Jul 12 00:00:00 2016 GMT Not After : Jun 29 23:59:59 2019 GMT Subject: CN=****si.***.** Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:ad:aa:8d:b9:f0:49:18:c8:5e:8c:95:58:46:bd: db:3a:ca:64:0d:29:a3:e5:4f:2b:22:d0:d1:60:28: b8:1b:0c:38:09:f8:db:46:d4:f3:b6:8a:ab:06:f4: 2a:aa:f7:12:a8:e4:ff:80:58:b5:b9:b3:79:9a:8b: df:fb:4c:3e:47:03:1c:08:69:5b:0c:f6:b6:9d:e4: 71:3e:4e:88:98:bb:eb:8e:b9:5d:2a:d2:d6:2b:3d: d1:37:c1:5e:0b:52:8c:34:ec:05:dd:52:99:06:6a: 20:30:75:0c:1a:9c:d0:75:43:0e:f2:8e:d4:b1:91: 34:b3:25:8f:16:d7:c8:fd:e9:2e:c1:df:8f:70:42: 2e:e9:c7:2b:3c:1c:1f:b3:ed:9d:0b:fd:c6:18:1c: ca:da:05:a0:03:79:e0:a1:d7:dd:73:41:59:57:16: e3:03:25:bb:18:2e:54:25:5b:da:80:67:a1:b2:06: 7b:c3:16:1d:cb:d8:86:19:63:d8:ed:f3:c0:3a:a4: c7:c6:4d:01:73:bc:f9:2f:a5:9a:c2:59:bb:6b:9c: 0f:27:62:b2:0b:59:4c:0a:91:9c:2b:3b:af:01:1c: 47:a5:6b:6e:11:12:4a:4f:ec:7b:e6:eb:d8:14:ce: c9:b1:ad:2f:72:42:a1:1d:ff:73:f7:16:d9:60:cc: be:0a:50:f4:7c:da:ed:ad:9f:33:66:fd:7a:70:22: 07:d1:93:71:65:0d:0c:b3:1c:47:36:63:9e:0b:a2: 20:43:03:32:78:3c:d4:d8:31:8d:37:71:20:99:0d: c7:91:c4:81:99:96:c2:a3:7f:83:a0:43:28:3c:f1: fd:8a:f8:6a:e7:a2:82:50:d0:c6:66:f0:ed:4a:01: 60:9b:61:a0:9a:c8:f0:32:88:41:4b:b0:eb:58:30: e3:66:80:2d:bc:9f:75:5f:91:d7:37:c9:db:8f:05: 0c:b4:a2:13:14:9c:18:20:34:f4:95:db:6b:af:d6: a1:62:5e:3e:80:9d:7f:85:2b:d6:bc:d2:aa:0c:3b: 31:f9:95:e1:65:ab:64:f6:3f:8c:01:24:14:60:4e: b6:4e:84:f9:92:a3:e7:38:6c:b0:85:03:10:3e:91: a5:47:59:30:7e:ec:af:bf:45:6f:19:1e:86:96:3f: 40:98:f2:e3:fc:28:d7:64:96:be:85:81:82:12:7b: 8f:7f:14:27:58:da:d0:25:a2:ca:13:b5:ea:b2:96: ea:a3:50:0d:99:1d:7c:6a:6f:56:6e:44:af:3d:3d: 25:d9:40:27:ee:a8:f5:52:87:52:70:b4:3b:8e:d9: 29:0b:1e:e7:63:4a:67:8a:68:31:75:05:92:63:16: 01:72:c9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:****si.***.** X509v3 Basic Constraints: CA:FALSE X509v3 CRL Distribution Points: Full Name: URI:http://tm.symcb.com/tm.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 CPS: https://www.thawte.com/cps User Notice: Explicit Text: https://www.thawte.com/repository X509v3 Authority Key Identifier: keyid:7D:29:31:2F:C1:1E:6E:AE:31:05:6A:B3:EB:1C:CD:A9:DD:AE:80:9A X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Authority Information Access: OCSP - URI:http://tm.symcd.com CA Issuers - URI:http://tm.symcb.com/tm.crt CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1(0) Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E: 2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC Timestamp : Jul 12 12:08:48.527 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:20:5D:10:40:19:64:42:61:78:55:D4:FC: 71:09:37:F7:EF:87:6C:35:00:3A:99:CF:7F:9B:DA:F1: BD:17:7C:58:02:21:00:9E:ED:00:3A:1A:7B:E7:02:E3: 54:20:00:A8:21:CB:A7:DE:EC:13:C1:AA:60:1A:78:42: A0:BE:B5:8E:B3:D2:A7 Signed Certificate Timestamp: Version : v1(0) Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A: 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10 Timestamp : Jul 12 12:08:48.584 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:62:8A:75:3D:A1:40:CC:81:46:C7:AF:D4: AF:3C:C1:17:EF:C4:68:D6:DE:8D:46:FA:EC:95:48:46: 4F:51:37:52:02:20:61:30:32:32:C0:D8:1C:79:B1:AE: D6:2E:47:07:FB:25:71:36:DD:2B:8E:97:CB:AC:7C:FE: DA:6A:BD:B0:1D:04 Signed Certificate Timestamp: Version : v1(0) Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC: 71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4 Timestamp : Jul 12 12:08:48.584 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:6B:0F:0A:B9:A0:34:90:78:55:C9:D7:35: 7A:4B:08:BF:55:54:17:E3:26:19:2D:C7:4E:DB:B1:CA: D6:39:DD:42:02:21:00:A8:42:7B:E0:69:FC:85:93:A6: 77:FE:C2:02:B1:87:10:A2:BD:0F:8C:E1:90:25:42:7D: 0F:9C:F2:2A:FA:DD:69 Signed Certificate Timestamp: Version : v1(0) Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66: A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB Timestamp : Jul 12 12:08:49.127 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:70:04:4F:DE:CD:27:56:B1:E5:D4:D2:5B: 26:7D:9C:68:AD:97:0F:A5:60:6A:BC:B8:49:C2:0F:9B: AC:25:D2:5B:02:21:00:A9:E2:90:1A:3C:81:AB:DF:2C: 48:58:74:3B:E0:C4:D7:B3:70:80:A9:78:97:BC:FF:F2: A5:DB:EE:9B:94:6C:67 Signature Algorithm: sha256WithRSAEncryption 34:ac:91:5d:4f:22:6c:42:b5:80:5f:26:c5:01:49:2e:8c:32: 7f:87:9f:af:1d:bb:6d:7e:74:49:34:d5:f3:55:80:3f:bf:26: d9:75:0e:ea:61:4c:32:58:d5:cb:7a:69:24:9f:e9:d2:2c:c5: 0b:e4:d1:6d:05:4a:eb:95:32:d5:4f:b1:c2:d8:6b:ae:1b:ab: a0:9c:dd:56:31:aa:33:85:b2:a8:2f:f1:81:f5:71:1c:ac:9e: 79:36:bb:b4:92:4f:2a:b9:70:9c:6e:c2:37:b7:6f:af:df:c1: 97:f7:43:0c:71:b7:42:6e:ab:74:fa:b1:9d:c1:c6:23:15:4d: 39:4f:b1:66:88:ed:2e:68:5f:4c:df:2b:3f:8b:3c:da:de:87: 66:77:45:f8:27:e1:ec:94:ff:9c:35:01:08:6c:0c:12:73:e4: 1c:a2:f8:37:8b:d1:59:82:77:cb:8d:7c:06:a5:47:61:81:74: d7:df:3d:41:24:7e:33:d5:20:6f:02:67:9e:2b:b3:ac:c7:03: ad:33:65:06:04:27:93:0a:e4:f0:de:fa:b9:39:5f:c6:c8:e0: 4c:c9:8c:d1:af:1c:ae:18:36:1e:29:65:f0:ad:bd:b1:d8:05: d2:e9:e5:4c:d8:75:d3:9c:79:21:75:16:2d:8a:6f:a2:82:90: 99:87:c1:fb
"hr"-Neu:
Certificate: Data: Version: 3 (0x2) Serial Number: 5d:79:a3:8a:ca:72:37:b0:38:20:87:37:83:90:ee:6a Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL SHA256 CA Validity Not Before: Jul 12 00:00:00 2016 GMT Not After : Jun 29 23:59:59 2019 GMT Subject: CN=****hr.***.** Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:d8:c8:fc:d2:98:ed:78:c5:5e:dd:b6:30:3d:76: a6:eb:b9:32:2b:f6:13:28:0f:d5:d1:18:30:50:37: d3:d9:5a:40:94:ad:d9:43:86:e1:e3:e7:68:7a:cc: 28:0b:c5:b4:7b:82:4b:6b:5b:47:c7:b9:2a:6c:4f: 1a:fc:1f:64:46:24:31:7a:01:a2:aa:11:32:87:47: 65:c4:c6:3a:07:ba:cc:19:4b:b9:b3:77:b1:3f:7b: fc:90:93:b0:f6:e8:fe:a8:55:ca:04:60:84:ef:1f: a7:73:2d:8a:72:07:4e:bb:c5:eb:1d:bb:23:57:ec: 0e:bb:33:04:28:c9:6d:23:08:b9:a1:31:7e:6e:ef: 2c:ea:3f:d6:0b:24:a5:a3:2e:c8:69:b7:c6:71:15: 93:f6:26:f2:66:ef:47:13:14:82:79:3b:c9:de:c5: 8b:35:f3:b3:51:8a:f7:8f:92:d6:2e:0d:66:c6:7a: fb:3e:2f:c2:1e:2b:96:a6:3e:e0:64:da:72:54:cc: 0e:f7:ac:a1:a1:5e:da:b5:bc:86:4c:07:ac:1e:ea: 2f:65:bb:fa:13:4e:70:18:07:91:8d:20:d9:be:2b: aa:49:04:25:b3:ba:a0:e3:4c:73:fd:fc:98:39:4d: ab:11:46:2b:ee:82:f2:04:8f:6e:62:6d:8e:13:b9: 47:2d:8f:d2:09:dd:4a:19:9f:31:52:93:69:7a:dc: 02:0b:48:7a:70:66:8e:cd:97:a7:19:38:33:0b:63: 1b:e7:aa:a7:5d:0d:d0:05:50:17:47:8e:51:aa:da: 9f:16:54:c5:25:2c:28:fd:6c:cb:28:bf:15:07:c6: 49:97:28:f7:e0:d9:1e:a0:00:8a:5d:ac:d7:d2:bf: af:da:a6:13:f6:70:99:f5:a9:8a:36:98:4c:44:88: fe:4b:56:2b:c2:2d:e4:39:49:28:fd:a6:98:78:68: e3:6d:b0:7b:c6:26:ff:c9:3f:ce:2c:17:b2:d6:79: 8a:f5:f8:b2:31:60:f2:0f:6d:2c:0f:47:08:b2:3e: 80:0e:f4:2c:e2:eb:7a:57:77:cc:be:4d:f6:67:ff: 38:95:b9:d0:45:8e:20:ea:1f:69:50:d2:a3:77:60: 0f:06:28:9b:f1:2b:5a:cd:b5:78:53:09:f5:e1:26: cc:f4:4d:58:76:bd:2d:5d:25:9b:11:a0:c7:5d:0a: 71:a7:7f:9b:9c:2c:a3:d0:c5:d6:d5:d4:ab:da:1c: 1e:db:af:8c:a3:0a:2f:16:6e:ef:6a:3d:7b:6d:2b: ff:f8:d7:8d:3d:d1:93:38:ec:13:15:aa:8e:76:49: 38:43:79:ac:79:af:c1:a3:26:5c:a4:4d:b1:8b:88: 42:7c:81 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:****hr.***.** X509v3 Basic Constraints: CA:FALSE X509v3 CRL Distribution Points: Full Name: URI:http://tm.symcb.com/tm.crl X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 CPS: https://www.thawte.com/cps User Notice: Explicit Text: https://www.thawte.com/repository X509v3 Authority Key Identifier: keyid:7D:29:31:2F:C1:1E:6E:AE:31:05:6A:B3:EB:1C:CD:A9:DD:AE:80:9A X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Authority Information Access: OCSP - URI:http://tm.symcd.com CA Issuers - URI:http://tm.symcb.com/tm.crt CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1(0) Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E: 2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC Timestamp : Jul 12 12:08:14.979 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:D3:A5:BE:A1:D2:7C:45:62:94:2A:54: F6:25:22:87:98:11:30:A4:76:2B:64:DF:05:18:59:92: 49:94:B7:E4:7B:02:21:00:83:35:1E:62:D2:86:38:9A: CB:27:89:30:5D:14:CE:D9:87:FB:87:98:DD:80:24:90: 11:C5:B8:58:D4:D9:E9:1B Signed Certificate Timestamp: Version : v1(0) Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A: 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10 Timestamp : Jul 12 12:08:15.036 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:AC:56:1B:CE:E1:B4:F4:EF:9B:4D:71: 36:21:27:99:C2:20:63:E6:DA:58:6E:8F:B1:76:5F:22: 1B:1F:1F:80:C9:02:21:00:8C:8C:6D:78:5E:C2:74:1C: 1F:7C:BD:92:68:24:3F:8C:A4:89:82:97:70:E8:A1:C5: 23:18:EB:4A:75:7F:97:A1 Signed Certificate Timestamp: Version : v1(0) Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC: 71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4 Timestamp : Jul 12 12:08:15.030 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:0D:6D:BC:F9:22:AA:43:10:55:D3:C1:C0: CF:DC:78:FF:B7:98:D3:19:49:84:02:19:94:BE:EE:6B: 47:B5:46:18:02:21:00:C5:21:EE:C8:32:9F:BB:9E:AF: 8D:BE:9C:44:47:F2:9F:E9:83:EC:34:2B:19:F4:11:48: FF:8C:81:22:AF:9A:57 Signed Certificate Timestamp: Version : v1(0) Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66: A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB Timestamp : Jul 12 12:08:15.500 2016 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:85:5E:8F:A2:0E:23:62:DA:9A:65:07: 7E:62:C3:56:01:4C:D4:42:16:86:52:A0:AB:56:EF:88: A3:61:3D:AC:A2:02:21:00:F0:98:5A:84:3D:49:20:E8: EA:C9:25:56:0D:C6:E3:13:61:39:72:8F:99:C6:13:8A: EA:1E:C7:A3:31:59:FF:91 Signature Algorithm: sha256WithRSAEncryption 89:f5:e7:88:37:c4:5b:65:b2:65:17:df:ef:de:e7:60:b8:50: ff:37:68:cf:46:d1:58:a1:a6:f6:6d:d1:fd:7d:1c:47:92:a2: 34:97:48:44:5e:68:1a:98:d6:db:55:36:5e:b1:0c:a8:05:4f: 46:90:74:4d:07:32:33:ca:01:a3:50:d1:81:92:9b:6d:11:51: af:a8:82:d3:21:2c:7b:f9:24:c8:56:fa:ec:12:6b:7c:de:3b: 8f:0d:61:9c:92:35:25:55:68:a3:ba:1b:5c:a9:e5:05:18:2f: c7:3b:d6:26:ea:f1:69:f4:1d:7c:71:e0:82:55:98:56:fa:71: 43:55:c8:a4:bd:07:99:07:8c:04:28:20:5b:c3:5c:c9:90:59: e8:81:6c:80:47:f1:8f:3d:f3:d8:b8:93:81:28:87:17:01:18: f1:ce:21:e0:dc:6c:5a:03:8d:c5:72:27:fd:0d:03:78:17:cd: c6:83:44:92:7e:a0:d8:46:57:b1:70:86:10:f1:07:29:b0:66: 49:3b:47:92:03:98:7d:5d:ff:1c:8c:fa:55:9b:35:b7:9e:4e: df:9e:d0:f1:2c:d5:a4:36:9f:ac:ca:82:7e:43:ae:ec:3c:79: b2:53:5a:d5:13:7e:63:74:83:b7:1e:d8:a4:ae:63:3f:2a:1d: 2a:9b:57:80- Als Antwort markiert Arcson Dienstag, 12. Juli 2016 12:36
